Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google webhp redirect


  • This topic is locked This topic is locked
22 replies to this topic

#1 brokenclown

brokenclown

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 14 June 2012 - 12:22 AM

My browser is randomly opening new tabs to ad pages and/or redirects now and then to google.com/webhp. I've seen sites mentioning various fixes none of which have worked so far. please help.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:56 AM

Posted 14 June 2012 - 01:30 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 brokenclown

brokenclown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 14 June 2012 - 04:07 PM

how long should the security check run for? its been going hours now

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:56 AM

Posted 14 June 2012 - 04:47 PM

stop it and move to the next item


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 brokenclown

brokenclown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 14 June 2012 - 06:14 PM

DDS LOG


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Luscious at 18:57:48 on 2012-06-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3819.2217 [GMT -4:00]
.
AV: CA Anti-Virus Plus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: CA Anti-Virus Plus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: CA Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Windows\SysWOW64\cfgmig32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\runonce.exe
C:\Users\Luscious_2\Downloads\Defogger.exe
C:\Users\Luscious_2\Downloads\SecurityCheck.exe
C:\Users\Luscious_2\Downloads\SecurityCheck.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\taskeng.exe
C:\Users\Luscious_2\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Luscious_2\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Users\Luscious_2\Downloads\SecurityCheck.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Luscious\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: C:\Windows\system32\VetRedir.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{3BF15144-E0D6-4C4F-8A74-AF71CE8DF05A} : DhcpNameServer = 10.6.2.4 10.6.2.6 10.2.0.1
TCP: Interfaces\{8B9BE0CB-829A-4A11-8250-8C00F55A10A0} : DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{8B9BE0CB-829A-4A11-8250-8C00F55A10A0}\05572727 : DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{8B9BE0CB-829A-4A11-8250-8C00F55A10A0}\1646D696E623 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8B9BE0CB-829A-4A11-8250-8C00F55A10A0}\4335544343 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8B9BE0CB-829A-4A11-8250-8C00F55A10A0}\6756E647572716 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8B9BE0CB-829A-4A11-8250-8C00F55A10A0}\D434F6D6 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: UmxSbxExw.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: CA Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: CA Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
AppInit_DLLs-X64: UmxSbxExw.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;C:\Windows\system32\Drivers\BUSB2902.sys --> C:\Windows\system32\Drivers\BUSB2902.sys [?]
S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;C:\Windows\system32\drivers\busbwdm.sys --> C:\Windows\system32\drivers\busbwdm.sys [?]
.
=============== Created Last 30 ================
.
2012-06-13 21:43:24 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 21:43:24 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 21:43:24 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 21:42:37 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 21:42:31 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 21:42:29 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 21:42:28 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 21:42:21 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 21:42:14 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 21:42:07 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 21:42:06 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 21:41:21 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 21:41:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 21:41:20 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 21:41:20 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 21:41:20 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 21:41:19 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-13 16:12:36 116016 ----a-w- C:\Windows\System32\drivers\10330432.sys
2012-06-12 21:09:55 -------- d-----w- C:\Users\Luscious\AppData\Roaming\Malwarebytes
2012-06-12 21:09:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-12 21:09:06 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-12 21:09:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-12 18:15:21 -------- d-----w- C:\Users\Luscious\AppData\Roaming\Panda Security
2012-06-12 18:12:14 -------- d-----w- C:\ProgramData\Panda Security
2012-06-12 18:12:14 -------- d-----w- C:\Program Files (x86)\Panda Security
2012-06-12 18:10:52 -------- d-----w- C:\temp
2012-06-10 22:50:26 -------- d-----w- C:\Users\Luscious\AppData\Local\ElevatedDiagnostics
2012-06-10 19:34:38 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-17 04:47:45 -------- d-----w- C:\Audio
2012-05-17 04:11:44 5430 ----a-w- C:\FLVDirect.exe
2012-05-17 04:11:37 -------- d-----w- C:\Data
2012-05-16 06:52:47 -------- d-----w- C:\Program Files (x86)\Kobo
.
==================== Find3M ====================
.
2012-06-12 18:07:02 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-12 18:07:02 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-04 22:47:08 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-04-04 22:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 19:06:42.92 ===============




