Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Win64/Sirefef.AE


  • This topic is locked This topic is locked
16 replies to this topic

#1 roguetrooper

roguetrooper

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 10 June 2012 - 09:00 PM

Hi...
I seem to have picked up a tricky to remove Trojan in my travels ... i get a regular notification from Nod32
11/06/2012 02:48:31 Real-time file system protection file F:\Windows\Installer\{f9dedb38-b63c-7edb-4bbc-8af06e9f5677}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: F:\Windows\System32\services.exe.
Unfortunately its a recurring problem and it has stopped windows firewall and the like from operating...

Contents of DDS.txt is as follows
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by P1 at 2:44:49 on 2012-06-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.2456 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
F:\Windows\system32\wininit.exe
F:\Windows\system32\lsm.exe
F:\Windows\system32\svchost.exe -k DcomLaunch
F:\Windows\system32\nvvsvc.exe
F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
F:\Windows\system32\svchost.exe -k RPCSS
F:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
F:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
F:\Windows\system32\svchost.exe -k netsvcs
F:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
F:\Windows\system32\svchost.exe -k LocalService
F:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
F:\Windows\system32\nvvsvc.exe
F:\Windows\system32\svchost.exe -k NetworkService
F:\Windows\System32\spoolsv.exe
F:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
F:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
F:\Windows\system32\Dwm.exe
F:\Windows\system32\taskhost.exe
F:\Windows\Explorer.EXE
F:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
F:\Windows\SysWOW64\PnkBstrA.exe
F:\Windows\system32\spool\DRIVERS\x64\3\HP2014MC.EXE
F:\Windows\system32\svchost.exe -k imgsvc
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
F:\Program Files\Windows Sidebar\sidebar.exe
F:\Program Files (x86)\Linksys\KiSS PC-Link\KiSS_PC-Link.exe
F:\Program Files\UltraMon\UltraMon.exe
F:\Windows\SysWOW64\rundll32.exe
F:\Program Files\UltraMon\UltraMonTaskbar.exe
F:\Windows\system32\SearchIndexer.exe
F:\Windows\system32\wbem\wmiprvse.exe
F:\Program Files\Windows Media Player\wmpnetwk.exe
F:\Windows\SysWOW64\DllHost.exe
F:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
F:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
F:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
F:\Program Files\UltraMon\UltraMonUiAcc.exe
F:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
F:\Program Files (x86)\Internet Explorer\iexplore.exe
F:\Program Files (x86)\Internet Explorer\iexplore.exe
F:\Windows\system32\svchost.exe -k SDRSVC
F:\Program Files (x86)\Internet Explorer\iexplore.exe
F:\Program Files (x86)\Internet Explorer\iexplore.exe
F:\Program Files (x86)\Windows Live\Companion\companionuser.exe
F:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
F:\Windows\System32\svchost.exe -k swprv
F:\Windows\system32\DllHost.exe
F:\Windows\system32\DllHost.exe
F:\Windows\SysWOW64\cmd.exe
F:\Windows\system32\conhost.exe
F:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - F:\Program Files (x86)\iprivobar\prxtbipri.dll
mURLSearchHooks: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - F:\Program Files (x86)\iprivobar\prxtbipri.dll
mWinlogon: Userinit=userinit.exe
uWindows: Load=F:\Users\P1\AppData\Local\Temp\{76836~1.EXE
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - F:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - F:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - F:\Program Files (x86)\iprivobar\prxtbipri.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - F:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - F:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - F:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - F:\Program Files (x86)\iprivobar\prxtbipri.dll
uRun: [Sidebar] F:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
StartupFolder: F:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KISSPC~1.LNK - F:\Program Files (x86)\Linksys\KiSS PC-Link\KiSS_PC-Link.exe
StartupFolder: F:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - F:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - F:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - F:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/pcpitstop.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{173255B8-5F3A-456D-9D0A-44A5C7100E44} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - F:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - F:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - F:\Program Files (x86)\iprivobar\prxtbipri.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - F:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - F:\Program Files (x86)\iprivobar\prxtbipri.dll
mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
Hosts: 74.113.152.32 istockphoto.com
Hosts: 208.94.0.38 yfrog.com
Hosts: 63.309.5.102 virustotal.com
Hosts: 123.125.50.22 126.com
Hosts: 174.36.28.11 SlideShare.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - F:\Users\P1\AppData\Roaming\Mozilla\Firefox\Profiles\b1zpuzck.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: F:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: F:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: F:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: F:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: F:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: f:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: F:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: F:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: F:\Users\P1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SandBox;SandBox;F:\Windows\system32\drivers\SandBox64.sys --> F:\Windows\system32\drivers\SandBox64.sys [?]
R1 afw;Agnitum Firewall Driver;F:\Windows\system32\DRIVERS\afw.sys --> F:\Windows\system32\DRIVERS\afw.sys [?]
R1 SASDIFSV;SASDIFSV;F:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;F:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 ekrn;ESET Service;F:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-2-6 727720]
R2 nvUpdatusService;NVIDIA Update Service Daemon;F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-21 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 UltraMonUtility;UltraMon Utility Driver;F:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R3 afwcore;afwcore;F:\Windows\system32\drivers\afwcore.sys --> F:\Windows\system32\drivers\afwcore.sys [?]
R3 MOSUMAC;USB-Ethernet Driver;F:\Windows\system32\DRIVERS\USBMAC64.SYS --> F:\Windows\system32\DRIVERS\USBMAC64.SYS [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;F:\Windows\system32\DRIVERS\yk62x64.sys --> F:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 acssrv;Agnitum Client Security Service;F:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe --> F:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;F:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfpr;epfwwfpr;F:\Windows\system32\DRIVERS\epfwwfpr.sys --> F:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 257696]
S3 ASWFilt;ASWFilt;\??\F:\Windows\system32\Filt\ASWFilt64.dll --> F:\Windows\system32\Filt\ASWFilt64.dll [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;F:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-20 79360]
S3 efavdrv;efavdrv;\??\F:\Windows\system32\drivers\efavdrv.sys --> F:\Windows\system32\drivers\efavdrv.sys [?]
S3 Razerlow;Razer Pro|Solutions;F:\Windows\system32\drivers\DB3G.sys --> F:\Windows\system32\drivers\DB3G.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;F:\Windows\system32\drivers\rdpvideominiport.sys --> F:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RivaTuner64;RivaTuner64;F:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;F:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-4-16 151064]
S3 TsUsbFlt;TsUsbFlt;F:\Windows\system32\drivers\tsusbflt.sys --> F:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;F:\Windows\system32\Wat\WatAdminSvc.exe --> F:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 !SASCORE;SAS Core Service;F:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
S4 AdobeARMservice;Adobe Acrobat Update Service;F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S4 gupdate;Google Update Service (gupdate);F:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-16 136176]
S4 gupdatem;Google Update Service (gupdatem);F:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-16 136176]
S4 wlcrasvc;Windows Live Mesh remote connections service;F:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-10 14:00:17 -------- d-----w- F:\Users\P1\AppData\Local\{53FE79F1-A9C0-4FB9-8440-2E05B6CA4211}
2012-06-10 14:00:04 -------- d-----w- F:\Users\P1\AppData\Local\{0951D285-FC55-4B5F-8433-8567342BB8D6}
2012-06-10 01:59:45 -------- d-----w- F:\Users\P1\AppData\Local\{4AD44FEC-379B-409D-B740-DB81BEAA6C53}
2012-06-10 01:59:33 -------- d-----w- F:\Users\P1\AppData\Local\{7562F6A7-C559-4DC7-AB49-799E20926451}
2012-06-09 13:59:14 -------- d-----w- F:\Users\P1\AppData\Local\{B6BEC5FB-A89C-4DC0-81A8-25F5CB432E17}
2012-06-09 13:59:02 -------- d-----w- F:\Users\P1\AppData\Local\{6D005148-E520-4628-8773-E0F09052514C}
2012-06-09 01:58:41 -------- d-----w- F:\Users\P1\AppData\Local\{7FA599DB-6B90-4435-A802-5A227B1D0898}
2012-06-09 01:58:39 -------- d-----w- F:\Users\P1\AppData\Local\{B9FF1396-9ECC-40B7-9737-34FE88F9F16D}
2012-06-08 23:47:20 -------- d-----w- F:\ProgramData\Sophos
2012-06-08 23:47:15 73728 ----a-r- F:\Users\P1\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-08 23:47:15 73728 ----a-r- F:\Users\P1\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-08 23:47:15 73728 ----a-r- F:\Users\P1\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-06-08 23:47:10 -------- d-----w- F:\Program Files (x86)\Sophos
2012-06-08 23:33:05 139704 ----a-w- F:\Windows\System32\drivers\efavdrv.sys
2012-06-08 20:19:39 -------- d-----w- F:\Users\P1\AppData\Local\Diagnostics
2012-06-08 20:10:23 1250088 ----a-w- F:\Windows\System32\drivers\SandBox64.sys
2012-06-08 20:10:15 444504 ----a-w- F:\Windows\System32\drivers\afwcore.sys
2012-06-08 20:09:55 38488 ----a-w- F:\Windows\System32\drivers\afw.sys
2012-06-08 20:09:26 -------- d-----w- F:\Windows\System32\Filt
2012-06-08 20:09:26 -------- d-----w- F:\Program Files\Agnitum
2012-06-08 20:09:00 -------- d-----w- F:\ProgramData\Agnitum
2012-06-08 14:27:32 103234 ----a-w- F:\ProgramData\1339165538.bdinstall.bin
2012-06-08 13:27:06 221086 ----a-w- F:\ProgramData\1339161741.bdinstall.bin
2012-06-08 13:26:36 -------- d-----w- F:\ProgramData\BDLogging
2012-06-08 13:23:21 -------- d-----w- F:\Users\P1\AppData\Roaming\QuickScan
2012-06-08 13:22:40 -------- d-----w- F:\Program Files\Bitdefender
2012-06-08 13:22:06 -------- d-----w- F:\Program Files\Common Files\Bitdefender
2012-06-08 13:22:04 -------- d-----w- F:\Program Files (x86)\Common Files\Bitdefender
2012-06-08 12:53:56 -------- d-----w- F:\Users\P1\AppData\Local\{BB68BF5F-2197-4B18-8F89-90D5F89550B2}
2012-06-08 12:53:41 -------- d-----w- F:\Users\P1\AppData\Local\{2D5D5F09-F161-4A90-8ED0-A7737F6A160C}
2012-06-08 12:24:29 -------- d-----w- F:\Program Files\SUPERAntiSpyware
2012-06-08 03:18:21 -------- d-sh--w- F:\Windows\System32\%APPDATA%
2012-06-08 00:45:32 -------- d-----w- F:\Users\P1\AppData\Local\{B1E3F570-49C0-4899-A89C-EB108A4098F4}
2012-06-08 00:45:18 -------- d-----w- F:\Users\P1\AppData\Local\{1E47BAE8-8147-47FB-80BF-0AEF3A140533}
2012-06-07 12:45:00 -------- d-----w- F:\Users\P1\AppData\Local\{4F51ADC7-115B-4A75-A914-ED6C51D1FAB5}
2012-06-07 12:44:47 -------- d-----w- F:\Users\P1\AppData\Local\{60F091A0-170E-4511-B91F-9AFE2558CC2D}
2012-06-07 00:44:28 -------- d-----w- F:\Users\P1\AppData\Local\{B1FEB2A3-865E-42D2-A13F-6AE40D2DCE12}
2012-06-07 00:44:14 -------- d-----w- F:\Users\P1\AppData\Local\{86A91A92-6DFA-4E80-99E7-C6E31433779A}
2012-06-06 12:43:54 -------- d-----w- F:\Users\P1\AppData\Local\{042BAC7C-6033-494F-BFE7-033D624B80CE}
2012-06-06 12:43:41 -------- d-----w- F:\Users\P1\AppData\Local\{89840131-4265-4AA6-B904-72984AAADE8B}
2012-06-06 00:43:22 -------- d-----w- F:\Users\P1\AppData\Local\{12D5E4E2-4F79-4DAC-965B-AA9E88CD4748}
2012-06-05 12:43:01 -------- d-----w- F:\Users\P1\AppData\Local\{295A3919-8B04-4792-BBD6-AD13F93BBC5A}
2012-06-05 12:42:47 -------- d-----w- F:\Users\P1\AppData\Local\{64221A55-0573-48A8-A3F3-F455A047136E}
2012-06-05 10:27:35 8955792 ----a-w- F:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4AD3048A-F343-4A7A-91B9-89AA4FC07748}\mpengine.dll
2012-06-05 00:42:28 -------- d-----w- F:\Users\P1\AppData\Local\{78E0A061-B6D8-4BAF-8F46-76F12272423B}
2012-06-04 12:42:08 -------- d-----w- F:\Users\P1\AppData\Local\{9D085DA7-2097-47CD-89C5-E3CE110B5561}
2012-06-04 12:41:54 -------- d-----w- F:\Users\P1\AppData\Local\{8BA211CE-DA5E-4ACF-9EE9-20ED1E0B8FC8}
2012-06-04 00:41:35 -------- d-----w- F:\Users\P1\AppData\Local\{5B52BA52-5A20-4A9C-993B-6B071756B9E6}
2012-06-04 00:41:22 -------- d-----w- F:\Users\P1\AppData\Local\{5DED248F-786B-480F-A9DB-544435DEB808}
2012-06-03 12:41:04 -------- d-----w- F:\Users\P1\AppData\Local\{AAA77765-BDB2-409C-ACE7-696BA139AB6D}
2012-06-03 12:40:50 -------- d-----w- F:\Users\P1\AppData\Local\{A02E5934-E34A-4AF8-B455-125E15398C3B}
2012-06-03 00:40:35 -------- d-----w- F:\Users\P1\AppData\Local\{F9B6655A-0DFB-4F71-A192-33B92541835B}
2012-06-02 12:40:15 -------- d-----w- F:\Users\P1\AppData\Local\{243668E5-4BA7-420F-BDDD-231A6D5E577B}
2012-06-02 12:40:12 -------- d-----w- F:\Users\P1\AppData\Local\{E4497753-75E4-4B16-A266-2A07B5BE397D}
2012-06-02 00:39:53 -------- d-----w- F:\Users\P1\AppData\Local\{D9BF0D82-C2F3-45DB-8117-5C18947076A3}
2012-06-02 00:39:39 -------- d-----w- F:\Users\P1\AppData\Local\{A08C36AE-50DB-4FBE-9CED-A1CE193CFE5D}
2012-06-01 12:39:20 -------- d-----w- F:\Users\P1\AppData\Local\{811657F3-7B8F-4356-ABD3-39D786390FC8}
2012-06-01 12:39:05 -------- d-----w- F:\Users\P1\AppData\Local\{114B57C7-7B66-4772-9482-5DFE25480BD7}
2012-06-01 00:38:46 -------- d-----w- F:\Users\P1\AppData\Local\{5D5633C0-54B4-4A74-A75B-225BB23E7817}
2012-06-01 00:38:31 -------- d-----w- F:\Users\P1\AppData\Local\{4226F95B-CC05-4AA9-AD81-AD8CF311F734}
2012-05-31 12:38:13 -------- d-----w- F:\Users\P1\AppData\Local\{4B81B8D7-1929-4714-A84A-3892CE4D158B}
2012-05-31 12:37:59 -------- d-----w- F:\Users\P1\AppData\Local\{B6000CC8-5058-4EB7-B493-B9F3C9FAF1C8}
2012-05-31 00:37:39 -------- d-----w- F:\Users\P1\AppData\Local\{2C31FF0F-59F8-4609-B615-E7D0CCCBF65D}
2012-05-31 00:37:25 -------- d-----w- F:\Users\P1\AppData\Local\{8D39ED3F-8FDC-43E0-BCCC-53110783B393}
2012-05-30 12:37:05 -------- d-----w- F:\Users\P1\AppData\Local\{BCE3F88F-59BD-4F80-BEDA-AF1C82ADA99D}
2012-05-30 12:36:50 -------- d-----w- F:\Users\P1\AppData\Local\{50F337D9-E477-470E-82ED-392DA63E22D8}
2012-05-30 00:25:19 -------- d-----w- F:\Users\P1\AppData\Local\{DD851871-D4E4-4AB4-8605-95B737541D5C}
2012-05-29 12:25:00 -------- d-----w- F:\Users\P1\AppData\Local\{50FC6A41-99CB-4BB8-9C46-C0E0B8608F12}
2012-05-29 12:24:46 -------- d-----w- F:\Users\P1\AppData\Local\{5C056CE2-7441-4D30-B05B-C9DDD691F02E}
2012-05-29 00:24:28 -------- d-----w- F:\Users\P1\AppData\Local\{C9255CC2-0841-4078-9DC9-48F96C82C57F}
2012-05-28 12:24:08 -------- d-----w- F:\Users\P1\AppData\Local\{A8286DD6-C15D-49F1-ADEF-25B1FC6AAF2D}
2012-05-28 12:23:55 -------- d-----w- F:\Users\P1\AppData\Local\{B314DDFA-D156-405D-9471-0FD8E66D6CBB}
2012-05-28 00:23:36 -------- d-----w- F:\Users\P1\AppData\Local\{D048FEB9-FF6B-4D1E-A980-B980CB0F016F}
2012-05-28 00:23:22 -------- d-----w- F:\Users\P1\AppData\Local\{ACBBD2BB-4E9F-45DC-8EFC-A7870AD3AD8D}
2012-05-27 12:22:58 -------- d-----w- F:\Users\P1\AppData\Local\{9E149FF4-20DC-4F50-9E9F-B9E85622C4C1}
2012-05-27 12:22:43 -------- d-----w- F:\Users\P1\AppData\Local\{8930E3FA-0126-4843-9781-EFEDA7BCAAB5}
2012-05-27 00:22:24 -------- d-----w- F:\Users\P1\AppData\Local\{4CF04AC0-5BB0-4264-99A8-8B644927BD71}
2012-05-27 00:22:11 -------- d-----w- F:\Users\P1\AppData\Local\{3D69498D-A03E-4CCC-A556-E4A5FA1CBD7B}
2012-05-26 12:21:58 -------- d-----w- F:\Users\P1\AppData\Local\{9A66F7C9-8231-4087-BE55-5729E5FB6FB5}
2012-05-26 12:21:44 -------- d-----w- F:\Users\P1\AppData\Local\{8E762D2C-D9B6-43C1-A5B8-CD5AC605F86E}
2012-05-26 00:21:24 -------- d-----w- F:\Users\P1\AppData\Local\{EB8DEE55-C45B-4089-A0E7-65F08E1978FE}
2012-05-26 00:21:10 -------- d-----w- F:\Users\P1\AppData\Local\{776D1BA2-562B-4BDF-85D5-6C91E86D1FA8}
2012-05-25 12:21:01 -------- d-----w- F:\Users\P1\AppData\Local\{E4EF8CA3-404B-4277-95FB-C176BADFF1DF}
2012-05-25 12:20:58 -------- d-----w- F:\Users\P1\AppData\Local\{D7AF20F1-9DED-4A12-B99A-4003EDCA678C}
2012-05-25 00:20:33 -------- d-----w- F:\Users\P1\AppData\Local\{D28E8DC2-4677-4184-94E6-12142D3C6C24}
2012-05-25 00:20:19 -------- d-----w- F:\Users\P1\AppData\Local\{C3A83BA6-4D20-4080-92E9-0BB8AF61F348}
2012-05-24 11:48:41 -------- d-----w- F:\Users\P1\AppData\Local\{97406EBB-BD02-4214-B6F2-7B2AE8E15D5A}
2012-05-24 11:48:27 -------- d-----w- F:\Users\P1\AppData\Local\{2E0367CB-0A95-4C62-8FE3-D81EE8D4F0AC}
2012-05-23 23:48:09 -------- d-----w- F:\Users\P1\AppData\Local\{F24BA936-847C-43BD-BA0A-E68DA5BCC570}
2012-05-23 11:47:50 -------- d-----w- F:\Users\P1\AppData\Local\{A9836994-E9B9-4D8D-BE3E-BE7D157E1821}
2012-05-23 11:47:49 -------- d-----w- F:\Users\P1\AppData\Local\{9F7DB670-7003-4EB6-9672-8E7D3B031E0D}
2012-05-23 11:47:47 -------- d-----w- F:\Users\P1\AppData\Local\{DCB8B166-6CF5-40F6-9921-43D932DB5CE8}
2012-05-23 11:47:34 -------- d-----w- F:\Users\P1\AppData\Local\{C3228BA9-832C-49E4-9215-1224838BD822}
2012-05-22 22:01:22 -------- d-----w- F:\Users\P1\AppData\Local\{D192CD71-77CC-4D6E-87B3-5DE7A19D535D}
2012-05-22 10:01:02 -------- d-----w- F:\Users\P1\AppData\Local\{F2E1A34A-EC8D-4D0A-8DAA-6D47D382DA2E}
2012-05-22 10:00:52 -------- d-----w- F:\Users\P1\AppData\Local\{B0691E1A-9CD3-4754-BF84-D34D234A0A2F}
2012-05-22 10:00:46 -------- d-----w- F:\Users\P1\AppData\Local\{DD2DCE1E-1D02-495C-875F-AF84F1338938}
2012-05-21 16:47:19 -------- d-----w- F:\Users\P1\AppData\Local\{C969F66B-622F-40DA-A07E-C1D90838C390}
2012-05-21 16:47:14 -------- d-----w- F:\Users\P1\AppData\Local\{4880A5A5-0FE9-4F4A-8B85-85F7E87001C9}
2012-05-21 16:47:09 -------- d-----w- F:\Users\P1\AppData\Local\{1678B54F-F81C-4981-A7C9-91F6746D0D6D}
2012-05-21 16:46:53 -------- d-----w- F:\Users\P1\AppData\Local\{3E8A3145-1E5F-4E46-94AB-A5C8B9775986}
2012-05-20 17:21:37 -------- d-----w- F:\Users\P1\AppData\Local\{BCCE4CAE-35E4-4774-B5F9-77B86B5413D2}
2012-05-20 17:21:34 -------- d-----w- F:\Users\P1\AppData\Local\{39C1023D-D424-45EB-B712-E275565AA8C6}
2012-05-20 17:21:32 -------- d-----w- F:\Users\P1\AppData\Local\{9994A1EB-766A-4ACC-9831-C161B754D1B2}
2012-05-20 17:21:18 -------- d-----w- F:\Users\P1\AppData\Local\{89C9126C-0EB4-4F9D-AE59-1983A1C3B755}
2012-05-20 00:17:15 -------- d-----w- F:\Users\P1\AppData\Local\{30AB131B-C644-4624-A200-6EA4F89116D5}
2012-05-20 00:17:02 -------- d-----w- F:\Users\P1\AppData\Local\{0A849583-2F8A-4C2D-A79C-6D9BAA3CE643}
2012-05-19 12:16:41 -------- d-----w- F:\Users\P1\AppData\Local\{626D84CD-83CA-4507-BDDD-D9EB8EB807D8}
2012-05-19 12:16:26 -------- d-----w- F:\Users\P1\AppData\Local\{3B029694-8F06-4FE8-A512-49D8C58DD11D}
2012-05-19 00:16:06 -------- d-----w- F:\Users\P1\AppData\Local\{47C43665-0C8F-4D0F-B120-86261636C51B}
2012-05-19 00:15:52 -------- d-----w- F:\Users\P1\AppData\Local\{AF2B21D1-74DC-4BB0-94C1-4CE2DBF18C94}
2012-05-18 12:15:46 -------- d-----w- F:\Users\P1\AppData\Local\{FD558755-CAED-424F-ABC8-04175BCFDC42}
2012-05-18 12:15:45 -------- d-----w- F:\Users\P1\AppData\Local\{EB232276-1DD1-4E46-978F-5A33076182B9}
2012-05-18 12:15:43 -------- d-----w- F:\Users\P1\AppData\Local\{E1B8AD71-CECC-41A3-A862-CE64C5BC2607}
2012-05-18 12:15:29 -------- d-----w- F:\Users\P1\AppData\Local\{7496E3CF-8CEA-4379-A9F1-5653C4B18D36}
2012-05-17 22:39:52 -------- d-----w- F:\Users\P1\AppData\Local\{65D2E89D-5181-4A74-A9F3-951A1D27FC0B}
2012-05-17 22:39:38 -------- d-----w- F:\Users\P1\AppData\Local\{CB65698A-0115-4882-B6B6-4CB538CCB314}
2012-05-17 10:39:18 -------- d-----w- F:\Users\P1\AppData\Local\{3E610277-4E10-4671-9E6D-610B11132773}
2012-05-17 10:39:04 -------- d-----w- F:\Users\P1\AppData\Local\{943D7348-83D0-4104-B447-3BEF8F536212}
2012-05-16 21:05:23 -------- d-----w- F:\Users\P1\AppData\Local\{3EED9CD9-3AF3-4A8A-8212-E6720CBD06AB}
2012-05-16 19:16:55 -------- d-----w- F:\Users\P1\AppData\Local\Unity
2012-05-16 09:05:04 -------- d-----w- F:\Users\P1\AppData\Local\{5E5A6B4B-2533-4D83-B8CF-3CB397F48140}
2012-05-16 09:05:03 -------- d-----w- F:\Users\P1\AppData\Local\{9B718F5B-7F7C-4F79-9603-3ED9C652117E}
2012-05-16 09:05:01 -------- d-----w- F:\Users\P1\AppData\Local\{D785EA98-87E3-482A-8D35-6354C66D45BD}
2012-05-16 09:04:47 -------- d-----w- F:\Users\P1\AppData\Local\{08FD77D7-D4EE-4ACE-A1CA-470AE242EB8D}
2012-05-15 16:07:36 -------- d-----w- F:\Users\P1\AppData\Local\{D8594AD3-6398-41DA-B2F6-27DED47F9189}
2012-05-15 16:07:34 -------- d-----w- F:\Users\P1\AppData\Local\{2F81D29C-D0D6-4876-9C11-DD5E16E765B8}
2012-05-15 16:07:32 -------- d-----w- F:\Users\P1\AppData\Local\{91F249C3-D22A-44C2-8D3E-F29261E9E260}
2012-05-15 16:07:18 -------- d-----w- F:\Users\P1\AppData\Local\{324732EA-B88B-4783-B5EC-3619E955924A}
2012-05-15 01:47:03 -------- d-----w- F:\Users\P1\AppData\Local\{9C284429-213F-4221-879E-81EB3729D9AE}
2012-05-15 01:46:49 -------- d-----w- F:\Users\P1\AppData\Local\{9EE220C9-4536-458A-BD5F-FB6DD9673A5E}
2012-05-15 01:21:50 423744 ----a-w- F:\Windows\SysWow64\nvStreaming.exe
2012-05-14 13:46:30 -------- d-----w- F:\Users\P1\AppData\Local\{1DC4E672-4543-40EA-8539-2174E51B9A30}
2012-05-14 13:46:16 -------- d-----w- F:\Users\P1\AppData\Local\{71A5074E-E5B6-4540-B865-BBFC0093AA16}
2012-05-14 01:45:58 -------- d-----w- F:\Users\P1\AppData\Local\{223E29A5-2957-4C2A-BC67-FD3B681A73F3}
2012-05-14 01:45:44 -------- d-----w- F:\Users\P1\AppData\Local\{A0FF5475-BC62-4518-9076-CB20B28C1EA5}
2012-05-13 13:45:26 -------- d-----w- F:\Users\P1\AppData\Local\{813583CD-ACE5-49F8-9C44-6CA7414534D7}
2012-05-13 13:45:12 -------- d-----w- F:\Users\P1\AppData\Local\{B2E52A6A-6FD0-4DDE-9177-DB895B67B219}
2012-05-13 01:44:53 -------- d-----w- F:\Users\P1\AppData\Local\{AD0F0DED-F587-4B0B-A96C-91B51E7B228A}
2012-05-12 13:44:33 -------- d-----w- F:\Users\P1\AppData\Local\{E4C91117-E228-4E1E-A3AC-1A8C14F53851}
2012-05-12 13:44:20 -------- d-----w- F:\Users\P1\AppData\Local\{E451AA30-BD72-443F-A0AC-BCE20F93731F}
.
==================== Find3M ====================
.
2012-05-15 09:29:47 889664 ----a-w- F:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- F:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- F:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- F:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- F:\Windows\System32\nvcpl.dll
2012-05-05 23:46:14 70304 ----a-w- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 23:46:14 419488 ----a-w- F:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 23:46:10 8744608 ----a-w- F:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-29 01:00:20 270776 ----a-w- F:\Windows\SysWow64\PnkBstrB.xtr
2012-04-29 01:00:20 270776 ----a-w- F:\Windows\SysWow64\PnkBstrB.exe
2012-04-11 21:48:14 270776 ----a-w- F:\Windows\SysWow64\PnkBstrB.ex0
2012-03-31 06:05:57 5559664 ----a-w- F:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- F:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- F:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- F:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- F:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- F:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 2:45:24.78 ===============