ATTACH FILE

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/23/2011 3:03:13 PM
System Uptime: 6/14/2012 2:06:25 PM (5 hours ago)
.
Motherboard: Acer | | HMA51-BZ
Processor: AMD E-300 APU with Radeon™ HD Graphics | Socket FT1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 119.588 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP64: 6/4/2012 9:58:43 AM - Windows Update
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe After Effects CS5.5
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Audition 3.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Assistant
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.3) MUI
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Stock Photos CS3
Adobe Story
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agatha Christie - Death on the Nile
AIM 7
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
ASIO4ALL
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Backup Manager V3
Bejeweled 2 Deluxe
Bing Bar
Build-a-lot 4 - Power Source
CA Backup and Migration
CA Parental Controls
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chronicles of Albian
Chuzzle Deluxe
clear.fi
clear.fi Client
Cradle of Rome 2
D3DX10
DHTML Editing Component
DivX Setup
DNAMigrator
Dora's World Adventure
Download Updater (AOL LLC)
eBay Worldwide
Elements 10 Organizer
Facebook Video Calling 1.2.0.159
FATE: The Cursed King
Final Drive: Nitro
FL Studio 10
Galerie de photos Windows Live
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker 2 Premium Edition
Identity Card
IL Download Manager
Java Auto Updater
Java™ 7 Update 4
JavaFX 2.1.0
Jewel Match 3
Junk Mail filter update
Kobo
Launch Manager
Magic ISO Maker v5.5 (build 0272)
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion
MyWinLocker 4
MyWinLocker Suite
Native Instruments Controller Editor
Native Instruments Guitar Rig 5
Native Instruments Guitar Rig Mobile I/O
Native Instruments Guitar Rig Session I/O
Native Instruments Rig Kontrol 3
Native Instruments Service Center
newsXpresso
NOOK for PC
Norton Online Backup
NTI Media Maker 9
ooVoo
Optimum
Panda Cloud Antivirus
PandoraRecovery (Remove Only)
PDF Settings
Penguins!
PhotoImpact X3
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
PRE10STI64Installer
QuickTime
Realtek USB 2.0 Card Reader
RehanFX Shader Transitions and Effects (ShaderTFX)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
sfArk
Shredder
Skype™ 5.3
SmartSound Common Data
SmartSound Sonicfire Pro 5
swMSM
System Checkup 3.1
Times Reader
Torchlight
Trillian
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195
Virtual Villagers 5 - New Believers
VLC media player 2.0.0
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinSCP 4.3.7
WinZip 11.2
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
6/9/2012 1:09:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
6/14/2012 2:08:57 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/14/2012 2:08:57 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
6/14/2012 2:07:01 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/14/2012 2:07:00 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/14/2012 2:07:00 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
6/14/2012 2:06:58 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/14/2012 1:34:22 AM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
6/12/2012 2:12:51 PM, Error: Service Control Manager [7030] - The Panda Cloud Antivirus Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/10/2012 6:27:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/10/2012 12:34:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIHardwareService service.
.
==== End Of File ===========================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:56 AM

Posted 14 June 2012 - 08:58 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 brokenclown

brokenclown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 14 June 2012 - 11:04 PM

ran Combofix but never got a log appearing anywhere.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:56 AM

Posted 14 June 2012 - 11:10 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 brokenclown

brokenclown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 15 June 2012 - 03:16 AM

here is the COMBOFIX report... finally


ComboFix 12-06-14.04 - Luscious 06/15/2012 3:48.2.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3819.2958 [GMT -4:00]
Running from: c:\users\Luscious_2\Downloads\ComboFix.exe
AV: CA Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
FW: CA Personal Firewall *Disabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
SP: CA Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\FLVDirect.exe
c:\windows\Installer\{d53f1922-f11d-17a1-f179-71db687ed874}\@
c:\windows\Installer\{d53f1922-f11d-17a1-f179-71db687ed874}\L\00000004.@
c:\windows\Installer\{d53f1922-f11d-17a1-f179-71db687ed874}\L\1afb2d56
c:\windows\Installer\{d53f1922-f11d-17a1-f179-71db687ed874}\L\201d3dde
c:\windows\Installer\{d53f1922-f11d-17a1-f179-71db687ed874}\U\00000004.@
c:\windows\Installer\{d53f1922-f11d-17a1-f179-71db687ed874}\U\00000008.@
c:\windows\Installer\{d53f1922-f11d-17a1-f179-71db687ed874}\U\000000cb.@
c:\windows\Installer\{d53f1922-f11d-17a1-f179-71db687ed874}\U\80000000.@
c:\windows\Installer\{d53f1922-f11d-17a1-f179-71db687ed874}\U\80000032.@
c:\windows\Installer\{d53f1922-f11d-17a1-f179-71db687ed874}\U\80000064.@
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 08:00 . 2012-06-15 08:00 -------- d-----w- c:\users\Luscious_2\AppData\Local\temp
2012-06-15 08:00 . 2012-06-15 08:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 05:28 . 2012-06-14 05:28 -------- d-----w- c:\users\Luscious_2\AppData\Local\Macromedia
2012-06-13 21:43 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 21:43 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 21:43 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 21:42 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 21:42 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 21:42 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 21:42 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 21:42 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 21:42 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 21:42 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 21:42 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 21:41 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 21:41 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 21:41 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 21:41 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 21:41 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 21:41 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 16:12 . 2012-06-13 16:12 116016 ----a-w- c:\windows\system32\drivers\10330432.sys
2012-06-13 07:54 . 2012-06-13 07:54 -------- d-----w- c:\users\Luscious_2\Pavark
2012-06-13 06:20 . 2012-06-13 06:20 -------- d-----w- c:\users\Luscious_2\AppData\Roaming\Malwarebytes
2012-06-12 21:09 . 2012-06-12 21:09 -------- d-----w- c:\users\Luscious\AppData\Roaming\Malwarebytes
2012-06-12 21:09 . 2012-06-12 21:09 -------- d-----w- c:\programdata\Malwarebytes
2012-06-12 21:09 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 21:09 . 2012-06-12 21:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-12 18:39 . 2012-06-12 18:39 -------- d-----w- c:\users\Luscious_2\AppData\Roaming\Panda Security
2012-06-12 18:15 . 2012-06-12 18:15 -------- d-----w- c:\users\Luscious\AppData\Roaming\Panda Security
2012-06-12 18:12 . 2012-06-12 18:12 -------- d-----w- c:\programdata\Panda Security
2012-06-12 18:12 . 2012-06-12 18:12 -------- d-----w- c:\program files (x86)\Panda Security
2012-06-12 18:10 . 2012-06-12 18:11 -------- d-----w- C:\temp
2012-06-10 22:50 . 2012-06-10 22:50 -------- d-----w- c:\users\Luscious\AppData\Local\ElevatedDiagnostics
2012-06-10 19:34 . 2012-06-10 19:34 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-18 07:04 . 2012-05-18 07:04 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-18 07:04 . 2012-05-18 07:04 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-17 04:47 . 2012-05-17 04:47 -------- d-----w- C:\Audio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 18:07 . 2012-04-03 19:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 18:07 . 2011-07-25 05:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2012-05-09 02:11 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 22:47 . 2012-05-09 02:11 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35 . 2012-05-11 03:15 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-15_07.26.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-06-15 07:24 . 