I would appreciate any help in removing this tricky lil **** :)
Thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:01 PM

Posted 10 June 2012 - 11:48 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 roguetrooper

roguetrooper
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 11 June 2012 - 04:19 AM

Thanks for your quick reply ...
Have done as requested but, even though the recovery console says its selected to my Win7 Ult install, the scan results are showing details of my Vista install??

Scan result of Farbar Recovery Scan Tool Version: 10-06-2012 03
Ran by SYSTEM at 11-06-2012 10:07:33
Running from L:\
Windows Vista ™ Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2680184 2009-07-31] (ESET)
HKLM-x32\...\Run: [Diamondback] "C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe" [147456 2007-08-01] ()
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry [x]
HKLM-x32\...\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" [434360 2010-09-26] (iolo technologies, LLC)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\P1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-19] (Microsoft Corporation)
HKU\P1\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun [486856 2008-04-01] (DT Soft Ltd)
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Startup: C:\Users\All Users\Start Menu\Programs\Startup\KiSS PC-Link.lnk
ShortcutTarget: KiSS PC-Link.lnk -> C:\Program Files (x86)\Linksys\KiSS PC-Link\KiSS_PC-Link.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico ()

==================== Services (Whitelisted) ======

3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [23296 2009-02-06] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [727720 2009-02-06] (ESET)
2 gupdate1ca0bab125fcf06; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc [133104 2009-07-23] (Google Inc.)
2 ioloFileInfoList; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [724152 2010-09-26] (iolo technologies, LLC)
2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [724152 2010-09-26] (iolo technologies, LLC)
4 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [279848 2007-06-27] (Nero AG)
2 PD91Agent; "C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe" [1103624 2008-12-31] (Raxco Software, Inc.)
3 PD91Engine; "C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe" [1287944 2008-12-31] (Raxco Software, Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-04-23] ()
4 SLUINotify; C:\Windows\System32\SLUINotify.dll [73216 2009-04-10] ()
2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
4 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607048 2010-02-06] (TuneUp Software)
4 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe" [1353544 2009-10-30] (TuneUp Software)
2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [36168 2009-10-30] (TuneUp Software)
2 UxTuneUp; C:\Windows\SysWow64\uxtuneup.dll [30024 2009-10-30] (TuneUp Software)

========================== Drivers (Whitelisted) =============

2 eamon; C:\Windows\System32\Drivers\eamon.sys [141728 2009-02-06] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [132464 2009-02-06] (ESET)
1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation)
3 ENTECH64; C:\Windows\System32\Drivers\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
3 ENTECH64; C:\Windows\SysWow64\Drivers\ENTECH64.sys [12744 2007-09-07] (EnTech Taiwan)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [120128 2009-02-06] (ESET)
1 FileDisk; C:\Windows\SysWow64\Drivers\FileDisk.sys [9341 2010-06-29] (iolo technologies, LLC (based on original work by Bo Brantén))
3 MOSUMAC; C:\Windows\System32\DRIVERS\M7830A64.SYS [51200 2008-01-27] (--)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
3 P17; C:\Windows\System32\Drivers\P17.sys [1309696 2009-10-15] (Creative Technology Ltd.)
1 PStrip64; C:\Windows\System32\Drivers\PStrip64.sys [13008 2006-09-30] ()
3 Razerlow; C:\Windows\System32\drivers\DB3G.sys [21120 2005-11-06] (Razer (Asia-Pacific) Pte Ltd)
1 SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-04-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [12872 2010-04-15] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [67656 2010-06-24] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2010-10-15] (Duplex Secure Ltd.)
3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2009-10-13] (TuneUp Software)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 cpuz130; \??\C:\Users\P1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 WPRO_40_1340; C:\Windows\System32\drivers\WPRO_40_1340.sys [x]

========================== NetSvcs (Whitelisted) ===========

NETSVC: UxTuneUp -> C:\Windows\System32\uxtuneup.dll (TuneUp Software)

============ One Month Created Files and Folders ==============

2012-06-08 06:25 - 2012-06-08 06:25 - 00001007 ____A C:\bdlog.txt


============ 3 Months Modified Files and Folders =============

2012-06-08 06:25 - 2012-06-08 06:25 - 00001007 ____A C:\bdlog.txt


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-05-27 13:51] - [2009-04-10 15:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4094.49 MB
Available physical RAM: 3519.76 MB
Total Pagefile: 4092.64 MB
Available Pagefile: 3507.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (Vista 64 Ult) (Fixed) (Total:76.68 GB) (Free:23.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Data) (Fixed) (Total:38.33 GB) (Free:15.63 GB) NTFS
3 Drive e: (Games2) (Fixed) (Total:38.28 GB) (Free:7.9 GB) NTFS
4 Drive f: ( Games'3') (Fixed) (Total:186.31 GB) (Free:25.97 GB) NTFS
5 Drive g: (Win 7 Ult) (Fixed) (Total:232.88 GB) (Free:92.71 GB) NTFS
6 Drive h: (Games'1') (Fixed) (Total:74.53 GB) (Free:11.64 GB) NTFS
8 Drive j: (Media) (Fixed) (Total:465.76 GB) (Free:66.24 GB) NTFS
9 Drive k: (Backups) (Fixed) (Total:298.09 GB) (Free:61.09 GB) NTFS
10 Drive l: (DATA) (Removable) (Total:1.89 GB) (Free:1.7 GB) FAT32
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 76 GB 10 MB
Disk 1 Online 38 GB 11 MB
Disk 2 Online 38 GB 6144 KB
Disk 3 Online 186 GB 1024 KB
Disk 4 Online 232 GB 0 B
Disk 5 Online 74 GB 1024 KB
Disk 6 Online 465 GB 1024 KB
Disk 7 Online 298 GB 1024 KB
Disk 8 Online 1935 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 76 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Vista 64 Ul NTFS Partition 76 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 38 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Data NTFS Partition 38 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 38 GB 31 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Games2 NTFS Partition 38 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 186 GB 31 KB

======================================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F Games'3' NTFS Partition 186 GB Healthy

======================================================================================================

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 31 KB

======================================================================================================

Disk: 4
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G Win 7 Ult NTFS Partition 232 GB Healthy

======================================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 31 KB

======================================================================================================

Disk: 5
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 H Games'1' NTFS Partition 74 GB Healthy

======================================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB

======================================================================================================

Disk: 6
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J Media NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 7:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB

======================================================================================================

Disk: 7
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K Backups NTFS Partition 298 GB Healthy

======================================================================================================

Partitions of Disk 8:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1935 MB 16 KB

======================================================================================================

Disk: 8
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L DATA FAT32 Removable 1935 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2011-04-29 11:57

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:01 PM

Posted 11 June 2012 - 06:33 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 roguetrooper

roguetrooper
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 11 June 2012 - 07:51 AM

Combofix log file

ComboFix 12-06-10.01 - P1 11/06/2012 13:21:12.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.2835 [GMT 1:00]
Running from: f:\users\P1\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\programdata\1339161741.bdinstall.bin
f:\programdata\1339165538.bdinstall.bin
f:\users\P1\AppData\Roaming\Microsoft\~DFK27d47ad.tmp
f:\users\P1\AppData\Roaming\Microsoft\1eaadjc.dll
f:\users\P1\AppData\Roaming\Microsoft\bass.dll
f:\users\P1\AppData\Roaming\Microsoft\engine_vx.dll
f:\users\P1\AppData\Roaming\Microsoft\kfgresk.dll
f:\users\P1\AppData\Roaming\Microsoft\mjcriu.dll
f:\users\P1\AppData\Roaming\Microsoft\peaadje.dll
f:\users\P1\AppData\Roaming\Microsoft\qwadjb.dll
f:\users\P1\AppData\Roaming\Microsoft\rsaadjd.dll
.
-- Previous Run --
.
Infected copy of f:\windows\system32\services.exe was found and disinfected
Restored copy from - f:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-08 23:47 . 2012-06-08 23:47 -------- d-----w- f:\programdata\Sophos
2012-06-08 23:47 . 2012-06-08 23:47 73728 ----a-r- f:\users\P1\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-08 23:47 . 2012-06-08 23:47 73728 ----a-r- f:\users\P1\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-08 23:47 . 2012-06-08 23:47 73728 ----a-r- f:\users\P1\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-06-08 23:47 . 2012-06-08 23:47 -------- d-----w- f:\program files (x86)\Sophos
2012-06-08 23:33 . 2012-06-08 23:37 139704 ----a-w- f:\windows\system32\drivers\efavdrv.sys
2012-06-08 20:19 . 2012-06-08 20:19 -------- d-----w- f:\users\P1\AppData\Local\Diagnostics
2012-06-08 20:10 . 2011-06-15 13:22 1250088 ----a-w- f:\windows\system32\drivers\SandBox64.sys
2012-06-08 20:10 . 2011-06-15 13:21 444504 ----a-w- f:\windows\system32\drivers\afwcore.sys
2012-06-08 20:09 . 2011-03-28 17:53 38488 ----a-w- f:\windows\system32\drivers\afw.sys
2012-06-08 20:09 . 2012-06-08 20:50 -------- d-----w- f:\windows\system32\Filt
2012-06-08 20:09 . 2012-06-08 20:09 -------- d-----w- f:\program files\Agnitum
2012-06-08 20:09 . 2012-06-08 20:09 -------- d-----w- f:\programdata\Agnitum
2012-06-08 13:26 . 2012-06-08 13:26 -------- d-----w- f:\programdata\BDLogging
2012-06-08 13:23 . 2012-06-08 13:23 -------- d-----w- f:\users\P1\AppData\Roaming\QuickScan
2012-06-08 13:22 . 2012-06-08 14:28 -------- d-----w- f:\program files\Bitdefender
2012-06-08 13:22 . 2012-06-08 14:27 -------- d-----w- f:\program files\Common Files\Bitdefender
2012-06-08 13:22 . 2012-06-08 13:22 -------- d-----w- f:\program files (x86)\Common Files\Bitdefender
2012-06-08 12:24 . 2012-06-08 12:25 -------- d-----w- f:\program files\SUPERAntiSpyware
2012-06-08 03:18 . 2012-06-08 03:18 -------- d-sh--w- f:\windows\system32\%APPDATA%
2012-05-16 19:16 . 2012-05-16 19:16 -------- d-----w- f:\users\P1\AppData\Local\Unity
2012-05-15 01:21 . 2012-05-15 01:21 423744 ----a-w- f:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 10:48 . 2012-04-23 11:21 68928 ----a-w- f:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-23 11:21 61248 ----a-w- f:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-21 22:01 8105280 ----a-w- f:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-02-21 22:01 18044224 ----a-w- f:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-02-21 22:01 10194752 ----a-w- f:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-02-21 22:01 2741568 ----a-w- f:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-09-24 12:40 1738048 ----a-w- f:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-09-24 12:40 1468224 ----a-w- f:\windows\system32\nvgenco64.dll
2012-05-15 09:29 . 2011-06-21 00:23 889664 ----a-w- f:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-06-21 00:23 63296 ----a-w- f:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-06-21 00:23 118080 ----a-w- f:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-06-21 00:23 3149632 ----a-w- f:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-06-21 00:23 6151488 ----a-w- f:\windows\system32\nvcpl.dll
2012-05-08 17:02 . 2012-06-05 10:27 8955792 ----a-w- f:\programdata\Microsoft\Windows Defender\Definition Updates\{4AD3048A-F343-4A7A-91B9-89AA4FC07748}\mpengine.dll
2012-05-05 23:46 . 2012-04-18 09:16 419488 ----a-w- f:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 23:46 . 2011-05-13 08:39 70304 ----a-w- f:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 23:46 . 2012-04-18 09:46 8744608 ----a-w- f:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-29 01:00 . 2011-05-01 03:24 270776 ----a-w- f:\windows\SysWow64\PnkBstrB.xtr
2012-04-29 01:00 . 2011-04-30 17:09 270776 ----a-w- f:\windows\SysWow64\PnkBstrB.exe
2012-04-11 21:48 . 2011-04-30 17:09 270776 ----a-w- f:\windows\SysWow64\PnkBstrB.ex0
2012-03-31 06:05 . 2012-05-09 08:21 5559664 ----a-w- f:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 08:21 3968368 ----a-w- f:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 08:21 3913072 ----a-w- f:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-09 08:21 3146240 ----a-w- f:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-09 08:20 1918320 ----a-w- f:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-09 08:21 75120 ----a-w- f:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81d24ea1-3106-46a5-a324-fa96b8178519}"= "f:\program files (x86)\iprivobar\prxtbipri.dll" [2011-11-28 181336]
.
[HKEY_CLASSES_ROOT\clsid\{81d24ea1-3106-46a5-a324-fa96b8178519}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{81d24ea1-3106-46a5-a324-fa96b8178519}]
2011-11-28 16:49 181336 ----a-w- f:\program files (x86)\iprivobar\prxtbipri.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{81d24ea1-3106-46a5-a324-fa96b8178519}"= "f:\program files (x86)\iprivobar\prxtbipri.dll" [2011-11-28 181336]
.
[HKEY_CLASSES_ROOT\clsid\{81d24ea1-3106-46a5-a324-fa96b8178519}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="f:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="f:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
.
f:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
KiSS PC-Link.lnk - f:\program files (x86)\Linksys\KiSS PC-Link\KiSS_PC-Link.exe [2011-4-28 651776]
UltraMon.lnk - f:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2011-4-28 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 acssrv;Agnitum Client Security Service;f:\progra~1\Agnitum\OUTPOS~1\acs.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;f:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 ASWFilt;ASWFilt;f:\windows\system32\Filt\ASWFilt64.dll [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;f:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-20 79360]
R3 efavdrv;efavdrv;f:\windows\system32\drivers\efavdrv.sys [x]
R3 Razerlow;Razer Pro|Solutions;f:\windows\system32\drivers\DB3G.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;f:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RivaTuner64;RivaTuner64;f:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-04-08 19952]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;f:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-04-16 151064]
R3 Synth3dVsc;Synth3dVsc;f:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;f:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;f:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;f:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;f:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;f:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R4 AdobeARMservice;Adobe Acrobat Update Service;f:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 gupdate;Google Update Service (gupdate);f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 136176]
R4 gupdatem;Google Update Service (gupdatem);f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 136176]
R4 wlcrasvc;Windows Live Mesh remote connections service;f:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SandBox;SandBox;f:\windows\system32\drivers\SandBox64.sys [x]
S0 sptd;sptd;f:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 afw;Agnitum Firewall Driver;f:\windows\system32\DRIVERS\afw.sys [x]
S1 ehdrv;ehdrv;f:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 ekrn;ESET Service;f:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;f:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;f:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;f:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UltraMonUtility;UltraMon Utility Driver;f:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S3 afwcore;afwcore;f:\windows\system32\drivers\afwcore.sys [x]
S3 MOSUMAC;USB-Ethernet Driver;f:\windows\system32\DRIVERS\USBMAC64.SYS [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;f:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 f:\windows\Tasks\Adobe Flash Player Updater.job
- f:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 23:46]
.
2012-06-10 f:\windows\Tasks\At1.job
- c:\windows\crstk.exe [2011-08-06 00:35]
.
2012-06-11 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 19:03]
.
2012-06-11 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 19:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="f:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2680696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - f:\users\P1\AppData\Roaming\Mozilla\Firefox\Profiles\b1zpuzck.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A} - f:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll
HKLM-Run-OutpostMonitor - f:\progra~1\Agnitum\OUTPOS~1\op_mon.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{81D24EA1-3106-46A5-A324-FA96B8178519}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4d,c1,
85,34,7f,cb,03,dc,32,b9,d6,bd,49,c1,0d
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{A1A7E22D-1587-4230-8F16-081C68D21448}"=hex:51,66,7a,6c,4c,1d,38,12,43,e1,b4,
a5,b5,5b,5e,07,f0,00,4b,5c,6d,8c,50,5c
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:33,ca,9b,97,15,47,cd,01
.
[HKEY_USERS\S-1-5-21-818302674-3230007097-328040447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-818302674-3230007097-328040447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@f:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="f:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="f:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{A23953CB-3147-45D6-A396-992B0666610B}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.314.0"
"UniqueId"="000C4BD34DB9A803"
"ScannerBuild"=dword:000023cf
"ScannerVersionId"=dword:000017bf
"ScannerVersion"="Open window for status."
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\06\18\0e:\0ds"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
f:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
f:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-06-11 13:42:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-11 12:42
.
Pre-Run: 99,509,760,000 bytes free
Post-Run: 99,034,779,648 bytes free
.
- - End Of File - - E67956B5DDE291D17CA50E66D25A2209