2012-06-15 07:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-15 07:43 . 2012-06-15 07:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-15 07:43 . 2012-06-15 07:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-15 07:24 . 2012-06-15 07:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-06-15 07:42 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-15 07:25 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-06-15 07:40 567940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-15 07:23 567940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-06-15 07:42 2031616 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-15 07:25 2031616 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-15 07:25 6504448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-15 07:42 6504448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-23 20:38 . 2012-06-15 07:40 5863019 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1388795440-3148423484-601039858-1001-8192.dat
- 2011-12-23 20:38 . 2012-06-15 07:23 5863019 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1388795440-3148423484-601039858-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-10 177448]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-03 95504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2008-4-3 415072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2011-02-24 19:33 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 KmxFw;KmxFw;c:\windows\System32\DRIVERS\kmxfw.sys [x]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [x]
R1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [x]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [x]
R1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\DRIVERS\KmxFilter.sys [x]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
R1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-15 169624]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-13 249648]
R2 CAAMSvc;CAAMSvc;c:\program files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe [2011-12-23 291656]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2011-07-02 286032]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
R2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [x]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [x]
R2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
R2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
R2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
R2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
R2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-04-04 920656]
R2 WinSvchostManagerSrv;WinSvchostManagerSrv;c:\windows\SysWOW64\cfgmig32.exe [2011-07-02 263504]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys [x]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2012-03-02 29184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1388795440-3148423484-601039858-1003Core.job
- c:\users\Luscious_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-24 00:44]
.
2012-06-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1388795440-3148423484-601039858-1003UA.job
- c:\users\Luscious_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-24 00:44]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 20:16]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 20:16]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388795440-3148423484-601039858-1001Core.job
- c:\users\Luscious\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 20:21]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388795440-3148423484-601039858-1001UA.job
- c:\users\Luscious\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 20:21]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388795440-3148423484-601039858-1003Core.job
- c:\users\Luscious_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 00:42]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388795440-3148423484-601039858-1003UA.job
- c:\users\Luscious_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 00:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2011-07-02 2658128]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{5552453B-BB76-45E3-973D-F95E458ED780} - c:\programdata\{13C5090D-8DAD-437E-B069-232C287DA432}\Kontakt 5 Setup PC.exe
AddRemove-4284033650.optimumapp.iptv.optimum.net - c:\program files (x86)\Microsoft Silverlight\5.0.61118.0\Silverlight.Configuration.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-15 04:04:42
ComboFix-quarantined-files.txt 2012-06-15 08:04
.
Pre-Run: 128,027,942,912 bytes free
Post-Run: 127,554,629,632 bytes free
.
- - End Of File - - 9497BC7562A71CD63FF5BD876FA3302F