Firewall is up and running now and Nod32 has stopped reporting the Trojan and is showing normal status so all looks good so far.. Thanks very much for your help

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:01 PM

Posted 11 June 2012 - 09:09 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 roguetrooper

roguetrooper
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 11 June 2012 - 09:49 AM

15:17:19.0128 4672 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
15:17:19.0769 4672 ============================================================
15:17:19.0769 4672 Current date / time: 2012/06/11 15:17:19.0769
15:17:19.0769 4672 SystemInfo:
15:17:19.0769 4672
15:17:19.0769 4672 OS Version: 6.1.7601 ServicePack: 1.0
15:17:19.0769 4672 Product type: Workstation
15:17:19.0769 4672 ComputerName: P1-PC
15:17:19.0769 4672 UserName: P1
15:17:19.0769 4672 Windows directory: F:\Windows
15:17:19.0769 4672 System windows directory: F:\Windows
15:17:19.0769 4672 Running under WOW64
15:17:19.0769 4672 Processor architecture: Intel x64
15:17:19.0769 4672 Number of processors: 2
15:17:19.0769 4672 Page size: 0x1000
15:17:19.0769 4672 Boot type: Normal boot
15:17:19.0769 4672 ============================================================
15:17:25.0238 4672 Drive \Device\Harddisk0\DR0 - Size: 0x132C467E00 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:17:25.0253 4672 Drive \Device\Harddisk1\DR1 - Size: 0x9961AFE00 (38.35 Gb), SectorSize: 0x200, Cylinders: 0x138D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:17:32.0597 4672 Drive \Device\Harddisk2\DR2 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:17:37.0847 4672 Drive \Device\Harddisk3\DR3 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:17:37.0863 4672 Drive \Device\Harddisk4\DR4 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x764A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
15:17:41.0347 4672 Drive \Device\Harddisk5\DR5 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:17:41.0363 4672 Drive \Device\Harddisk6\DR6 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:17:55.0472 4672 Drive \Device\Harddisk7\DR7 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:18:01.0066 4672 ============================================================
15:18:01.0066 4672 \Device\Harddisk0\DR0:
15:18:01.0066 4672 MBR partitions:
15:18:01.0066 4672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995C65B
15:18:01.0066 4672 \Device\Harddisk1\DR1:
15:18:01.0066 4672 MBR partitions:
15:18:01.0066 4672 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4CAA44D
15:18:01.0066 4672 \Device\Harddisk2\DR2:
15:18:01.0066 4672 MBR partitions:
15:18:01.0066 4672 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C8ED06
15:18:01.0066 4672 \Device\Harddisk3\DR3:
15:18:01.0066 4672 MBR partitions:
15:18:01.0066 4672 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749DD82
15:18:01.0066 4672 \Device\Harddisk4\DR4:
15:18:01.0082 4672 MBR partitions:
15:18:01.0082 4672 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4D61
15:18:01.0082 4672 \Device\Harddisk5\DR5:
15:18:01.0097 4672 MBR partitions:
15:18:01.0097 4672 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
15:18:01.0097 4672 \Device\Harddisk6\DR6:
15:18:01.0097 4672 MBR partitions:
15:18:01.0097 4672 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
15:18:01.0097 4672 \Device\Harddisk7\DR7:
15:18:01.0113 4672 MBR partitions:
15:18:01.0113 4672 \Device\Harddisk7\DR7\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
15:18:01.0113 4672 ============================================================
15:18:01.0128 4672 C: <-> \Device\Harddisk0\DR0\Partition0
15:18:01.0144 4672 D: <-> \Device\Harddisk1\DR1\Partition0
15:18:01.0175 4672 E: <-> \Device\Harddisk5\DR5\Partition0
15:18:01.0175 4672 F: <-> \Device\Harddisk4\DR4\Partition0
15:18:01.0191 4672 G: <-> \Device\Harddisk2\DR2\Partition0
15:18:01.0222 4672 H: <-> \Device\Harddisk3\DR3\Partition0
15:18:01.0238 4672 J: <-> \Device\Harddisk6\DR6\Partition0
15:18:01.0253 4672 M: <-> \Device\Harddisk7\DR7\Partition0
15:18:01.0253 4672 ============================================================
15:18:01.0253 4672 Initialize success
15:18:01.0253 4672 ============================================================
15:18:14.0050 3096 ============================================================
15:18:14.0050 3096 Scan started
15:18:14.0050 3096 Mode: Manual;
15:18:14.0050 3096 ============================================================
15:18:15.0457 3096 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) F:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:18:15.0472 3096 !SASCORE - ok
15:18:15.0660 3096 1394ohci (a87d604aea360176311474c87a63bb88) F:\Windows\system32\drivers\1394ohci.sys
15:18:15.0707 3096 1394ohci - ok
15:18:15.0738 3096 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) F:\Windows\system32\drivers\ACPI.sys
15:18:15.0753 3096 ACPI - ok
15:18:15.0785 3096 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) F:\Windows\system32\drivers\acpipmi.sys
15:18:15.0800 3096 AcpiPmi - ok
15:18:15.0894 3096 acssrv - ok
15:18:16.0019 3096 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:18:16.0019 3096 AdobeARMservice - ok
15:18:16.0160 3096 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:18:16.0160 3096 AdobeFlashPlayerUpdateSvc - ok
15:18:16.0238 3096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) F:\Windows\system32\DRIVERS\adp94xx.sys
15:18:16.0316 3096 adp94xx - ok
15:18:16.0347 3096 adpahci (597f78224ee9224ea1a13d6350ced962) F:\Windows\system32\DRIVERS\adpahci.sys
15:18:16.0394 3096 adpahci - ok
15:18:16.0425 3096 adpu320 (e109549c90f62fb570b9540c4b148e54) F:\Windows\system32\DRIVERS\adpu320.sys
15:18:16.0425 3096 adpu320 - ok
15:18:16.0472 3096 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) F:\Windows\System32\aelupsvc.dll
15:18:16.0472 3096 AeLookupSvc - ok
15:18:16.0519 3096 AFD (1c7857b62de5994a75b054a9fd4c3825) F:\Windows\system32\drivers\afd.sys
15:18:16.0550 3096 AFD - ok
15:18:16.0597 3096 afw (e8f8475359bbb2e6f236f273f439f85e) F:\Windows\system32\DRIVERS\afw.sys
15:18:16.0597 3096 afw - ok
15:18:16.0660 3096 afwcore (5b8b4640dafa352ffec9f909dd1e3ece) F:\Windows\system32\drivers\afwcore.sys
15:18:16.0675 3096 afwcore - ok
15:18:16.0707 3096 agp440 (608c14dba7299d8cb6ed035a68a15799) F:\Windows\system32\drivers\agp440.sys
15:18:16.0722 3096 agp440 - ok
15:18:16.0785 3096 ALG (3290d6946b5e30e70414990574883ddb) F:\Windows\System32\alg.exe
15:18:16.0800 3096 ALG - ok
15:18:16.0847 3096 aliide (5812713a477a3ad7363c7438ca2ee038) F:\Windows\system32\drivers\aliide.sys
15:18:16.0878 3096 aliide - ok
15:18:16.0894 3096 amdide (1ff8b4431c353ce385c875f194924c0c) F:\Windows\system32\drivers\amdide.sys
15:18:16.0910 3096 amdide - ok
15:18:16.0957 3096 AmdK8 (7024f087cff1833a806193ef9d22cda9) F:\Windows\system32\DRIVERS\amdk8.sys
15:18:16.0972 3096 AmdK8 - ok
15:18:17.0003 3096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) F:\Windows\system32\DRIVERS\amdppm.sys
15:18:17.0019 3096 AmdPPM - ok
15:18:17.0050 3096 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) F:\Windows\system32\drivers\amdsata.sys
15:18:17.0082 3096 amdsata - ok
15:18:17.0128 3096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) F:\Windows\system32\DRIVERS\amdsbs.sys
15:18:17.0160 3096 amdsbs - ok
15:18:17.0175 3096 amdxata (540daf1cea6094886d72126fd7c33048) F:\Windows\system32\drivers\amdxata.sys
15:18:17.0191 3096 amdxata - ok
15:18:17.0238 3096 AppID (89a69c3f2f319b43379399547526d952) F:\Windows\system32\drivers\appid.sys
15:18:17.0253 3096 AppID - ok
15:18:17.0285 3096 AppIDSvc (0bc381a15355a3982216f7172f545de1) F:\Windows\System32\appidsvc.dll
15:18:17.0300 3096 AppIDSvc - ok
15:18:17.0332 3096 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) F:\Windows\System32\appinfo.dll
15:18:17.0347 3096 Appinfo - ok
15:18:17.0378 3096 AppMgmt (4aba3e75a76195a3e38ed2766c962899) F:\Windows\System32\appmgmts.dll
15:18:17.0394 3096 AppMgmt - ok
15:18:17.0472 3096 arc (c484f8ceb1717c540242531db7845c4e) F:\Windows\system32\DRIVERS\arc.sys
15:18:17.0488 3096 arc - ok
15:18:17.0519 3096 arcsas (019af6924aefe7839f61c830227fe79c) F:\Windows\system32\DRIVERS\arcsas.sys
15:18:17.0519 3096 arcsas - ok
15:18:17.0582 3096 ASWFilt (a0ee3bd5e4c58c64f6b25d4c8806f169) F:\Windows\system32\Filt\ASWFilt64.dll
15:18:17.0582 3096 ASWFilt - ok
15:18:17.0613 3096 AsyncMac (769765ce2cc62867468cea93969b2242) F:\Windows\system32\DRIVERS\asyncmac.sys
15:18:17.0628 3096 AsyncMac - ok
15:18:17.0660 3096 atapi (02062c0b390b7729edc9e69c680a6f3c) F:\Windows\system32\drivers\atapi.sys
15:18:17.0660 3096 atapi - ok
15:18:17.0722 3096 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) F:\Windows\System32\Audiosrv.dll
15:18:17.0738 3096 AudioEndpointBuilder - ok
15:18:17.0753 3096 AudioSrv (f23fef6d569fce88671949894a8becf1) F:\Windows\System32\Audiosrv.dll
15:18:17.0753 3096 AudioSrv - ok
15:18:17.0816 3096 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) F:\Windows\System32\AxInstSV.dll
15:18:17.0816 3096 AxInstSV - ok
15:18:17.0878 3096 b06bdrv (3e5b191307609f7514148c6832bb0842) F:\Windows\system32\DRIVERS\bxvbda.sys
15:18:17.0910 3096 b06bdrv - ok
15:18:17.0941 3096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) F:\Windows\system32\DRIVERS\b57nd60a.sys
15:18:17.0972 3096 b57nd60a - ok
15:18:18.0019 3096 BDESVC (fde360167101b4e45a96f939f388aeb0) F:\Windows\System32\bdesvc.dll
15:18:18.0035 3096 BDESVC - ok
15:18:18.0066 3096 Beep (16a47ce2decc9b099349a5f840654746) F:\Windows\system32\drivers\Beep.sys
15:18:18.0066 3096 Beep - ok
15:18:18.0144 3096 BFE (82974d6a2fd19445cc5171fc378668a4) F:\Windows\System32\bfe.dll
15:18:18.0175 3096 BFE - ok
15:18:18.0253 3096 BITS (1ea7969e3271cbc59e1730697dc74682) F:\Windows\system32\qmgr.dll
15:18:18.0300 3096 BITS - ok
15:18:18.0394 3096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) F:\Windows\system32\DRIVERS\blbdrive.sys
15:18:18.0410 3096 blbdrive - ok
15:18:18.0441 3096 bowser (6c02a83164f5cc0a262f4199f0871cf5) F:\Windows\system32\DRIVERS\bowser.sys
15:18:18.0488 3096 bowser - ok
15:18:18.0503 3096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) F:\Windows\system32\DRIVERS\BrFiltLo.sys
15:18:18.0503 3096 BrFiltLo - ok
15:18:18.0519 3096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) F:\Windows\system32\DRIVERS\BrFiltUp.sys
15:18:18.0519 3096 BrFiltUp - ok
15:18:18.0582 3096 BridgeMP (5c2f352a4e961d72518261257aae204b) F:\Windows\system32\DRIVERS\bridge.sys
15:18:18.0597 3096 BridgeMP - ok
15:18:18.0644 3096 Browser (8ef0d5c41ec907751b8429162b1239ed) F:\Windows\System32\browser.dll
15:18:18.0644 3096 Browser - ok
15:18:18.0675 3096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) F:\Windows\System32\Drivers\Brserid.sys
15:18:18.0691 3096 Brserid - ok
15:18:18.0707 3096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) F:\Windows\System32\Drivers\BrSerWdm.sys
15:18:18.0722 3096 BrSerWdm - ok
15:18:18.0738 3096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) F:\Windows\System32\Drivers\BrUsbMdm.sys
15:18:18.0738 3096 BrUsbMdm - ok
15:18:18.0753 3096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) F:\Windows\System32\Drivers\BrUsbSer.sys
15:18:18.0753 3096 BrUsbSer - ok
15:18:18.0800 3096 BthEnum (cf98190a94f62e405c8cb255018b2315) F:\Windows\system32\drivers\BthEnum.sys
15:18:18.0816 3096 BthEnum - ok
15:18:18.0832 3096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) F:\Windows\system32\DRIVERS\bthmodem.sys
15:18:18.0847 3096 BTHMODEM - ok
15:18:18.0878 3096 BthPan (02dd601b708dd0667e1331fa8518e9ff) F:\Windows\system32\DRIVERS\bthpan.sys
15:18:18.0878 3096 BthPan - ok
15:18:18.0910 3096 BTHPORT (64c198198501f7560ee41d8d1efa7952) F:\Windows\System32\Drivers\BTHport.sys
15:18:18.0957 3096 BTHPORT - ok
15:18:18.0988 3096 bthserv (95f9c2976059462cbbf227f7aab10de9) F:\Windows\system32\bthserv.dll
15:18:18.0988 3096 bthserv - ok
15:18:19.0019 3096 BTHUSB (f188b7394d81010767b6df3178519a37) F:\Windows\System32\Drivers\BTHUSB.sys
15:18:19.0035 3096 BTHUSB - ok
15:18:19.0050 3096 catchme - ok
15:18:19.0097 3096 cdfs (b8bd2bb284668c84865658c77574381a) F:\Windows\system32\DRIVERS\cdfs.sys
15:18:19.0097 3096 cdfs - ok
15:18:19.0128 3096 cdrom (f036ce71586e93d94dab220d7bdf4416) F:\Windows\system32\DRIVERS\cdrom.sys
15:18:19.0160 3096 cdrom - ok
15:18:19.0207 3096 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) F:\Windows\System32\certprop.dll
15:18:19.0207 3096 CertPropSvc - ok
15:18:19.0238 3096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) F:\Windows\system32\DRIVERS\circlass.sys
15:18:19.0238 3096 circlass - ok
15:18:19.0300 3096 CLFS (fe1ec06f2253f691fe36217c592a0206) F:\Windows\system32\CLFS.sys
15:18:19.0378 3096 CLFS - ok
15:18:19.0472 3096 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:18:19.0472 3096 clr_optimization_v2.0.50727_32 - ok
15:18:19.0535 3096 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) F:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:18:19.0535 3096 clr_optimization_v2.0.50727_64 - ok
15:18:19.0597 3096 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:18:19.0597 3096 clr_optimization_v4.0.30319_32 - ok
15:18:19.0644 3096 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) F:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:18:19.0644 3096 clr_optimization_v4.0.30319_64 - ok
15:18:19.0691 3096 CmBatt (0840155d0bddf1190f84a663c284bd33) F:\Windows\system32\DRIVERS\CmBatt.sys
15:18:19.0707 3096 CmBatt - ok
15:18:19.0738 3096 cmdide (e19d3f095812725d88f9001985b94edd) F:\Windows\system32\drivers\cmdide.sys
15:18:19.0738 3096 cmdide - ok
15:18:19.0800 3096 CNG (c4943b6c962e4b82197542447ad599f4) F:\Windows\system32\Drivers\cng.sys
15:18:19.0847 3096 CNG - ok
15:18:19.0894 3096 Compbatt (102de219c3f61415f964c88e9085ad14) F:\Windows\system32\DRIVERS\compbatt.sys
15:18:19.0910 3096 Compbatt - ok
15:18:19.0925 3096 CompositeBus (03edb043586cceba243d689bdda370a8) F:\Windows\system32\drivers\CompositeBus.sys
15:18:19.0925 3096 CompositeBus - ok
15:18:19.0941 3096 COMSysApp - ok
15:18:19.0988 3096 crcdisk (1c827878a998c18847245fe1f34ee597) F:\Windows\system32\DRIVERS\crcdisk.sys
15:18:19.0988 3096 crcdisk - ok
15:18:20.0082 3096 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) F:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
15:18:20.0082 3096 Creative Audio Engine Licensing Service - ok
15:18:20.0144 3096 CryptSvc (15597883fbe9b056f276ada3ad87d9af) F:\Windows\system32\cryptsvc.dll
15:18:20.0144 3096 CryptSvc - ok
15:18:20.0222 3096 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) F:\Windows\system32\drivers\csc.sys
15:18:20.0238 3096 CSC - ok
15:18:20.0269 3096 CscService (3ab183ab4d2c79dcf459cd2c1266b043) F:\Windows\System32\cscsvc.dll
15:18:20.0300 3096 CscService - ok
15:18:20.0378 3096 CTAudSvcService (69cdba2b9c397e349a04fa70dd9170a2) F:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
15:18:20.0378 3096 CTAudSvcService - ok
15:18:20.0441 3096 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) F:\Windows\system32\rpcss.dll
15:18:20.0472 3096 DcomLaunch - ok
15:18:20.0519 3096 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) F:\Windows\System32\defragsvc.dll
15:18:20.0550 3096 defragsvc - ok
15:18:20.0628 3096 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) F:\Windows\system32\Drivers\dfsc.sys
15:18:20.0644 3096 DfsC - ok
15:18:20.0722 3096 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) F:\Windows\system32\dhcpcore.dll
15:18:20.0738 3096 Dhcp - ok
15:18:20.0785 3096 discache (13096b05847ec78f0977f2c0f79e9ab3) F:\Windows\system32\drivers\discache.sys
15:18:20.0816 3096 discache - ok
15:18:20.0832 3096 Disk (9819eee8b5ea3784ec4af3b137a5244c) F:\Windows\system32\DRIVERS\disk.sys
15:18:20.0847 3096 Disk - ok
15:18:20.0894 3096 Dnscache (16835866aaa693c7d7fceba8fff706e4) F:\Windows\System32\dnsrslvr.dll
15:18:20.0910 3096 Dnscache - ok
15:18:20.0957 3096 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) F:\Windows\System32\dot3svc.dll
15:18:20.0972 3096 dot3svc - ok
15:18:21.0003 3096 DPS (b26f4f737e8f9df4f31af6cf31d05820) F:\Windows\system32\dps.dll
15:18:21.0019 3096 DPS - ok
15:18:21.0050 3096 drmkaud (9b19f34400d24df84c858a421c205754) F:\Windows\system32\drivers\drmkaud.sys
15:18:21.0066 3096 drmkaud - ok
15:18:21.0128 3096 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) F:\Windows\System32\drivers\dxgkrnl.sys
15:18:21.0128 3096 DXGKrnl - ok
15:18:21.0191 3096 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) F:\Windows\system32\DRIVERS\E1G6032E.sys
15:18:21.0238 3096 E1G60 - ok
15:18:21.0269 3096 eamon (6a6bdaec4df4725d22731f2736880283) F:\Windows\system32\DRIVERS\eamon.sys
15:18:21.0316 3096 eamon - ok
15:18:21.0347 3096 EapHost (e2dda8726da9cb5b2c4000c9018a9633) F:\Windows\System32\eapsvc.dll
15:18:21.0363 3096 EapHost - ok
15:18:21.0503 3096 ebdrv (dc5d737f51be844d8c82c695eb17372f) F:\Windows\system32\DRIVERS\evbda.sys
15:18:21.0644 3096 ebdrv - ok
15:18:21.0785 3096 efavdrv (31bf254a77400baeffbc420db348a6b5) F:\Windows\system32\drivers\efavdrv.sys
15:18:21.0816 3096 efavdrv - ok
15:18:21.0847 3096 EFS (c118a82cd78818c29ab228366ebf81c3) F:\Windows\System32\lsass.exe
15:18:21.0847 3096 EFS - ok
15:18:21.0894 3096 ehdrv (00bdd2b658b8f6f35a7374cdb41efd5c) F:\Windows\system32\DRIVERS\ehdrv.sys
15:18:21.0910 3096 ehdrv - ok
15:18:22.0019 3096 ehRecvr (c4002b6b41975f057d98c439030cea07) F:\Windows\ehome\ehRecvr.exe
15:18:22.0050 3096 ehRecvr - ok
15:18:22.0097 3096 ehSched (4705e8ef9934482c5bb488ce28afc681) F:\Windows\ehome\ehsched.exe
15:18:22.0097 3096 ehSched - ok
15:18:22.0207 3096 EhttpSrv (8dd82a9593c19c00875c6e0d6df4fbdc) F:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
15:18:22.0207 3096 EhttpSrv - ok
15:18:22.0253 3096 ekrn (d543e7e8bcae3f5d256335eee809adf5) F:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
15:18:22.0269 3096 ekrn - ok
15:18:22.0394 3096 elxstor (0e5da5369a0fcaea12456dd852545184) F:\Windows\system32\DRIVERS\elxstor.sys
15:18:22.0441 3096 elxstor - ok
15:18:22.0472 3096 epfwwfpr (d1449f7c44beeba971324fea295747d3) F:\Windows\system32\DRIVERS\epfwwfpr.sys
15:18:22.0472 3096 epfwwfpr - ok
15:18:22.0519 3096 ErrDev (34a3c54752046e79a126e15c51db409b) F:\Windows\system32\drivers\errdev.sys
15:18:22.0535 3096 ErrDev - ok
15:18:22.0597 3096 EventSystem (4166f82be4d24938977dd1746be9b8a0) F:\Windows\system32\es.dll
15:18:22.0597 3096 EventSystem - ok
15:18:22.0644 3096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) F:\Windows\system32\drivers\exfat.sys
15:18:22.0675 3096 exfat - ok
15:18:22.0707 3096 fastfat (0adc83218b66a6db380c330836f3e36d) F:\Windows\system32\drivers\fastfat.sys
15:18:22.0738 3096 fastfat - ok
15:18:22.0800 3096 Fax (dbefd454f8318a0ef691fdd2eaab44eb) F:\Windows\system32\fxssvc.exe
15:18:22.0816 3096 Fax - ok
15:18:22.0832 3096 fdc (d765d19cd8ef61f650c384f62fac00ab) F:\Windows\system32\DRIVERS\fdc.sys
15:18:22.0847 3096 fdc - ok
15:18:22.0894 3096 fdPHost (0438cab2e03f4fb61455a7956026fe86) F:\Windows\system32\fdPHost.dll
15:18:22.0894 3096 fdPHost - ok
15:18:22.0910 3096 FDResPub (802496cb59a30349f9a6dd22d6947644) F:\Windows\system32\fdrespub.dll
15:18:22.0910 3096 FDResPub - ok
15:18:22.0957 3096 FileInfo (655661be46b5f5f3fd454e2c3095b930) F:\Windows\system32\drivers\fileinfo.sys
15:18:22.0972 3096 FileInfo - ok
15:18:22.0972 3096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) F:\Windows\system32\drivers\filetrace.sys
15:18:22.0988 3096 Filetrace - ok
15:18:23.0019 3096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) F:\Windows\system32\DRIVERS\flpydisk.sys
15:18:23.0019 3096 flpydisk - ok
15:18:23.0066 3096 FltMgr (da6b67270fd9db3697b20fce94950741) F:\Windows\system32\drivers\fltmgr.sys
15:18:23.0113 3096 FltMgr - ok
15:18:23.0191 3096 FontCache (5c4cb4086fb83115b153e47add961a0c) F:\Windows\system32\FntCache.dll
15:18:23.0207 3096 FontCache - ok
15:18:23.0347 3096 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) F:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:18:23.0347 3096 FontCache3.0.0.0 - ok
15:18:23.0410 3096 FsDepends (d43703496149971890703b4b1b723eac) F:\Windows\system32\drivers\FsDepends.sys
15:18:23.0441 3096 FsDepends - ok
15:18:23.0472 3096 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) F:\Windows\system32\drivers\Fs_Rec.sys
15:18:23.0488 3096 Fs_Rec - ok
15:18:23.0550 3096 fvevol (1f7b25b858fa27015169fe95e54108ed) F:\Windows\system32\DRIVERS\fvevol.sys
15:18:23.0597 3096 fvevol - ok
15:18:23.0644 3096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) F:\Windows\system32\DRIVERS\gagp30kx.sys
15:18:23.0675 3096 gagp30kx - ok
15:18:23.0738 3096 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) F:\Windows\System32\gpsvc.dll
15:18:23.0753 3096 gpsvc - ok
15:18:23.0863 3096 gupdate (f02a533f517eb38333cb12a9e8963773) F:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:18:23.0863 3096 gupdate - ok
15:18:23.0894 3096 gupdatem (f02a533f517eb38333cb12a9e8963773) F:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:18:23.0894 3096 gupdatem - ok
15:18:23.0941 3096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) F:\Windows\system32\drivers\hcw85cir.sys
15:18:23.0957 3096 hcw85cir - ok
15:18:24.0003 3096 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) F:\Windows\system32\drivers\HDAudBus.sys
15:18:24.0003 3096 HDAudBus - ok
15:18:24.0019 3096 HidBatt (78e86380454a7b10a5eb255dc44a355f) F:\Windows\system32\DRIVERS\HidBatt.sys
15:18:24.0066 3096 HidBatt - ok
15:18:24.0082 3096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) F:\Windows\system32\DRIVERS\hidbth.sys
15:18:24.0097 3096 HidBth - ok
15:18:24.0144 3096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) F:\Windows\system32\DRIVERS\hidir.sys
15:18:24.0160 3096 HidIr - ok
15:18:24.0191 3096 hidserv (bd9eb3958f213f96b97b1d897dee006d) F:\Windows\System32\hidserv.dll
15:18:24.0191 3096 hidserv - ok
15:18:24.0238 3096 HidUsb (9592090a7e2b61cd582b612b6df70536) F:\Windows\system32\DRIVERS\hidusb.sys
15:18:24.0253 3096 HidUsb - ok
15:18:24.0285 3096 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) F:\Windows\system32\kmsvc.dll
15:18:24.0285 3096 hkmsvc - ok
15:18:24.0332 3096 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) F:\Windows\system32\ListSvc.dll
15:18:24.0332 3096 HomeGroupListener - ok
15:18:24.0394 3096 HomeGroupProvider (908acb1f594274965a53926b10c81e89) F:\Windows\system32\provsvc.dll
15:18:24.0410 3096 HomeGroupProvider - ok
15:18:24.0425 3096 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) F:\Windows\system32\drivers\HpSAMD.sys
15:18:24.0441 3096 HpSAMD - ok
15:18:24.0519 3096 HTTP (0ea7de1acb728dd5a369fd742d6eee28) F:\Windows\system32\drivers\HTTP.sys
15:18:24.0550 3096 HTTP - ok
15:18:24.0597 3096 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) F:\Windows\system32\drivers\hwpolicy.sys
15:18:24.0628 3096 hwpolicy - ok
15:18:24.0660 3096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) F:\Windows\system32\drivers\i8042prt.sys
15:18:24.0675 3096 i8042prt - ok
15:18:24.0722 3096 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) F:\Windows\system32\drivers\iaStorV.sys
15:18:24.0753 3096 iaStorV - ok
15:18:24.0894 3096 IDriverT (1cf03c69b49acb70c722df92755c0c8c) F:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:18:24.0894 3096 IDriverT - ok
15:18:25.0003 3096 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) F:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:18:25.0019 3096 idsvc - ok
15:18:25.0128 3096 iirsp (5c18831c61933628f5bb0ea2675b9d21) F:\Windows\system32\DRIVERS\iirsp.sys
15:18:25.0144 3096 iirsp - ok
15:18:25.0238 3096 IKEEXT (fcd84c381e0140af901e58d48882d26b) F:\Windows\System32\ikeext.dll
15:18:25.0253 3096 IKEEXT - ok
15:18:25.0285 3096 intelide (f00f20e70c6ec3aa366910083a0518aa) F:\Windows\system32\drivers\intelide.sys
15:18:25.0285 3096 intelide - ok
15:18:25.0316 3096 intelppm (ada036632c664caa754079041cf1f8c1) F:\Windows\system32\DRIVERS\intelppm.sys
15:18:25.0332 3096 intelppm - ok
15:18:25.0378 3096 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) F:\Windows\system32\ipbusenum.dll
15:18:25.0378 3096 IPBusEnum - ok
15:18:25.0425 3096 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) F:\Windows\system32\DRIVERS\ipfltdrv.sys
15:18:25.0425 3096 IpFilterDriver - ok
15:18:25.0503 3096 iphlpsvc (a34a587fffd45fa649fba6d03784d257) F:\Windows\System32\iphlpsvc.dll
15:18:25.0535 3096 iphlpsvc - ok
15:18:25.0566 3096 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) F:\Windows\system32\drivers\IPMIDrv.sys
15:18:25.0582 3096 IPMIDRV - ok
15:18:25.0644 3096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) F:\Windows\system32\drivers\ipnat.sys
15:18:25.0675 3096 IPNAT - ok
15:18:25.0691 3096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) F:\Windows\system32\drivers\irenum.sys
15:18:25.0691 3096 IRENUM - ok
15:18:25.0707 3096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) F:\Windows\system32\drivers\isapnp.sys
15:18:25.0722 3096 isapnp - ok
15:18:25.0738 3096 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) F:\Windows\system32\drivers\msiscsi.sys
15:18:25.0769 3096 iScsiPrt - ok
15:18:25.0800 3096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) F:\Windows\system32\DRIVERS\kbdclass.sys
15:18:25.0800 3096 kbdclass - ok
15:18:25.0816 3096 kbdhid (0705eff5b42a9db58548eec3b26bb484) F:\Windows\system32\DRIVERS\kbdhid.sys
15:18:25.0816 3096 kbdhid - ok
15:18:25.0863 3096 KeyIso (c118a82cd78818c29ab228366ebf81c3) F:\Windows\system32\lsass.exe
15:18:25.0863 3096 KeyIso - ok
15:18:25.0894 3096 KSecDD (da1e991a61cfdd755a589e206b97644b) F:\Windows\system32\Drivers\ksecdd.sys
15:18:25.0910 3096 KSecDD - ok
15:18:25.0957 3096 KSecPkg (7e33198d956943a4f11a5474c1e9106f) F:\Windows\system32\Drivers\ksecpkg.sys
15:18:25.0972 3096 KSecPkg - ok
15:18:26.0019 3096 ksthunk (6869281e78cb31a43e969f06b57347c4) F:\Windows\system32\drivers\ksthunk.sys
15:18:26.0066 3096 ksthunk - ok
15:18:26.0144 3096 KtmRm (6ab66e16aa859232f64deb66887a8c9c) F:\Windows\system32\msdtckrm.dll
15:18:26.0160 3096 KtmRm - ok
15:18:26.0238 3096 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) F:\Windows\System32\srvsvc.dll
15:18:26.0253 3096 LanmanServer - ok
15:18:26.0300 3096 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) F:\Windows\System32\wkssvc.dll
15:18:26.0316 3096 LanmanWorkstation - ok
15:18:26.0332 3096 lltdio (1538831cf8ad2979a04c423779465827) F:\Windows\system32\DRIVERS\lltdio.sys
15:18:26.0347 3096 lltdio - ok
15:18:26.0394 3096 lltdsvc (c1185803384ab3feed115f79f109427f) F:\Windows\System32\lltdsvc.dll
15:18:26.0410 3096 lltdsvc - ok
15:18:26.0441 3096 lmhosts (f993a32249b66c9d622ea5592a8b76b8) F:\Windows\System32\lmhsvc.dll
15:18:26.0441 3096 lmhosts - ok
15:18:26.0488 3096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) F:\Windows\system32\DRIVERS\lsi_fc.sys
15:18:26.0503 3096 LSI_FC - ok
15:18:26.0519 3096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) F:\Windows\system32\DRIVERS\lsi_sas.sys
15:18:26.0550 3096 LSI_SAS - ok
15:18:26.0566 3096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) F:\Windows\system32\DRIVERS\lsi_sas2.sys
15:18:26.0582 3096 LSI_SAS2 - ok
15:18:26.0597 3096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) F:\Windows\system32\DRIVERS\lsi_scsi.sys
15:18:26.0613 3096 LSI_SCSI - ok
15:18:26.0675 3096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) F:\Windows\system32\drivers\luafv.sys
15:18:26.0675 3096 luafv - ok
15:18:26.0722 3096 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) F:\Windows\system32\Mcx2Svc.dll
15:18:26.0738 3096 Mcx2Svc - ok
15:18:26.0753 3096 megasas (a55805f747c6edb6a9080d7c633bd0f4) F:\Windows\system32\DRIVERS\megasas.sys
15:18:26.0816 3096 megasas - ok
15:18:26.0847 3096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) F:\Windows\system32\DRIVERS\MegaSR.sys
15:18:26.0878 3096 MegaSR - ok
15:18:26.0925 3096 MMCSS (e40e80d0304a73e8d269f7141d77250b) F:\Windows\system32\mmcss.dll
15:18:26.0925 3096 MMCSS - ok
15:18:26.0957 3096 Modem (800ba92f7010378b09f9ed9270f07137) F:\Windows\system32\drivers\modem.sys
15:18:26.0957 3096 Modem - ok
15:18:26.0988 3096 monitor (b03d591dc7da45ece20b3b467e6aadaa) F:\Windows\system32\DRIVERS\monitor.sys
15:18:26.0988 3096 monitor - ok
15:18:27.0019 3096 MOSUMAC (1cc353d6b0efbc411bc34ae70e5f5b38) F:\Windows\system32\DRIVERS\USBMAC64.SYS
15:18:27.0019 3096 MOSUMAC - ok
15:18:27.0050 3096 mouclass (7d27ea49f3c1f687d357e77a470aea99) F:\Windows\system32\DRIVERS\mouclass.sys
15:18:27.0050 3096 mouclass - ok
15:18:27.0082 3096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) F:\Windows\system32\DRIVERS\mouhid.sys
15:18:27.0082 3096 mouhid - ok
15:18:27.0128 3096 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) F:\Windows\system32\drivers\mountmgr.sys
15:18:27.0144 3096 mountmgr - ok
15:18:27.0160 3096 mpio (a44b420d30bd56e145d6a2bc8768ec58) F:\Windows\system32\drivers\mpio.sys
15:18:27.0175 3096 mpio - ok
15:18:27.0191 3096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) F:\Windows\system32\drivers\mpsdrv.sys
15:18:27.0207 3096 mpsdrv - ok
15:18:27.0285 3096 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) F:\Windows\system32\mpssvc.dll
15:18:27.0316 3096 MpsSvc - ok
15:18:27.0378 3096 MRxDAV (dc722758b8261e1abafd31a3c0a66380) F:\Windows\system32\drivers\mrxdav.sys
15:18:27.0378 3096 MRxDAV - ok
15:18:27.0410 3096 mrxsmb (a5d9106a73dc88564c825d317cac68ac) F:\Windows\system32\DRIVERS\mrxsmb.sys
15:18:27.0425 3096 mrxsmb - ok
15:18:27.0472 3096 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) F:\Windows\system32\DRIVERS\mrxsmb10.sys
15:18:27.0550 3096 mrxsmb10 - ok
15:18:27.0582 3096 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) F:\Windows\system32\DRIVERS\mrxsmb20.sys
15:18:27.0597 3096 mrxsmb20 - ok
15:18:27.0613 3096 msahci (c25f0bafa182cbca2dd3c851c2e75796) F:\Windows\system32\drivers\msahci.sys
15:18:27.0628 3096 msahci - ok
15:18:27.0675 3096 msdsm (db801a638d011b9633829eb6f663c900) F:\Windows\system32\drivers\msdsm.sys
15:18:27.0691 3096 msdsm - ok
15:18:27.0738 3096 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) F:\Windows\System32\msdtc.exe
15:18:27.0738 3096 MSDTC - ok
15:18:27.0800 3096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) F:\Windows\system32\drivers\Msfs.sys
15:18:27.0800 3096 Msfs - ok
15:18:27.0816 3096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) F:\Windows\System32\drivers\mshidkmdf.sys
15:18:27.0816 3096 mshidkmdf - ok
15:18:27.0832 3096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) F:\Windows\system32\drivers\msisadrv.sys
15:18:27.0847 3096 msisadrv - ok
15:18:27.0894 3096 MSiSCSI (808e98ff49b155c522e6400953177b08) F:\Windows\system32\iscsiexe.dll
15:18:27.0910 3096 MSiSCSI - ok
15:18:27.0910 3096 msiserver - ok
15:18:27.0957 3096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) F:\Windows\system32\drivers\MSKSSRV.sys
15:18:27.0957 3096 MSKSSRV - ok
15:18:27.0972 3096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) F:\Windows\system32\drivers\MSPCLOCK.sys
15:18:27.0972 3096 MSPCLOCK - ok
15:18:27.0988 3096 MSPQM (4ed981241db27c3383d72092b618a1d0) F:\Windows\system32\drivers\MSPQM.sys
15:18:28.0003 3096 MSPQM - ok
15:18:28.0035 3096 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) F:\Windows\system32\drivers\MsRPC.sys
15:18:28.0050 3096 MsRPC - ok
15:18:28.0082 3096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) F:\Windows\system32\drivers\mssmbios.sys
15:18:28.0082 3096 mssmbios - ok
15:18:28.0113 3096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) F:\Windows\system32\drivers\MSTEE.sys
15:18:28.0113 3096 MSTEE - ok
15:18:28.0128 3096 MTConfig (7ea404308934e675bffde8edf0757bcd) F:\Windows\system32\DRIVERS\MTConfig.sys
15:18:28.0128 3096 MTConfig - ok
15:18:28.0175 3096 MTsensor (03b7145c889603537e9ffeabb1ad1089) F:\Windows\system32\DRIVERS\ASACPI.sys
15:18:28.0222 3096 MTsensor - ok
15:18:28.0285 3096 Mup (f9a18612fd3526fe473c1bda678d61c8) F:\Windows\system32\Drivers\mup.sys
15:18:28.0332 3096 Mup - ok
15:18:28.0378 3096 napagent (582ac6d9873e31dfa28a4547270862dd) F:\Windows\system32\qagentRT.dll
15:18:28.0394 3096 napagent - ok
15:18:28.0457 3096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) F:\Windows\system32\DRIVERS\nwifi.sys
15:18:28.0519 3096 NativeWifiP - ok
15:18:28.0644 3096 NBService (b498a14133bd09ad0817590ace4470ad) F:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
15:18:28.0660 3096 NBService - ok
15:18:28.0738 3096 NDIS (79b47fd40d9a817e932f9d26fac0a81c) F:\Windows\system32\drivers\ndis.sys
15:18:28.0769 3096 NDIS - ok
15:18:28.0816 3096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) F:\Windows\system32\DRIVERS\ndiscap.sys
15:18:28.0832 3096 NdisCap - ok
15:18:28.0863 3096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) F:\Windows\system32\DRIVERS\ndistapi.sys
15:18:28.0863 3096 NdisTapi - ok
15:18:28.0894 3096 Ndisuio (136185f9fb2cc61e573e676aa5402356) F:\Windows\system32\DRIVERS\ndisuio.sys
15:18:28.0894 3096 Ndisuio - ok
15:18:28.0941 3096 NdisWan (53f7305169863f0a2bddc49e116c2e11) F:\Windows\system32\DRIVERS\ndiswan.sys
15:18:28.0957 3096 NdisWan - ok
15:18:29.0003 3096 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) F:\Windows\system32\drivers\NDProxy.sys
15:18:29.0019 3096 NDProxy - ok
15:18:29.0066 3096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) F:\Windows\system32\DRIVERS\netbios.sys
15:18:29.0082 3096 NetBIOS - ok
15:18:29.0128 3096 NetBT (09594d1089c523423b32a4229263f068) F:\Windows\system32\DRIVERS\netbt.sys
15:18:29.0144 3096 NetBT - ok
15:18:29.0175 3096 Netlogon (c118a82cd78818c29ab228366ebf81c3) F:\Windows\system32\lsass.exe
15:18:29.0191 3096 Netlogon - ok
15:18:29.0253 3096 Netman (847d3ae376c0817161a14a82c8922a9e) F:\Windows\System32\netman.dll
15:18:29.0269 3096 Netman - ok
15:18:29.0316 3096 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) F:\Windows\System32\netprofm.dll
15:18:29.0332 3096 netprofm - ok
15:18:29.0472 3096 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) F:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:18:29.0488 3096 NetTcpPortSharing - ok
15:18:29.0535 3096 nfrd960 (77889813be4d166cdab78ddba990da92) F:\Windows\system32\DRIVERS\nfrd960.sys
15:18:29.0566 3096 nfrd960 - ok
15:18:29.0628 3096 NlaSvc (1ee99a89cc788ada662441d1e9830529) F:\Windows\System32\nlasvc.dll
15:18:29.0644 3096 NlaSvc - ok
15:18:29.0753 3096 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) F:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
15:18:29.0753 3096 NMIndexingService - ok
15:18:29.0800 3096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) F:\Windows\system32\drivers\Npfs.sys
15:18:29.0816 3096 Npfs - ok
15:18:29.0847 3096 nsi (d54bfdf3e0c953f823b3d0bfe4732528) F:\Windows\system32\nsisvc.dll
15:18:29.0847 3096 nsi - ok
15:18:29.0863 3096 nsiproxy (e7f5ae18af4168178a642a9247c63001) F:\Windows\system32\drivers\nsiproxy.sys
15:18:29.0878 3096 nsiproxy - ok
15:18:29.0941 3096 Ntfs (a2f74975097f52a00745f9637451fdd8) F:\Windows\system32\drivers\Ntfs.sys
15:18:30.0003 3096 Ntfs - ok
15:18:30.0144 3096 Null (9899284589f75fa8724ff3d16aed75c1) F:\Windows\system32\drivers\Null.sys
15:18:30.0191 3096 Null - ok
15:18:30.0253 3096 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) F:\Windows\system32\DRIVERS\nvm62x64.sys
15:18:30.0285 3096 NVENETFD - ok
15:18:30.0707 3096 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) F:\Windows\system32\DRIVERS\nvlddmkm.sys
15:18:30.0800 3096 nvlddmkm - ok
15:18:30.0941 3096 nvraid (0a92cb65770442ed0dc44834632f66ad) F:\Windows\system32\drivers\nvraid.sys
15:18:30.0957 3096 nvraid - ok
15:18:30.0972 3096 nvstor (dab0e87525c10052bf65f06152f37e4a) F:\Windows\system32\drivers\nvstor.sys
15:18:31.0003 3096 nvstor - ok
15:18:31.0066 3096 nvsvc (06633cf95bea62164c3bfca24bce6b11) F:\Windows\system32\nvvsvc.exe
15:18:31.0097 3096 nvsvc - ok
15:18:31.0253 3096 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:18:31.0253 3096 nvUpdatusService - ok
15:18:31.0410 3096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) F:\Windows\system32\drivers\nv_agp.sys
15:18:31.0441 3096 nv_agp - ok
15:18:31.0457 3096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) F:\Windows\system32\drivers\ohci1394.sys
15:18:31.0472 3096 ohci1394 - ok
15:18:31.0566 3096 P17 (edd1dcd36f6115acc6935c3f88ff54d7) F:\Windows\system32\drivers\P17.sys
15:18:31.0644 3096 P17 - ok
15:18:31.0691 3096 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) F:\Windows\system32\pnrpsvc.dll
15:18:31.0707 3096 p2pimsvc - ok
15:18:31.0722 3096 p2psvc (927463ecb02179f88e4b9a17568c63c3) F:\Windows\system32\p2psvc.dll
15:18:31.0738 3096 p2psvc - ok
15:18:31.0832 3096 Parport (0086431c29c35be1dbc43f52cc273887) F:\Windows\system32\DRIVERS\parport.sys
15:18:31.0878 3096 Parport - ok
15:18:31.0894 3096 partmgr (e9766131eeade40a27dc27d2d68fba9c) F:\Windows\system32\drivers\partmgr.sys
15:18:31.0910 3096 partmgr - ok
15:18:31.0957 3096 PcaSvc (3aeaa8b561e63452c655dc0584922257) F:\Windows\System32\pcasvc.dll
15:18:31.0957 3096 PcaSvc - ok
15:18:31.0988 3096 pci (94575c0571d1462a0f70bde6bd6ee6b3) F:\Windows\system32\drivers\pci.sys
15:18:32.0050 3096 pci - ok
15:18:32.0066 3096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) F:\Windows\system32\drivers\pciide.sys
15:18:32.0082 3096 pciide - ok
15:18:32.0128 3096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) F:\Windows\system32\DRIVERS\pcmcia.sys
15:18:32.0160 3096 pcmcia - ok
15:18:32.0175 3096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) F:\Windows\system32\drivers\pcw.sys
15:18:32.0191 3096 pcw - ok
15:18:32.0207 3096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) F:\Windows\system32\drivers\peauth.sys
15:18:32.0253 3096 PEAUTH - ok
15:18:32.0332 3096 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) F:\Windows\system32\peerdistsvc.dll
15:18:32.0363 3096 PeerDistSvc - ok
15:18:32.0457 3096 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) F:\Windows\SysWow64\perfhost.exe
15:18:32.0457 3096 PerfHost - ok
15:18:32.0613 3096 pla (c7cf6a6e137463219e1259e3f0f0dd6c) F:\Windows\system32\pla.dll
15:18:32.0675 3096 pla - ok
15:18:32.0722 3096 PlugPlay (25fbdef06c4d92815b353f6e792c8129) F:\Windows\system32\umpnpmgr.dll
15:18:32.0753 3096 PlugPlay - ok
15:18:32.0769 3096 PnkBstrA - ok
15:18:32.0816 3096 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) F:\Windows\system32\pnrpauto.dll
15:18:32.0832 3096 PNRPAutoReg - ok
15:18:32.0847 3096 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) F:\Windows\system32\pnrpsvc.dll
15:18:32.0847 3096 PNRPsvc - ok
15:18:32.0910 3096 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) F:\Windows\System32\ipsecsvc.dll
15:18:32.0925 3096 PolicyAgent - ok
15:18:32.0972 3096 Power (6ba9d927dded70bd1a9caded45f8b184) F:\Windows\system32\umpo.dll
15:18:32.0972 3096 Power - ok
15:18:33.0050 3096 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) F:\Windows\system32\DRIVERS\raspptp.sys
15:18:33.0144 3096 PptpMiniport - ok
15:18:33.0175 3096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) F:\Windows\system32\DRIVERS\processr.sys
15:18:33.0191 3096 Processor - ok
15:18:33.0238 3096 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) F:\Windows\system32\profsvc.dll
15:18:33.0253 3096 ProfSvc - ok
15:18:33.0300 3096 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) F:\Windows\system32\lsass.exe
15:18:33.0300 3096 ProtectedStorage - ok
15:18:33.0363 3096 Psched (0557cf5a2556bd58e26384169d72438d) F:\Windows\system32\DRIVERS\pacer.sys
15:18:33.0378 3096 Psched - ok
15:18:33.0472 3096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) F:\Windows\system32\DRIVERS\ql2300.sys
15:18:33.0550 3096 ql2300 - ok
15:18:33.0707 3096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) F:\Windows\system32\DRIVERS\ql40xx.sys
15:18:33.0707 3096 ql40xx - ok
15:18:33.0769 3096 QWAVE (906191634e99aea92c4816150bda3732) F:\Windows\system32\qwave.dll
15:18:33.0816 3096 QWAVE - ok
15:18:33.0832 3096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) F:\Windows\system32\drivers\qwavedrv.sys
15:18:33.0847 3096 QWAVEdrv - ok
15:18:33.0863 3096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) F:\Windows\system32\DRIVERS\rasacd.sys
15:18:33.0878 3096 RasAcd - ok
15:18:33.0925 3096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) F:\Windows\system32\DRIVERS\AgileVpn.sys
15:18:33.0925 3096 RasAgileVpn - ok
15:18:33.0972 3096 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) F:\Windows\System32\rasauto.dll
15:18:33.0972 3096 RasAuto - ok
15:18:34.0019 3096 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) F:\Windows\system32\DRIVERS\rasl2tp.sys
15:18:34.0050 3096 Rasl2tp - ok
15:18:34.0082 3096 RasMan (ee867a0870fc9e4972ba9eaad35651e2) F:\Windows\System32\rasmans.dll
15:18:34.0097 3096 RasMan - ok
15:18:34.0144 3096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) F:\Windows\system32\DRIVERS\raspppoe.sys
15:18:34.0144 3096 RasPppoe - ok
15:18:34.0160 3096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) F:\Windows\system32\DRIVERS\rassstp.sys
15:18:34.0175 3096 RasSstp - ok
15:18:34.0222 3096 Razerlow (81ddbf4fe998ef1f4ba230f7e8d8c67e) F:\Windows\system32\drivers\DB3G.sys
15:18:34.0238 3096 Razerlow - ok
15:18:34.0285 3096 rdbss (77f665941019a1594d887a74f301fa2f) F:\Windows\system32\DRIVERS\rdbss.sys
15:18:34.0300 3096 rdbss - ok
15:18:34.0332 3096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) F:\Windows\system32\DRIVERS\rdpbus.sys
15:18:34.0363 3096 rdpbus - ok
15:18:34.0363 3096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) F:\Windows\system32\DRIVERS\RDPCDD.sys
15:18:34.0363 3096 RDPCDD - ok
15:18:34.0410 3096 RDPDR (1b6163c503398b23ff8b939c67747683) F:\Windows\system32\drivers\rdpdr.sys
15:18:34.0441 3096 RDPDR - ok
15:18:34.0488 3096 RDPENCDD (bb5971a4f00659529a5c44831af22365) F:\Windows\system32\drivers\rdpencdd.sys
15:18:34.0503 3096 RDPENCDD - ok
15:18:34.0503 3096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) F:\Windows\system32\drivers\rdprefmp.sys
15:18:34.0503 3096 RDPREFMP - ok
15:18:34.0566 3096 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) F:\Windows\system32\drivers\rdpvideominiport.sys
15:18:34.0566 3096 RdpVideoMiniport - ok
15:18:34.0597 3096 RDPWD (6d76e6433574b058adcb0c50df834492) F:\Windows\system32\drivers\RDPWD.sys
15:18:34.0628 3096 RDPWD - ok
15:18:34.0691 3096 rdyboost (34ed295fa0121c241bfef24764fc4520) F:\Windows\system32\drivers\rdyboost.sys
15:18:34.0691 3096 rdyboost - ok
15:18:34.0753 3096 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) F:\Windows\System32\mprdim.dll
15:18:34.0769 3096 RemoteAccess - ok
15:18:34.0832 3096 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) F:\Windows\system32\regsvc.dll
15:18:34.0847 3096 RemoteRegistry - ok
15:18:34.0878 3096 RFCOMM (3dd798846e2c28102b922c56e71b7932) F:\Windows\system32\DRIVERS\rfcomm.sys
15:18:34.0910 3096 RFCOMM - ok
15:18:35.0019 3096 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) F:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
15:18:35.0035 3096 RivaTuner64 - ok
15:18:35.0082 3096 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) F:\Windows\System32\RpcEpMap.dll
15:18:35.0082 3096 RpcEptMapper - ok
15:18:35.0128 3096 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) F:\Windows\system32\locator.exe
15:18:35.0128 3096 RpcLocator - ok
15:18:35.0175 3096 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) F:\Windows\system32\rpcss.dll
15:18:35.0191 3096 RpcSs - ok
15:18:35.0222 3096 rspndr (ddc86e4f8e7456261e637e3552e804ff) F:\Windows\system32\DRIVERS\rspndr.sys
15:18:35.0238 3096 rspndr - ok
15:18:35.0269 3096 s3cap (e60c0a09f997826c7627b244195ab581) F:\Windows\system32\drivers\vms3cap.sys
15:18:35.0269 3096 s3cap - ok
15:18:35.0300 3096 SamSs (c118a82cd78818c29ab228366ebf81c3) F:\Windows\system32\lsass.exe
15:18:35.0300 3096 SamSs - ok
15:18:35.0378 3096 SandBox (c0a944e741e2c734bf6969d39621945d) F:\Windows\system32\drivers\SandBox64.sys
15:18:35.0410 3096 SandBox - ok
15:18:35.0566 3096 SASDIFSV (3289766038db2cb14d07dc84392138d5) F:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:18:35.0566 3096 SASDIFSV - ok
15:18:35.0613 3096 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) F:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:18:35.0628 3096 SASKUTIL - ok
15:18:35.0675 3096 sbp2port (ac03af3329579fffb455aa2daabbe22b) F:\Windows\system32\drivers\sbp2port.sys
15:18:35.0691 3096 sbp2port - ok
15:18:35.0738 3096 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) F:\Windows\System32\SCardSvr.dll
15:18:35.0753 3096 SCardSvr - ok
15:18:35.0785 3096 scfilter (253f38d0d7074c02ff8deb9836c97d2b) F:\Windows\system32\DRIVERS\scfilter.sys
15:18:35.0800 3096 scfilter - ok
15:18:35.0878 3096 Schedule (262f6592c3299c005fd6bec90fc4463a) F:\Windows\system32\schedsvc.dll
15:18:35.0894 3096 Schedule - ok
15:18:35.0941 3096 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) F:\Windows\System32\certprop.dll
15:18:35.0941 3096 SCPolicySvc - ok
15:18:35.0988 3096 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) F:\Windows\System32\SDRSVC.dll
15:18:36.0003 3096 SDRSVC - ok
15:18:36.0082 3096 secdrv (3ea8a16169c26afbeb544e0e48421186) F:\Windows\system32\drivers\secdrv.sys
15:18:36.0082 3096 secdrv - ok
15:18:36.0128 3096 seclogon (bc617a4e1b4fa8df523a061739a0bd87) F:\Windows\system32\seclogon.dll
15:18:36.0128 3096 seclogon - ok
15:18:36.0175 3096 SENS (c32ab8fa018ef34c0f113bd501436d21) F:\Windows\system32\sens.dll
15:18:36.0191 3096 SENS - ok
15:18:36.0207 3096 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) F:\Windows\system32\sensrsvc.dll
15:18:36.0238 3096 SensrSvc - ok
15:18:36.0253 3096 Serenum (cb624c0035412af0debec78c41f5ca1b) F:\Windows\system32\DRIVERS\serenum.sys
15:18:36.0285 3096 Serenum - ok
15:18:36.0332 3096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) F:\Windows\system32\DRIVERS\serial.sys
15:18:36.0378 3096 Serial - ok
15:18:36.0410 3096 sermouse (1c545a7d0691cc4a027396535691c3e3) F:\Windows\system32\DRIVERS\sermouse.sys
15:18:36.0425 3096 sermouse - ok
15:18:36.0472 3096 SessionEnv (0b6231bf38174a1628c4ac812cc75804) F:\Windows\system32\sessenv.dll
15:18:36.0472 3096 SessionEnv - ok
15:18:36.0503 3096 sffdisk (a554811bcd09279536440c964ae35bbf) F:\Windows\system32\drivers\sffdisk.sys
15:18:36.0519 3096 sffdisk - ok
15:18:36.0535 3096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) F:\Windows\system32\drivers\sffp_mmc.sys
15:18:36.0550 3096 sffp_mmc - ok
15:18:36.0550 3096 sffp_sd (dd85b78243a19b59f0637dcf284da63c) F:\Windows\system32\drivers\sffp_sd.sys
15:18:36.0550 3096 sffp_sd - ok
15:18:36.0597 3096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) F:\Windows\system32\DRIVERS\sfloppy.sys
15:18:36.0613 3096 sfloppy - ok
15:18:36.0675 3096 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) F:\Windows\System32\ipnathlp.dll
15:18:36.0691 3096 SharedAccess - ok
15:18:36.0753 3096 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) F:\Windows\System32\shsvcs.dll
15:18:36.0785 3096 ShellHWDetection - ok
15:18:36.0832 3096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) F:\Windows\system32\DRIVERS\SiSRaid2.sys
15:18:36.0847 3096 SiSRaid2 - ok
15:18:36.0878 3096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) F:\Windows\system32\DRIVERS\sisraid4.sys
15:18:36.0894 3096 SiSRaid4 - ok
15:18:36.0910 3096 Smb (548260a7b8654e024dc30bf8a7c5baa4) F:\Windows\system32\DRIVERS\smb.sys
15:18:36.0910 3096 Smb - ok
15:18:36.0972 3096 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) F:\Windows\System32\snmptrap.exe
15:18:36.0972 3096 SNMPTRAP - ok
15:18:37.0191 3096 SophosVirusRemovalTool (7f71e321bd2be10fdd198e9b1d5c57de) F:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
15:18:37.0207 3096 SophosVirusRemovalTool - ok
15:18:37.0316 3096 speedfan (12583af6cbe0050651eaf2723b3ad7b3) F:\Windows\syswow64\speedfan.sys
15:18:37.0316 3096 speedfan - ok
15:18:37.0347 3096 spldr (b9e31e5cacdfe584f34f730a677803f9) F:\Windows\system32\drivers\spldr.sys
15:18:37.0363 3096 spldr - ok
15:18:37.0425 3096 Spooler (b96c17b5dc1424d56eea3a99e97428cd) F:\Windows\System32\spoolsv.exe
15:18:37.0472 3096 Spooler - ok
15:18:37.0644 3096 sppsvc (e17e0188bb90fae42d83e98707efa59c) F:\Windows\system32\sppsvc.exe
15:18:37.0738 3096 sppsvc - ok
15:18:37.0863 3096 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) F:\Windows\system32\sppuinotify.dll
15:18:37.0878 3096 sppuinotify - ok
15:18:37.0988 3096 sptd (4b3f898dc1378ced2f35d04e5b0ce0df) F:\Windows\System32\Drivers\sptd.sys
15:18:37.0988 3096 Suspicious file (NoAccess): F:\Windows\System32\Drivers\sptd.sys. md5: 4b3f898dc1378ced2f35d04e5b0ce0df
15:18:38.0003 3096 sptd ( LockedFile.Multi.Generic ) - warning
15:18:38.0003 3096 sptd - detected LockedFile.Multi.Generic (1)
15:18:38.0050 3096 srv (441fba48bff01fdb9d5969ebc1838f0b) F:\Windows\system32\DRIVERS\srv.sys
15:18:38.0097 3096 srv - ok
15:18:38.0128 3096 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) F:\Windows\system32\DRIVERS\srv2.sys
15:18:38.0144 3096 srv2 - ok
15:18:38.0160 3096 srvnet (27e461f0be5bff5fc737328f749538c3) F:\Windows\system32\DRIVERS\srvnet.sys
15:18:38.0175 3096 srvnet - ok
15:18:38.0222 3096 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) F:\Windows\System32\ssdpsrv.dll
15:18:38.0222 3096 SSDPSRV - ok
15:18:38.0253 3096 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) F:\Windows\system32\sstpsvc.dll
15:18:38.0253 3096 SstpSvc - ok
15:18:38.0410 3096 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:18:38.0410 3096 Stereo Service - ok
15:18:38.0457 3096 stexstor (f3817967ed533d08327dc73bc4d5542a) F:\Windows\system32\DRIVERS\stexstor.sys
15:18:38.0457 3096 stexstor - ok
15:18:38.0535 3096 stisvc (8dd52e8e6128f4b2da92ce27402871c1) F:\Windows\System32\wiaservc.dll
15:18:38.0566 3096 stisvc - ok
15:18:38.0597 3096 storflt (7785dc213270d2fc066538daf94087e7) F:\Windows\system32\drivers\vmstorfl.sys
15:18:38.0597 3096 storflt - ok
15:18:38.0628 3096 storvsc (d34e4943d5ac096c8edeebfd80d76e23) F:\Windows\system32\drivers\storvsc.sys
15:18:38.0644 3096 storvsc - ok
15:18:38.0660 3096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) F:\Windows\system32\drivers\swenum.sys
15:18:38.0675 3096 swenum - ok
15:18:38.0738 3096 swprv (e08e46fdd841b7184194011ca1955a0b) F:\Windows\System32\swprv.dll
15:18:38.0753 3096 swprv - ok
15:18:38.0769 3096 Synth3dVsc - ok
15:18:38.0863 3096 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) F:\Windows\system32\sysmain.dll
15:18:38.0910 3096 SysMain - ok
15:18:39.0035 3096 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) F:\Windows\System32\TabSvc.dll
15:18:39.0050 3096 TabletInputService - ok
15:18:39.0128 3096 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) F:\Windows\system32\DRIVERS\tap0901.sys
15:18:39.0160 3096 tap0901 - ok
15:18:39.0207 3096 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) F:\Windows\System32\tapisrv.dll
15:18:39.0222 3096 TapiSrv - ok
15:18:39.0269 3096 TBS (1be03ac720f4d302ea01d40f588162f6) F:\Windows\System32\tbssvc.dll
15:18:39.0285 3096 TBS - ok
15:18:39.0363 3096 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) F:\Windows\system32\drivers\tcpip.sys
15:18:39.0441 3096 Tcpip - ok
15:18:39.0660 3096 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) F:\Windows\system32\DRIVERS\tcpip.sys
15:18:39.0675 3096 TCPIP6 - ok
15:18:39.0769 3096 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) F:\Windows\system32\drivers\tcpipreg.sys
15:18:39.0769 3096 tcpipreg - ok
15:18:39.0800 3096 TDPIPE (3371d21011695b16333a3934340c4e7c) F:\Windows\system32\drivers\tdpipe.sys
15:18:39.0816 3096 TDPIPE - ok
15:18:39.0832 3096 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) F:\Windows\system32\drivers\tdtcp.sys
15:18:39.0847 3096 TDTCP - ok
15:18:39.0894 3096 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) F:\Windows\system32\DRIVERS\tdx.sys
15:18:39.0910 3096 tdx - ok
15:18:39.0941 3096 TermDD (561e7e1f06895d78de991e01dd0fb6e5) F:\Windows\system32\drivers\termdd.sys
15:18:39.0941 3096 TermDD - ok
15:18:40.0003 3096 TermService (2e648163254233755035b46dd7b89123) F:\Windows\System32\termsrv.dll
15:18:40.0019 3096 TermService - ok
15:18:40.0066 3096 Themes (f0344071948d1a1fa732231785a0664c) F:\Windows\system32\themeservice.dll
15:18:40.0066 3096 Themes - ok
15:18:40.0113 3096 THREADORDER (e40e80d0304a73e8d269f7141d77250b) F:\Windows\system32\mmcss.dll
15:18:40.0113 3096 THREADORDER - ok
15:18:40.0128 3096 TrkWks (7e7afd841694f6ac397e99d75cead49d) F:\Windows\System32\trkwks.dll
15:18:40.0128 3096 TrkWks - ok
15:18:40.0207 3096 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) F:\Windows\servicing\TrustedInstaller.exe
15:18:40.0222 3096 TrustedInstaller - ok
15:18:40.0269 3096 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) F:\Windows\system32\DRIVERS\tssecsrv.sys
15:18:40.0285 3096 tssecsrv - ok
15:18:40.0332 3096 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) F:\Windows\system32\drivers\tsusbflt.sys
15:18:40.0363 3096 TsUsbFlt - ok
15:18:40.0363 3096 tsusbhub - ok
15:18:40.0425 3096 tunnel (3566a8daafa27af944f5d705eaa64894) F:\Windows\system32\DRIVERS\tunnel.sys
15:18:40.0441 3096 tunnel - ok
15:18:40.0472 3096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) F:\Windows\system32\DRIVERS\uagp35.sys
15:18:40.0488 3096 uagp35 - ok
15:18:40.0535 3096 udfs (ff4232a1a64012baa1fd97c7b67df593) F:\Windows\system32\DRIVERS\udfs.sys
15:18:40.0550 3096 udfs - ok
15:18:40.0597 3096 UI0Detect (3cbdec8d06b9968aba702eba076364a1) F:\Windows\system32\UI0Detect.exe
15:18:40.0597 3096 UI0Detect - ok
15:18:40.0628 3096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) F:\Windows\system32\drivers\uliagpkx.sys
15:18:40.0644 3096 uliagpkx - ok
15:18:40.0722 3096 UltraMonUtility (694bcf23662f97d987cf4c6739c35f8b) F:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
15:18:40.0738 3096 UltraMonUtility - ok
15:18:40.0769 3096 umbus (dc54a574663a895c8763af0fa1ff7561) F:\Windows\system32\DRIVERS\umbus.sys
15:18:40.0785 3096 umbus - ok
15:18:40.0816 3096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) F:\Windows\system32\DRIVERS\umpass.sys
15:18:40.0832 3096 UmPass - ok
15:18:40.0878 3096 UmRdpService (a293dcd756d04d8492a750d03b9a297c) F:\Windows\System32\umrdp.dll
15:18:40.0878 3096 UmRdpService - ok
15:18:40.0925 3096 upnphost (d47ec6a8e81633dd18d2436b19baf6de) F:\Windows\System32\upnphost.dll
15:18:40.0941 3096 upnphost - ok
15:18:40.0988 3096 usbbus (5fcc71487888589a9244af54cfefab29) F:\Windows\system32\DRIVERS\lgx64bus.sys
15:18:40.0988 3096 usbbus - ok
15:18:41.0019 3096 usbccgp (6f1a3157a1c89435352ceb543cdb359c) F:\Windows\system32\DRIVERS\usbccgp.sys
15:18:41.0035 3096 usbccgp - ok
15:18:41.0082 3096 usbcir (af0892a803fdda7492f595368e3b68e7) F:\Windows\system32\drivers\usbcir.sys
15:18:41.0082 3096 usbcir - ok
15:18:41.0113 3096 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) F:\Windows\system32\DRIVERS\lgx64diag.sys
15:18:41.0113 3096 UsbDiag - ok
15:18:41.0144 3096 usbehci (c025055fe7b87701eb042095df1a2d7b) F:\Windows\system32\DRIVERS\usbehci.sys
15:18:41.0160 3096 usbehci - ok
15:18:41.0207 3096 usbhub (287c6c9410b111b68b52ca298f7b8c24) F:\Windows\system32\DRIVERS\usbhub.sys
15:18:41.0238 3096 usbhub - ok
15:18:41.0285 3096 USBModem (78d551f5b93488b4666f5fc8dd4815f3) F:\Windows\system32\DRIVERS\lgx64modem.sys
15:18:41.0285 3096 USBModem - ok
15:18:41.0300 3096 usbohci (9840fc418b4cbd632d3d0a667a725c31) F:\Windows\system32\DRIVERS\usbohci.sys
15:18:41.0316 3096 usbohci - ok
15:18:41.0363 3096 usbprint (73188f58fb384e75c4063d29413cee3d) F:\Windows\system32\DRIVERS\usbprint.sys
15:18:41.0363 3096 usbprint - ok
15:18:41.0410 3096 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) F:\Windows\system32\DRIVERS\USBSTOR.SYS
15:18:41.0425 3096 USBSTOR - ok
15:18:41.0472 3096 usbuhci (81fb2216d3a60d1284455d511797db3d) F:\Windows\system32\drivers\usbuhci.sys
15:18:41.0472 3096 usbuhci - ok
15:18:41.0519 3096 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) F:\Windows\System32\uxsms.dll
15:18:41.0535 3096 UxSms - ok
15:18:41.0582 3096 VaultSvc (c118a82cd78818c29ab228366ebf81c3) F:\Windows\system32\lsass.exe
15:18:41.0582 3096 VaultSvc - ok
15:18:41.0628 3096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) F:\Windows\system32\drivers\vdrvroot.sys
15:18:41.0660 3096 vdrvroot - ok
15:18:41.0722 3096 vds (8d6b481601d01a456e75c3210f1830be) F:\Windows\System32\vds.exe
15:18:41.0753 3096 vds - ok
15:18:41.0800 3096 vga (da4da3f5e02943c2dc8c6ed875de68dd) F:\Windows\system32\DRIVERS\vgapnp.sys
15:18:41.0800 3096 vga - ok
15:18:41.0816 3096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) F:\Windows\System32\drivers\vga.sys
15:18:41.0832 3096 VgaSave - ok
15:18:41.0847 3096 VGPU - ok
15:18:41.0894 3096 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) F:\Windows\system32\drivers\vhdmp.sys
15:18:41.0925 3096 vhdmp - ok
15:18:41.0941 3096 viaide (e5689d93ffe4e5d66c0178761240dd54) F:\Windows\system32\drivers\viaide.sys
15:18:41.0941 3096 viaide - ok
15:18:41.0972 3096 vmbus (86ea3e79ae350fea5331a1303054005f) F:\Windows\system32\drivers\vmbus.sys
15:18:42.0035 3096 vmbus - ok
15:18:42.0050 3096 VMBusHID (7de90b48f210d29649380545db45a187) F:\Windows\system32\drivers\VMBusHID.sys
15:18:42.0066 3096 VMBusHID - ok
15:18:42.0066 3096 volmgr (d2aafd421940f640b407aefaaebd91b0) F:\Windows\system32\drivers\volmgr.sys
15:18:42.0097 3096 volmgr - ok
15:18:42.0144 3096 volmgrx (a255814907c89be58b79ef2f189b843b) F:\Windows\system32\drivers\volmgrx.sys
15:18:42.0160 3096 volmgrx - ok
15:18:42.0207 3096 volsnap (0d08d2f3b3ff84e433346669b5e0f639) F:\Windows\system32\drivers\volsnap.sys
15:18:42.0238 3096 volsnap - ok
15:18:42.0285 3096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) F:\Windows\system32\DRIVERS\vsmraid.sys
15:18:42.0347 3096 vsmraid - ok
15:18:42.0441 3096 VSS (b60ba0bc31b0cb414593e169f6f21cc2) F:\Windows\system32\vssvc.exe
15:18:42.0488 3096 VSS - ok
15:18:42.0628 3096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) F:\Windows\System32\drivers\vwifibus.sys
15:18:42.0644 3096 vwifibus - ok
15:18:42.0691 3096 W32Time (1c9d80cc3849b3788048078c26486e1a) F:\Windows\system32\w32time.dll
15:18:42.0707 3096 W32Time - ok
15:18:42.0738 3096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) F:\Windows\system32\DRIVERS\wacompen.sys
15:18:42.0738 3096 WacomPen - ok
15:18:42.0785 3096 WANARP (356afd78a6ed4457169241ac3965230c) F:\Windows\system32\DRIVERS\wanarp.sys
15:18:42.0847 3096 WANARP - ok
15:18:42.0863 3096 Wanarpv6 (356afd78a6ed4457169241ac3965230c) F:\Windows\system32\DRIVERS\wanarp.sys
15:18:42.0863 3096 Wanarpv6 - ok
15:18:42.0957 3096 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) F:\Windows\system32\Wat\WatAdminSvc.exe
15:18:43.0019 3096 WatAdminSvc - ok
15:18:43.0097 3096 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) F:\Windows\system32\wbengine.exe
15:18:43.0144 3096 wbengine - ok
15:18:43.0269 3096 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) F:\Windows\System32\wbiosrvc.dll
15:18:43.0285 3096 WbioSrvc - ok
15:18:43.0332 3096 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) F:\Windows\System32\wcncsvc.dll
15:18:43.0332 3096 wcncsvc - ok
15:18:43.0347 3096 WcsPlugInService (20f7441334b18cee52027661df4a6129) F:\Windows\System32\WcsPlugInService.dll
15:18:43.0363 3096 WcsPlugInService - ok
15:18:43.0425 3096 Wd (72889e16ff12ba0f235467d6091b17dc) F:\Windows\system32\DRIVERS\wd.sys
15:18:43.0441 3096 Wd - ok
15:18:43.0488 3096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) F:\Windows\system32\drivers\Wdf01000.sys
15:18:43.0519 3096 Wdf01000 - ok
15:18:43.0566 3096 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) F:\Windows\system32\wdi.dll
15:18:43.0582 3096 WdiServiceHost - ok
15:18:43.0582 3096 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) F:\Windows\system32\wdi.dll
15:18:43.0582 3096 WdiSystemHost - ok
15:18:43.0644 3096 WebClient (3db6d04e1c64272f8b14eb8bc4616280) F:\Windows\System32\webclnt.dll
15:18:43.0660 3096 WebClient - ok
15:18:43.0675 3096 Wecsvc (c749025a679c5103e575e3b48e092c43) F:\Windows\system32\wecsvc.dll
15:18:43.0691 3096 Wecsvc - ok
15:18:43.0738 3096 wercplsupport (7e591867422dc788b9e5bd337a669a08) F:\Windows\System32\wercplsupport.dll
15:18:43.0738 3096 wercplsupport - ok
15:18:43.0769 3096 WerSvc (6d137963730144698cbd10f202e9f251) F:\Windows\System32\WerSvc.dll
15:18:43.0769 3096 WerSvc - ok
15:18:43.0847 3096 WfpLwf (611b23304bf067451a9fdee01fbdd725) F:\Windows\system32\DRIVERS\wfplwf.sys
15:18:43.0863 3096 WfpLwf - ok
15:18:43.0878 3096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) F:\Windows\system32\drivers\wimmount.sys
15:18:43.0894 3096 WIMMount - ok
15:18:43.0941 3096 WinDefend - ok
15:18:43.0957 3096 WinHttpAutoProxySvc - ok
15:18:44.0035 3096 Winmgmt (19b07e7e8915d701225da41cb3877306) F:\Windows\system32\wbem\WMIsvc.dll
15:18:44.0050 3096 Winmgmt - ok
15:18:44.0128 3096 WinRM (bcb1310604aa415c4508708975b3931e) F:\Windows\system32\WsmSvc.dll
15:18:44.0222 3096 WinRM - ok
15:18:44.0410 3096 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) F:\Windows\System32\wlansvc.dll
15:18:44.0457 3096 Wlansvc - ok
15:18:44.0566 3096 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) F:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:18:44.0566 3096 wlcrasvc - ok
15:18:44.0707 3096 wlidsvc (2bacd71123f42cea603f4e205e1ae337) F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:18:44.0785 3096 wlidsvc - ok
15:18:44.0957 3096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) F:\Windows\system32\drivers\wmiacpi.sys
15:18:44.0957 3096 WmiAcpi - ok
15:18:45.0050 3096 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) F:\Windows\system32\wbem\WmiApSrv.exe
15:18:45.0066 3096 wmiApSrv - ok
15:18:45.0128 3096 WMPNetworkSvc - ok
15:18:45.0160 3096 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) F:\Windows\System32\wpcsvc.dll
15:18:45.0160 3096 WPCSvc - ok
15:18:45.0207 3096 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) F:\Windows\system32\wpdbusenum.dll
15:18:45.0207 3096 WPDBusEnum - ok
15:18:45.0253 3096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) F:\Windows\system32\drivers\ws2ifsl.sys
15:18:45.0269 3096 ws2ifsl - ok
15:18:45.0316 3096 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) F:\Windows\system32\wscsvc.dll
15:18:45.0316 3096 wscsvc - ok
15:18:45.0332 3096 WSearch - ok
15:18:45.0472 3096 wuauserv (9df12edbc698b0bc353b3ef84861e430) F:\Windows\system32\wuaueng.dll
15:18:45.0550 3096 wuauserv - ok
15:18:45.0707 3096 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) F:\Windows\system32\drivers\WudfPf.sys
15:18:45.0722 3096 WudfPf - ok
15:18:45.0769 3096 WUDFRd (cf8d590be3373029d57af80914190682) F:\Windows\system32\DRIVERS\WUDFRd.sys
15:18:45.0785 3096 WUDFRd - ok
15:18:45.0832 3096 wudfsvc (7a95c95b6c4cf292d689106bcae49543) F:\Windows\System32\WUDFSvc.dll
15:18:45.0832 3096 wudfsvc - ok
15:18:45.0878 3096 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) F:\Windows\System32\wwansvc.dll
15:18:45.0894 3096 WwanSvc - ok
15:18:45.0957 3096 xnacc (4a5ce13408945e525503b5f73d29b9c5) F:\Windows\system32\DRIVERS\xnacc.sys
15:18:46.0003 3096 xnacc - ok
15:18:46.0035 3096 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) F:\Windows\system32\DRIVERS\xusb21.sys
15:18:46.0050 3096 xusb21 - ok
15:18:46.0097 3096 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) F:\Windows\system32\DRIVERS\yk62x64.sys
15:18:46.0097 3096 yukonw7 - ok
15:18:46.0128 3096 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:18:46.0238 3096 \Device\Harddisk0\DR0 - ok
15:18:46.0238 3096 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
15:18:46.0238 3096 \Device\Harddisk1\DR1 - ok
15:18:46.0253 3096 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
15:18:46.0425 3096 \Device\Harddisk2\DR2 - ok
15:18:46.0425 3096 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
15:18:46.0441 3096 \Device\Harddisk3\DR3 - ok
15:18:46.0457 3096 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
15:18:46.0722 3096 \Device\Harddisk4\DR4 - ok
15:18:46.0738 3096 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk5\DR5
15:18:49.0003 3096 \Device\Harddisk5\DR5 - ok
15:18:49.0035 3096 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
15:18:49.0035 3096 \Device\Harddisk6\DR6 - ok
15:18:49.0035 3096 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk7\DR7
15:18:49.0050 3096 \Device\Harddisk7\DR7 - ok
15:18:49.0066 3096 Boot (0x1200) (a5b17bea8f81301d392635d1bd7945e2) \Device\Harddisk0\DR0\Partition0
15:18:49.0066 3096 \Device\Harddisk0\DR0\Partition0 - ok
15:18:49.0066 3096 Boot (0x1200) (3cf79a03e3b6cdff1a2da97aef207790) \Device\Harddisk1\DR1\Partition0
15:18:49.0066 3096 \Device\Harddisk1\DR1\Partition0 - ok
15:18:49.0066 3096 Boot (0x1200) (17f2e583401b3fbc4efc0845c5a91af0) \Device\Harddisk2\DR2\Partition0
15:18:49.0066 3096 \Device\Harddisk2\DR2\Partition0 - ok
15:18:49.0082 3096 Boot (0x1200) (7ae29bc5374f3139568f290e01a69231) \Device\Harddisk3\DR3\Partition0
15:18:49.0082 3096 \Device\Harddisk3\DR3\Partition0 - ok
15:18:49.0097 3096 Boot (0x1200) (03dbe989ed9a01eb30bd36079124452a) \Device\Harddisk4\DR4\Partition0
15:18:49.0097 3096 \Device\Harddisk4\DR4\Partition0 - ok
15:18:49.0097 3096 Boot (0x1200) (520c6a45b697fdef917657b90bd0a44f) \Device\Harddisk5\DR5\Partition0
15:18:49.0097 3096 \Device\Harddisk5\DR5\Partition0 - ok
15:18:49.0097 3096 Boot (0x1200) (5cbc15bf09cdf198173378da95cb5e02) \Device\Harddisk6\DR6\Partition0
15:18:49.0097 3096 \Device\Harddisk6\DR6\Partition0 - ok
15:18:49.0113 3096 Boot (0x1200) (8eeecc7385d7311c1fd3cba797fbfd64) \Device\Harddisk7\DR7\Partition0
15:18:49.0113 3096 \Device\Harddisk7\DR7\Partition0 - ok
15:18:49.0113 3096 ============================================================
15:18:49.0113 3096 Scan finished
15:18:49.0113 3096 ============================================================
15:18:49.0113 3660 Detected object count: 1
15:18:49.0128 3660 Actual detected object count: 1
15:19:02.0785 3660 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:19:02.0785 3660 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

aswMBR log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-11 15:21:14
-----------------------------
15:21:14.031 OS Version: Windows x64 6.1.7601 Service Pack 1
15:21:14.031 Number of processors: 2 586 0x4303
15:21:14.031 ComputerName: P1-PC UserName: P1
15:21:14.625 Initialize success
15:22:23.087 AVAST engine defs: 12061100
15:22:27.947 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:22:27.962 Disk 0 Vendor: HDS728080PLAT20 PF2OA21B Size: 78532MB BusType: 3
15:22:27.962 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
15:22:27.962 Disk 1 Vendor: HDS722540VLAT20 V31OA6MA Size: 39265MB BusType: 3
15:22:27.978 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-2
15:22:27.978 Disk 2 Vendor: Maxtor_6E040L0 NAR61EA0 Size: 39205MB BusType: 3
15:22:27.978 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP1T1L0-4
15:22:27.978 Disk 3 Vendor: ST3200827A 3.AAE Size: 190782MB BusType: 3
15:22:27.994 Disk 4 \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP2T0L0-3
15:22:27.994 Disk 4 Vendor: MAXTOR_STM3250310AS 3.AAC Size: 238475MB BusType: 3
15:22:27.994 Disk 5 \Device\Harddisk5\DR5 -> \Device\Ide\IdeDeviceP4T0L0-7
15:22:27.994 Disk 5 Vendor: ST380013AS 3.00 Size: 76319MB BusType: 3
15:22:28.009 Disk 0 MBR read successfully
15:22:28.009 Disk 0 MBR scan
15:22:28.025 Disk 0 Windows XP default MBR code
15:22:28.025 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78520 MB offset 63
15:22:28.072 Disk 0 scanning F:\Windows\system32\drivers
15:22:41.884 Service scanning
15:23:13.119 Modules scanning
15:23:13.119 Disk 0 trace - called modules:
15:23:13.119 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039a82c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:23:13.134 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800481e2d0]
15:23:13.134 3 CLASSPNP.SYS[fffff88001d7643f] -> nt!IofCallDriver -> [0xfffffa8004400520]
15:23:13.150 5 ACPI.sys[fffff880010487a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80043f9060]
15:23:13.150 \Driver\atapi[0xfffffa8003967510] -> IRP_MJ_CREATE -> 0xfffffa80039a82c0
15:23:13.822 AVAST engine scan F:\Windows
15:23:20.322 AVAST engine scan F:\Windows\system32
15:26:56.244 AVAST engine scan F:\Windows\system32\drivers
15:27:14.587 AVAST engine scan F:\Users\P1
15:43:19.400 AVAST engine scan F:\ProgramData
15:47:06.916 Scan finished successfully
15:47:31.666 Disk 0 MBR has been saved successfully to "F:\Users\P1\Desktop\MBR.dat"
15:47:31.666 The log file has been saved successfully to "F:\Users\P1\Desktop\aswMBR.txt"


Everything still appears to be running correctly

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:01 PM

Posted 11 June 2012 - 10:01 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

AtJob::

Folder::
f:\program files (x86)\iprivobar

File::
c:\windows\crstk.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 roguetrooper

roguetrooper
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 11 June 2012 - 10:50 AM

Combofix report

ComboFix 12-06-10.01 - P1 11/06/2012 16:33:06.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.2837 [GMT 1:00]
Running from: f:\users\P1\Desktop\ComboFix.exe
Command switches used :: f:\users\P1\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\crstk.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\program files (x86)\iprivobar
f:\program files (x86)\iprivobar\abstractionlayer.backstage.js
f:\program files (x86)\iprivobar\abstractionlayer.commons.js
f:\program files (x86)\iprivobar\abstractionlayer.frontstage.js
f:\program files (x86)\iprivobar\atl100.dll
f:\program files (x86)\iprivobar\AutoUpdateRunner.exe
f:\program files (x86)\iprivobar\BS_tbipri.dll
f:\program files (x86)\iprivobar\ConduitAbstractionLayer.js
f:\program files (x86)\iprivobar\IERunner.dll
f:\program files (x86)\iprivobar\json2.js
f:\program files (x86)\iprivobar\ldrtbipri.dll
f:\program files (x86)\iprivobar\msvcp100.dll
f:\program files (x86)\iprivobar\msvcr100.dll
f:\program files (x86)\iprivobar\prxtbipri.dll
f:\program files (x86)\iprivobar\tb\al\aboutBox\aboutBox.html
f:\program files (x86)\iprivobar\tb\al\aboutBox\images\truste.gif
f:\program files (x86)\iprivobar\tb\al\aboutBox\images\x.png
f:\program files (x86)\iprivobar\tb\al\aboutBox\js\aboutBox.js
f:\program files (x86)\iprivobar\tb\al\ac\appManager.controller.js
f:\program files (x86)\iprivobar\tb\al\ac\appManager.model.js
f:\program files (x86)\iprivobar\tb\al\ac\appManager.view.js
f:\program files (x86)\iprivobar\tb\al\ac\css\toolbar.css
f:\program files (x86)\iprivobar\tb\al\ac\img\buttonSprites.png
f:\program files (x86)\iprivobar\tb\al\ac\img\chevron_sprites.png
f:\program files (x86)\iprivobar\tb\al\ac\img\fallback24.png
f:\program files (x86)\iprivobar\tb\al\ac\img\menu_arrow.png
f:\program files (x86)\iprivobar\tb\al\ac\img\minibrowser.png
f:\program files (x86)\iprivobar\tb\al\ac\img\mp_sprites.png
f:\program files (x86)\iprivobar\tb\al\ac\img\separator.png
f:\program files (x86)\iprivobar\tb\al\ac\img\separator_hover.png
f:\program files (x86)\iprivobar\tb\al\ac\res\yoxscroll.js
f:\program files (x86)\iprivobar\tb\al\al.backstage.html
f:\program files (x86)\iprivobar\tb\al\al.view.html
f:\program files (x86)\iprivobar\tb\al\api\toolbarapi.js
f:\program files (x86)\iprivobar\tb\al\api\webAppApi.js
f:\program files (x86)\iprivobar\tb\al\features\features.html
f:\program files (x86)\iprivobar\tb\al\features\js\resources\webAppUtils.js
f:\program files (x86)\iprivobar\tb\al\myStuffDialogs\excanvas.js
f:\program files (x86)\iprivobar\tb\al\myStuffDialogs\trusted.html
f:\program files (x86)\iprivobar\tb\al\myStuffDialogs\trusted.js
f:\program files (x86)\iprivobar\tb\al\myStuffDialogs\untrusted.css
f:\program files (x86)\iprivobar\tb\al\myStuffDialogs\untrusted.html
f:\program files (x86)\iprivobar\tb\al\myStuffDialogs\untrusted.js
f:\program files (x86)\iprivobar\tb\al\options\css\options.css
f:\program files (x86)\iprivobar\tb\al\options\css\reset.css
f:\program files (x86)\iprivobar\tb\al\options\images\ic_Closer_hover.png
f:\program files (x86)\iprivobar\tb\al\options\images\minibrowser.png
f:\program files (x86)\iprivobar\tb\al\options\images\x.png
f:\program files (x86)\iprivobar\tb\al\options\js\options.js
f:\program files (x86)\iprivobar\tb\al\options\js\resources\html5shiv.js
f:\program files (x86)\iprivobar\tb\al\options\js\resources\modernizr-1.7.js
f:\program files (x86)\iprivobar\tb\al\options\options.html
f:\program files (x86)\iprivobar\tb\al\searchProtector\js\searchProtectorManager.js
f:\program files (x86)\iprivobar\tb\al\searchProtector\SearchProtectorBubbleDialog\bubble.css
f:\program files (x86)\iprivobar\tb\al\searchProtector\SearchProtectorBubbleDialog\bubble.js
f:\program files (x86)\iprivobar\tb\al\searchProtector\SearchProtectorBubbleDialog\images\information.png
f:\program files (x86)\iprivobar\tb\al\searchProtector\SearchProtectorBubbleDialog\images\x-default-LTR.png
f:\program files (x86)\iprivobar\tb\al\searchProtector\SearchProtectorBubbleDialog\images\x-default-RTL.png
f:\program files (x86)\iprivobar\tb\al\searchProtector\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png
f:\program files (x86)\iprivobar\tb\al\searchProtector\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png
f:\program files (x86)\iprivobar\tb\al\searchProtector\SearchProtectorBubbleDialog\main.html
f:\program files (x86)\iprivobar\tb\al\searchProtector\searchProtectorSettingsDialog\images\ok-button.png
f:\program files (x86)\iprivobar\tb\al\searchProtector\searchProtectorSettingsDialog\images\separation-line.png
f:\program files (x86)\iprivobar\tb\al\searchProtector\searchProtectorSettingsDialog\images\warning.png
f:\program files (x86)\iprivobar\tb\al\searchProtector\searchProtectorSettingsDialog\main.html
f:\program files (x86)\iprivobar\tb\al\searchProtector\searchProtectorSettingsDialog\SearchProtector.css
f:\program files (x86)\iprivobar\tb\al\searchProtector\searchProtectorSettingsDialog\settings.js
f:\program files (x86)\iprivobar\tb\al\ui\dlg\ajax-loader.gif
f:\program files (x86)\iprivobar\tb\al\ui\dlg\DialogsAPI.js
f:\program files (x86)\iprivobar\tb\al\ui\dlg\excanvas.js
f:\program files (x86)\iprivobar\tb\al\ui\dlg\ftd\images\app-store-icon.png
f:\program files (x86)\iprivobar\tb\al\ui\dlg\ftd\images\arrow.png
f:\program files (x86)\iprivobar\tb\al\ui\dlg\ftd\images\dialog_tip_left.png
f:\program files (x86)\iprivobar\tb\al\ui\dlg\ftd\images\dialog_tip_right.png
f:\program files (x86)\iprivobar\tb\al\ui\dlg\ftd\images\divider.png
f:\program files (x86)\iprivobar\tb\al\ui\dlg\ftd\images\emailNotifier.gif
f:\program files (x86)\iprivobar\tb\al\ui\dlg\ftd\images\facebook.png
f:\program files (x86)\iprivobar\tb\al\ui\dlg\ftd\images\radio.GIF
f:\program files (x86)\iprivobar\tb\al\ui\dlg\ftd\images\Thumbs.db
f:\program files (x86)\iprivobar\tb\al\ui\dlg\ftd\images\truste_welcome.GIF
f:\program files (x86)\iprivobar\tb\al\ui\dlg\ftd\images\weather.GIF
f:\program files (x86)\iprivobar\tb\al\ui\dlg\ftd\main.html
f:\program files (x86)\iprivobar\tb\al\ui\dlg\ftd\ToolbarFirstTimeDialog.css
f:\program files (x86)\iprivobar\tb\al\ui\dlg\ftd\ToolbarFirstTimeDialog.js
f:\program files (x86)\iprivobar\tb\al\ui\dlg\generalDialogStyle.css
f:\program files (x86)\iprivobar\tb\al\ui\dlg\PIE.htc
f:\program files (x86)\iprivobar\tb\al\ui\dlg\settings.js
f:\program files (x86)\iprivobar\tb\al\ui\dlg\version.txt
f:\program files (x86)\iprivobar\tb\al\ui\gf\css\gf.css
f:\program files (x86)\iprivobar\tb\al\ui\gf\css\gf_ie.css
f:\program files (x86)\iprivobar\tb\al\ui\gf\gf.html
f:\program files (x86)\iprivobar\tb\al\ui\gf\gf.view.js
f:\program files (x86)\iprivobar\tb\al\ui\gf\img\ie_back.gif
f:\program files (x86)\iprivobar\tb\al\ui\gf\img\loader.gif
f:\program files (x86)\iprivobar\tb\al\ui\gf\img\sprites.png
f:\program files (x86)\iprivobar\tb\al\ui\menu\bgpage.html
f:\program files (x86)\iprivobar\tb\al\ui\menu\css\menu.css
f:\program files (x86)\iprivobar\tb\al\ui\menu\img\arrow-down-strong.png
f:\program files (x86)\iprivobar\tb\al\ui\menu\img\arrow-down.png
f:\program files (x86)\iprivobar\tb\al\ui\menu\img\arrow-left-strong.png
f:\program files (x86)\iprivobar\tb\al\ui\menu\img\arrow-left.png
f:\program files (x86)\iprivobar\tb\al\ui\menu\img\arrow-right-strong.png
f:\program files (x86)\iprivobar\tb\al\ui\menu\img\arrow-right.png
f:\program files (x86)\iprivobar\tb\al\ui\menu\img\arrows.png
f:\program files (x86)\iprivobar\tb\al\ui\menu\js\jquery.ellipsis.js
f:\program files (x86)\iprivobar\tb\al\ui\menu\js\jquery.mousewheel.min.js
f:\program files (x86)\iprivobar\tb\al\ui\menu\js\jquery.scrollTo-1.4.2-min.js
f:\program files (x86)\iprivobar\tb\al\ui\menu\js\menu.js
f:\program files (x86)\iprivobar\tb\al\ui\menu\js\scrollers.js
f:\program files (x86)\iprivobar\tb\al\ui\menu\popup.html
f:\program files (x86)\iprivobar\tb\al\ui\menus.js
f:\program files (x86)\iprivobar\tb\al\ui\popups.js
f:\program files (x86)\iprivobar\tb\al\wa\404\404.js
f:\program files (x86)\iprivobar\tb\al\wa\404\bgpage.html
f:\program files (x86)\iprivobar\tb\al\wa\APPLICATION_BUTTON\bgpage.html
f:\program files (x86)\iprivobar\tb\al\wa\APPLICATION_BUTTON\Js\bgpage.js
f:\program files (x86)\iprivobar\tb\al\wa\APPLICATION_BUTTON\resources\defaultEngineImage.gif
f:\program files (x86)\iprivobar\tb\al\wa\browserAppApi.js
f:\program files (x86)\iprivobar\tb\al\wa\EMAIL_NOTIFIER\bgPage.html
f:\program files (x86)\iprivobar\tb\al\wa\EMAIL_NOTIFIER\css\en.css
f:\program files (x86)\iprivobar\tb\al\wa\EMAIL_NOTIFIER\css\en_rtl.css
f:\program files (x86)\iprivobar\tb\al\wa\EMAIL_NOTIFIER\css\jquery.jscrollpane.css
f:\program files (x86)\iprivobar\tb\al\wa\EMAIL_NOTIFIER\js\backend.js
f:\program files (x86)\iprivobar\tb\al\wa\EMAIL_NOTIFIER\js\frontend.js
f:\program files (x86)\iprivobar\tb\al\wa\EMAIL_NOTIFIER\js\plugins\jquery.jscrollpane.min.js
f:\program files (x86)\iprivobar\tb\al\wa\EMAIL_NOTIFIER\js\plugins\jquery.mousewheel.js
f:\program files (x86)\iprivobar\tb\al\wa\EMAIL_NOTIFIER\js\plugins\jquery.text-overflow.js
f:\program files (x86)\iprivobar\tb\al\wa\EMAIL_NOTIFIER\js\plugins\jquery.watermark.min.js
f:\program files (x86)\iprivobar\tb\al\wa\EMAIL_NOTIFIER\js\plugins\modal.popups.js
f:\program files (x86)\iprivobar\tb\al\wa\EMAIL_NOTIFIER\popup.html
f:\program files (x86)\iprivobar\tb\al\wa\HIGHLIGHTER\bgpage.html
f:\program files (x86)\iprivobar\tb\al\wa\HIGHLIGHTER\css\embedded.css
f:\program files (x86)\iprivobar\tb\al\wa\HIGHLIGHTER\css\popup.css
f:\program files (x86)\iprivobar\tb\al\wa\HIGHLIGHTER\css\reset.css
f:\program files (x86)\iprivobar\tb\al\wa\HIGHLIGHTER\embedded.html
f:\program files (x86)\iprivobar\tb\al\wa\HIGHLIGHTER\js\bgpage.js
f:\program files (x86)\iprivobar\tb\al\wa\HIGHLIGHTER\js\embedded.js
f:\program files (x86)\iprivobar\tb\al\wa\HIGHLIGHTER\js\higlighter_script.js
f:\program files (x86)\iprivobar\tb\al\wa\HIGHLIGHTER\js\popup.js
f:\program files (x86)\iprivobar\tb\al\wa\HIGHLIGHTER\popup.html
f:\program files (x86)\iprivobar\tb\al\wa\MULTI_RSS\bgpage.html
f:\program files (x86)\iprivobar\tb\al\wa\MULTI_RSS\css\popup.css
f:\program files (x86)\iprivobar\tb\al\wa\MULTI_RSS\img\arrows.png
f:\program files (x86)\iprivobar\tb\al\wa\MULTI_RSS\img\badges.png
f:\program files (x86)\iprivobar\tb\al\wa\MULTI_RSS\img\icons.png
f:\program files (x86)\iprivobar\tb\al\wa\MULTI_RSS\js\bgpage.js
f:\program files (x86)\iprivobar\tb\al\wa\MULTI_RSS\js\popup.js
f:\program files (x86)\iprivobar\tb\al\wa\MULTI_RSS\js\resources\jquery.text-overflow.js
f:\program files (x86)\iprivobar\tb\al\wa\MULTI_RSS\js\resources\jquery.tmpl.min.js
f:\program files (x86)\iprivobar\tb\al\wa\MULTI_RSS\js\resources\webAppUtils.js
f:\program files (x86)\iprivobar\tb\al\wa\MULTI_RSS\js\resources\xml2json.custom.min.js
f:\program files (x86)\iprivobar\tb\al\wa\MULTI_RSS\popup.html
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\bgpage.html
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\css\gadget.css
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\css\general.css
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\css\Main.css
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\css\newMain.css
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\css\settings.css
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\css\ui.stepper.css
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\embedded.html
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\bgButton.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\bgButtonSet.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\closeIcon.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\downArrow.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\envelopeIcon.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\iconLogo.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\iIcon.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\inIcon.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\lockIcon.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\logoIcon8.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\nextIcon.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\poweredByConduit.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\previousIcon.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\questionMarkIcon.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\settingsIcon.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\images\upArrow.png
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\js\AppName.js
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\js\commons.js
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\js\jquery.ezmark.min.js
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\js\notification.js
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\js\NotificationSettings.js
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\js\notificationUIManger.js
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\js\Settings.js
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\js\stepper.js
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\js\ToolbarAndAppsSettings.js
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\NotificationPopup.html
f:\program files (x86)\iprivobar\tb\al\wa\NOTIFICATION\Settings.htm
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\bgpage.html
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\css\custom-theme\jquery-ui-1.8.10.custom.css
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\css\gadget.css
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\css\jquery.jscrollpane.css
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\css\reset.css
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\css\stations.css
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\embedded.html
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\js\bgpage.js
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\js\embedded.js
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\js\localization.js
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\js\player.js
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\js\popup.js
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\js\resources\BrowserDetect.js
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\js\resources\jquery-ui-1.8.10.custom.min.js
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\js\resources\jquery.jscrollpane.min.js
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\js\resources\jquery.mousewheel.js
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\js\resources\jquery.scrollTo-1.4.2-min.js
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\js\resources\radioCommon.js
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\js\resources\system.js
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\js\resources\utils.js
f:\program files (x86)\iprivobar\tb\al\wa\RADIO_PLAYER\popup2.html
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\bgpage.html
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\buildSettings\SearchApp_Ant.xml
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\Css\embedded.css
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\Css\engines.popup.css
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\Css\information.popup.css
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\Css\jquery.jscrollpane.css
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\Css\reset.css
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\embedded.html
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\engines.popup.html
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\information.popup.html
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\js\bgpage.js
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\js\embedded.js
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\js\engines.popup.js
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\js\information.popup.js
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\js\resources\jquery.jscrollpane.js
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\resources\buttonSprites.png
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\resources\dd-arrow.png
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\resources\defaultEngineImage.gif
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\resources\dropdownButton.png
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\resources\history--x-default.jpg
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\resources\history--x-default.png
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\resources\history--x-mouseover.jpg
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\resources\history--x-mouseover.png
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\resources\removeButton.png
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH\resources\removeButtonHover.png
f:\program files (x86)\iprivobar\tb\al\wa\SEARCH_IN_NEW_TAB\searchInNewTab.js
f:\program files (x86)\iprivobar\tb\al\wa\TESTER_EMBEDDED\bgpage.html
f:\program files (x86)\iprivobar\tb\al\wa\TESTER_EMBEDDED\embedded.html
f:\program files (x86)\iprivobar\tb\al\wa\TESTER_EMBEDDED\js\embedded.js
f:\program files (x86)\iprivobar\tb\al\wa\TESTER_EMBEDDED\js\popup.js
f:\program files (x86)\iprivobar\tb\al\wa\TESTER_EMBEDDED\js\webAppTester.js
f:\program files (x86)\iprivobar\tb\al\wa\TESTER_EMBEDDED\popup.html
f:\program files (x86)\iprivobar\tb\al\wa\TESTER_POPUP\bgpage.html
f:\program files (x86)\iprivobar\tb\al\wa\TESTER_POPUP\embedded.html
f:\program files (x86)\iprivobar\tb\al\wa\TESTER_POPUP\js\embedded.js
f:\program files (x86)\iprivobar\tb\al\wa\TESTER_POPUP\js\popup.js
f:\program files (x86)\iprivobar\tb\al\wa\TESTER_POPUP\js\webAppTester.js
f:\program files (x86)\iprivobar\tb\al\wa\TESTER_POPUP\popup.html
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\bgpage.html
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\img\inbox.png
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\img\scroll_down.png
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\img\scroll_up.png
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\js\bgpage.js
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\js\Config.js
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\js\popup.js
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\js\Utils.js
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\popup.css
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\popup.html
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\resources\ajax-loader.gif
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\resources\icons.png
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\resources\jquery-1.6.1.min.js
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\resources\jquery.tmpl.min.js
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\resources\yManager.js
f:\program files (x86)\iprivobar\tb\al\wa\TWITTER\resources\yStore.js
f:\program files (x86)\iprivobar\tb\al\wa\WEATHER\bgpage.html
f:\program files (x86)\iprivobar\tb\al\wa\WEATHER\css\gadget.css
f:\program files (x86)\iprivobar\tb\al\wa\WEATHER\css\ie7styles.css
f:\program files (x86)\iprivobar\tb\al\wa\WEATHER\css\iestyle.css
f:\program files (x86)\iprivobar\tb\al\wa\WEATHER\js\bgpage.js
f:\program files (x86)\iprivobar\tb\al\wa\WEATHER\js\common.js
f:\program files (x86)\iprivobar\tb\al\wa\WEATHER\js\date-functions.js
f:\program files (x86)\iprivobar\tb\al\wa\WEATHER\js\gadget.js
f:\program files (x86)\iprivobar\tb\al\wa\WEATHER\js\jquery.autocomplete.js
f:\program files (x86)\iprivobar\tb\al\wa\WEATHER\js\jquery.textshadow.js
f:\program files (x86)\iprivobar\tb\al\wa\WEATHER\js\logic.js
f:\program files (x86)\iprivobar\tb\al\wa\WEATHER\js\main.js
f:\program files (x86)\iprivobar\tb\al\wa\WEATHER\js\xPath.js
f:\program files (x86)\iprivobar\tb\al\wa\WEATHER\popup.html
f:\program files (x86)\iprivobar\tb\backstage.html
f:\program files (x86)\iprivobar\tb\core\corelibs.js
f:\program files (x86)\iprivobar\tb\core\framework.js
f:\program files (x86)\iprivobar\tb\core\utils.js
f:\program files (x86)\iprivobar\tb\lib\ie_fix.js
f:\program files (x86)\iprivobar\tb\lib\jquery-1.5.min.js
f:\program files (x86)\iprivobar\tb\lib\jquery-1.6.2.js
f:\program files (x86)\iprivobar\tb\lib\jquery.min.js
f:\program files (x86)\iprivobar\tb\lib\jquery.tmpl.min.js
f:\program files (x86)\iprivobar\tb\lib\jquery.xml2json.custom.min.js
f:\program files (x86)\iprivobar\tb\lib\jquery.xml2json.js
f:\program files (x86)\iprivobar\tb\lib\json2.js
f:\program files (x86)\iprivobar\tb\lib\json2.min.js
f:\program files (x86)\iprivobar\tb\lib\LAB.min.js
f:\program files (x86)\iprivobar\tb\lib\log4javascript.js
f:\program files (x86)\iprivobar\tb\lib\log4javascriptStub4Release.js
f:\program files (x86)\iprivobar\tb\sl\serviceLayer.js
f:\program files (x86)\iprivobar\tb\sl\services.html
f:\program files (x86)\iprivobar\tbipri.dll
f:\program files (x86)\iprivobar\toolbar.cfg
f:\program files (x86)\iprivobar\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-11 15:45 . 2012-06-11 15:45 -------- d-----w- f:\users\UpdatusUser\AppData\Local\temp
2012-06-11 15:45 . 2012-06-11 15:45 -------- d-----w- f:\users\Default\AppData\Local\temp
2012-06-11 15:31 . 2012-06-11 15:31 69000 ----a-w- f:\programdata\Microsoft\Windows Defender\Definition Updates\{1657C62B-FDE0-43BD-8245-210CD922E36F}\offreg.dll
2012-06-11 12:52 . 2012-05-08 17:02 8955792 ----a-w- f:\programdata\Microsoft\Windows Defender\Definition Updates\{1657C62B-FDE0-43BD-8245-210CD922E36F}\mpengine.dll
2012-06-08 23:47 . 2012-06-08 23:47 -------- d-----w- f:\programdata\Sophos
2012-06-08 23:47 . 2012-06-08 23:47 73728 ----a-r- f:\users\P1\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-08 23:47 . 2012-06-08 23:47 73728 ----a-r- f:\users\P1\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-08 23:47 . 2012-06-08 23:47 73728 ----a-r- f:\users\P1\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-06-08 23:47 . 2012-06-08 23:47 -------- d-----w- f:\program files (x86)\Sophos
2012-06-08 23:33 . 2012-06-08 23:37 139704 ----a-w- f:\windows\system32\drivers\efavdrv.sys
2012-06-08 20:19 . 2012-06-08 20:19 -------- d-----w- f:\users\P1\AppData\Local\Diagnostics
2012-06-08 20:10 . 2011-06-15 13:22 1250088 ----a-w- f:\windows\system32\drivers\SandBox64.sys
2012-06-08 20:10 . 2011-06-15 13:21 444504 ----a-w- f:\windows\system32\drivers\afwcore.sys
2012-06-08 20:09 . 2011-03-28 17:53 38488 ----a-w- f:\windows\system32\drivers\afw.sys
2012-06-08 20:09 . 2012-06-08 20:50 -------- d-----w- f:\windows\system32\Filt
2012-06-08 20:09 . 2012-06-08 20:09 -------- d-----w- f:\program files\Agnitum
2012-06-08 20:09 . 2012-06-08 20:09 -------- d-----w- f:\programdata\Agnitum
2012-06-08 13:26 . 2012-06-08 13:26 -------- d-----w- f:\programdata\BDLogging
2012-06-08 13:23 . 2012-06-08 13:23 -------- d-----w- f:\users\P1\AppData\Roaming\QuickScan
2012-06-08 13:22 . 2012-06-08 14:28 -------- d-----w- f:\program files\Bitdefender
2012-06-08 13:22 . 2012-06-08 14:27 -------- d-----w- f:\program files\Common Files\Bitdefender
2012-06-08 13:22 . 2012-06-08 13:22 -------- d-----w- f:\program files (x86)\Common Files\Bitdefender
2012-06-08 12:24 . 2012-06-08 12:25 -------- d-----w- f:\program files\SUPERAntiSpyware
2012-06-08 03:18 . 2012-06-08 03:18 -------- d-sh--w- f:\windows\system32\%APPDATA%
2012-05-16 19:16 . 2012-05-16 19:16 -------- d-----w- f:\users\P1\AppData\Local\Unity
2012-05-15 01:21 . 2012-05-15 01:21 423744 ----a-w- f:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 10:48 . 2012-04-23 11:21 68928 ----a-w- f:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-23 11:21 61248 ----a-w- f:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-21 22:01 8105280 ----a-w- f:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-02-21 22:01 18044224 ----a-w- f:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-02-21 22:01 10194752 ----a-w- f:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-02-21 22:01 2741568 ----a-w- f:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-09-24 12:40 1738048 ----a-w- f:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-09-24 12:40 1468224 ----a-w- f:\windows\system32\nvgenco64.dll
2012-05-15 09:29 . 2011-06-21 00:23 889664 ----a-w- f:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-06-21 00:23 63296 ----a-w- f:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-06-21 00:23 118080 ----a-w- f:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-06-21 00:23 3149632 ----a-w- f:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-06-21 00:23 6151488 ----a-w- f:\windows\system32\nvcpl.dll
2012-05-05 23:46 . 2012-04-18 09:16 419488 ----a-w- f:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 23:46 . 2011-05-13 08:39 70304 ----a-w- f:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 23:46 . 2012-04-18 09:46 8744608 ----a-w- f:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-29 01:00 . 2011-05-01 03:24 270776 ----a-w- f:\windows\SysWow64\PnkBstrB.xtr
2012-04-29 01:00 . 2011-04-30 17:09 270776 ----a-w- f:\windows\SysWow64\PnkBstrB.exe
2012-04-11 21:48 . 2011-04-30 17:09 270776 ----a-w- f:\windows\SysWow64\PnkBstrB.ex0
2012-03-31 06:05 . 2012-05-09 08:21 5559664 ----a-w- f:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 08:21 3968368 ----a-w- f:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 08:21 3913072 ----a-w- f:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-09 08:21 3146240 ----a-w- f:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-09 08:20 1918320 ----a-w- f:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-09 08:21 75120 ----a-w- f:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-11_12.35.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-20 00:57 . 2012-06-11 15:30 46148 f:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-11 15:30 47818 f:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-20 00:50 . 2012-06-11 15:30 15820 f:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-818302674-3230007097-328040447-1001_UserData.bin
- 2012-06-11 12:34 . 2012-06-11 12:34 2048 f:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-11 15:28 . 2012-06-11 15:28 2048 f:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-11 12:34 . 2012-06-11 12:34 2048 f:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-11 15:28 . 2012-06-11 15:28 2048 f:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-06-11 12:33 284448 f:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-11 15:27 284448 f:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-08 18:27 . 2012-06-11 15:27 4907480 f:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-818302674-3230007097-328040447-1001-8192.dat
- 2012-06-08 18:27 . 2012-06-11 12:33 4907480 f:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-818302674-3230007097-328040447-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="f:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="f:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
.
f:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
KiSS PC-Link.lnk - f:\program files (x86)\Linksys\KiSS PC-Link\KiSS_PC-Link.exe [2011-4-28 651776]
UltraMon.lnk - f:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2011-4-28 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 acssrv;Agnitum Client Security Service;f:\progra~1\Agnitum\OUTPOS~1\acs.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;f:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 ASWFilt;ASWFilt;f:\windows\system32\Filt\ASWFilt64.dll [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;f:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-20 79360]
R3 efavdrv;efavdrv;f:\windows\system32\drivers\efavdrv.sys [x]
R3 Razerlow;Razer Pro|Solutions;f:\windows\system32\drivers\DB3G.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;f:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RivaTuner64;RivaTuner64;f:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-04-08 19952]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;f:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-04-16 151064]
R3 Synth3dVsc;Synth3dVsc;f:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;f:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;f:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;f:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;f:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;f:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R4 AdobeARMservice;Adobe Acrobat Update Service;f:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 gupdate;Google Update Service (gupdate);f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 136176]
R4 gupdatem;Google Update Service (gupdatem);f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 136176]
R4 wlcrasvc;Windows Live Mesh remote connections service;f:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SandBox;SandBox;f:\windows\system32\drivers\SandBox64.sys [x]
S0 sptd;sptd;f:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 afw;Agnitum Firewall Driver;f:\windows\system32\DRIVERS\afw.sys [x]
S1 ehdrv;ehdrv;f:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 ekrn;ESET Service;f:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;f:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;f:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;f:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UltraMonUtility;UltraMon Utility Driver;f:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S3 afwcore;afwcore;f:\windows\system32\drivers\afwcore.sys [x]
S3 MOSUMAC;USB-Ethernet Driver;f:\windows\system32\DRIVERS\USBMAC64.SYS [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;f:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 f:\windows\Tasks\Adobe Flash Player Updater.job
- f:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 23:46]
.
2012-06-10 f:\windows\Tasks\At1.job
- c:\windows\crstk.exe [2011-08-06 00:35]
.
2012-06-11 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 19:03]
.
2012-06-11 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 19:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
f:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="f:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2680696]
"OutpostMonitor"="f:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - f:\users\P1\AppData\Roaming\Mozilla\Firefox\Profiles\b1zpuzck.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81d24ea1-3106-46a5-a324-fa96b8178519} - f:\program files (x86)\iprivobar\prxtbipri.dll
BHO-{81d24ea1-3106-46a5-a324-fa96b8178519} - f:\program files (x86)\iprivobar\prxtbipri.dll
Toolbar-{81d24ea1-3106-46a5-a324-fa96b8178519} - f:\program files (x86)\iprivobar\prxtbipri.dll
AddRemove-iprivobar Toolbar - f:\program files (x86)\iprivobar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{81D24EA1-3106-46A5-A324-FA96B8178519}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4d,c1,
85,34,7f,cb,03,dc,32,b9,d6,bd,49,c1,0d
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{A1A7E22D-1587-4230-8F16-081C68D21448}"=hex:51,66,7a,6c,4c,1d,38,12,43,e1,b4,
a5,b5,5b,5e,07,f0,00,4b,5c,6d,8c,50,5c
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:33,ca,9b,97,15,47,cd,01
.
[HKEY_USERS\S-1-5-21-818302674-3230007097-328040447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-818302674-3230007097-328040447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@f:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="f:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="f:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="f:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{A23953CB-3147-45D6-A396-992B0666610B}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.314.0"
"UniqueId"="000C4BD34DB9A803"
"ScannerBuild"=dword:000023cf
"ScannerVersionId"=dword:000017bf
"ScannerVersion"="Open window for status."
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\06\18\0e:\0ds"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-11 16:48:37
ComboFix-quarantined-files.txt 2012-06-11 15:48
ComboFix2.txt 2012-06-11 12:42
.
Pre-Run: 99,064,496,128 bytes free
Post-Run: 98,851,016,704 bytes free
.
- - End Of File - - C957A82328305F7075EA14A5AD2878B1

Everything still appears to be working normally

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:01 PM

Posted 11 June 2012 - 10:58 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 22
Java™ 6 Update 24
Java™ 6 Update 26
Vuze
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 roguetrooper

roguetrooper
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 11 June 2012 - 12:09 PM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
P1 :: P1-PC [administrator]

Protection: Enabled

11/06/2012 17:58:37
mbam-log-2012-06-11 (17-58-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232450
Time elapsed: 1 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Hijackthis report


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:05:09, on 11/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
F:\Program Files (x86)\Linksys\KiSS PC-Link\KiSS_PC-Link.exe
F:\Windows\SysWOW64\rundll32.exe
F:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
F:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
F:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
F:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
F:\Program Files (x86)\Internet Explorer\iexplore.exe
F:\Program Files (x86)\Internet Explorer\iexplore.exe
F:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
F:\Program Files (x86)\Windows Live\Companion\companionuser.exe
F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
F:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - F:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: iprivobar Toolbar - {81d24ea1-3106-46a5-a324-fa96b8178519} - F:\Program Files (x86)\iprivobar\prxtbipri.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - F:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: iprivobar Toolbar - {81d24ea1-3106-46a5-a324-fa96b8178519} - F:\Program Files (x86)\iprivobar\prxtbipri.dll (file missing)
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] F:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-21-818302674-3230007097-328040447-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-818302674-3230007097-328040447-1004\..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: KiSS PC-Link.lnk = F:\Program Files (x86)\Linksys\KiSS PC-Link\KiSS_PC-Link.exe
O4 - Global Startup: UltraMon.lnk = ?
O9 - Extra button: @F:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - F:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @F:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @F:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: f:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: f:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/pcpitstop.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package 1) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - F:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Unknown owner - F:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - F:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - F:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - F:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - F:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - F:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - F:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - F:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - F:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - F:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - F:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - F:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sophos Virus Removal Tool (SophosVirusRemovalTool) - Sophos Limited - F:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - F:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - F:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - F:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - F:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - F:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - F:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - F:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - F:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - F:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10459 bytes


System still appears to be running normally with no problems at all

Note .... I need to keep Vuze on my system as i have to use it legitimately for work purposes but i am fully aware of the risks of downloading illegitimate software etc ...

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:01 PM

Posted 11 June 2012 - 12:16 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] F:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      O4 - HKUS\S-1-5-21-818302674-3230007097-328040447-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-818302674-3230007097-328040447-1004\..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Global Startup: UltraMon.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 roguetrooper

roguetrooper
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 11 June 2012 - 03:03 PM

Hi...
I ran the Eset online scanner but accidentally clicked off the page before i copied the results to paste here but it stated no threats found which is what i assume you needed to know?
System is still running fine with no signs of any problems at all ... Thanks very much for your help with this :)

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:01 PM

Posted 11 June 2012 - 03:06 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 roguetrooper

roguetrooper
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 11 June 2012 - 03:46 PM

All done and read :)
Thanks again for your help and by all means close the thread




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users