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:56 AM

Posted 15 June 2012 - 03:47 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 brokenclown

brokenclown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 15 June 2012 - 03:56 AM

TDSS log is below aswMBR scan is till running


04:18:53.0124 1424 TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46
04:18:53.0530 1424 ============================================================
04:18:53.0530 1424 Current date / time: 2012/06/15 04:18:53.0530
04:18:53.0530 1424 SystemInfo:
04:18:53.0530 1424
04:18:53.0530 1424 OS Version: 6.1.7601 ServicePack: 1.0
04:18:53.0530 1424 Product type: Workstation
04:18:53.0530 1424 ComputerName: LUSCIOUS-PC
04:18:53.0530 1424 UserName: Luscious
04:18:53.0530 1424 Windows directory: C:\Windows
04:18:53.0530 1424 System windows directory: C:\Windows
04:18:53.0530 1424 Running under WOW64
04:18:53.0530 1424 Processor architecture: Intel x64
04:18:53.0530 1424 Number of processors: 2
04:18:53.0530 1424 Page size: 0x1000
04:18:53.0530 1424 Boot type: Normal boot
04:18:53.0530 1424 ============================================================
04:18:55.0808 1424 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:18:55.0823 1424 ============================================================
04:18:55.0823 1424 \Device\Harddisk0\DR0:
04:18:55.0823 1424 MBR partitions:
04:18:55.0823 1424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
04:18:55.0823 1424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1B392800
04:18:55.0823 1424 ============================================================
04:18:55.0854 1424 C: <-> \Device\Harddisk0\DR0\Partition1
04:18:55.0854 1424 ============================================================
04:18:55.0854 1424 Initialize success
04:18:55.0854 1424 ============================================================
04:18:57.0898 6616 ============================================================
04:18:57.0898 6616 Scan started
04:18:57.0898 6616 Mode: Manual;
04:18:57.0898 6616 ============================================================
04:19:00.0004 6616 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
04:19:00.0051 6616 1394ohci - ok
04:19:00.0098 6616 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
04:19:00.0144 6616 ACPI - ok
04:19:00.0176 6616 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
04:19:00.0222 6616 AcpiPmi - ok
04:19:00.0472 6616 Adobe LM Service (4ae327c9c375d985ff2a2aab92765218) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
04:19:00.0519 6616 Adobe LM Service - ok
04:19:00.0659 6616 AdobeActiveFileMonitor10.0 (047bd1eb681453a7fe492a71802ac9f3) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
04:19:00.0706 6616 AdobeActiveFileMonitor10.0 - ok
04:19:00.0815 6616 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
04:19:00.0893 6616 AdobeARMservice - ok
04:19:00.0971 6616 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
04:19:01.0049 6616 adp94xx - ok
04:19:01.0127 6616 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
04:19:01.0190 6616 adpahci - ok
04:19:01.0221 6616 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
04:19:01.0252 6616 adpu320 - ok
04:19:01.0314 6616 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
04:19:01.0314 6616 AeLookupSvc - ok
04:19:01.0439 6616 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
04:19:01.0502 6616 AFD - ok
04:19:01.0548 6616 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
04:19:01.0673 6616 agp440 - ok
04:19:01.0736 6616 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
04:19:01.0767 6616 ALG - ok
04:19:01.0798 6616 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
04:19:01.0845 6616 aliide - ok
04:19:01.0907 6616 AMD External Events Utility (514089cb4a7df38dc4dd936ade4114d3) C:\Windows\system32\atiesrxx.exe
04:19:01.0954 6616 AMD External Events Utility - ok
04:19:01.0985 6616 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
04:19:02.0032 6616 amdide - ok
04:19:02.0063 6616 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
04:19:02.0110 6616 AmdK8 - ok
04:19:02.0828 6616 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
04:19:03.0155 6616 amdkmdag - ok
04:19:03.0389 6616 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
04:19:03.0405 6616 amdkmdap - ok
04:19:03.0498 6616 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
04:19:03.0530 6616 AmdPPM - ok
04:19:03.0576 6616 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
04:19:03.0608 6616 amdsata - ok
04:19:03.0654 6616 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
04:19:03.0701 6616 amdsbs - ok
04:19:03.0717 6616 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
04:19:03.0748 6616 amdxata - ok
04:19:03.0826 6616 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
04:19:03.0873 6616 AppID - ok
04:19:03.0904 6616 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
04:19:03.0982 6616 AppIDSvc - ok
04:19:04.0013 6616 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
04:19:04.0044 6616 Appinfo - ok
04:19:04.0232 6616 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:19:04.0263 6616 Apple Mobile Device - ok
04:19:04.0325 6616 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
04:19:04.0356 6616 arc - ok
04:19:04.0419 6616 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
04:19:04.0481 6616 arcsas - ok
04:19:04.0528 6616 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:19:04.0575 6616 AsyncMac - ok
04:19:04.0606 6616 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
04:19:04.0622 6616 atapi - ok
04:19:05.0136 6616 athr (cc406da84e7dd3fa3ad20340dbc66cf2) C:\Windows\system32\DRIVERS\athrx.sys
04:19:05.0308 6616 athr - ok
04:19:05.0542 6616 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:19:05.0620 6616 AudioEndpointBuilder - ok
04:19:05.0636 6616 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:19:05.0667 6616 AudioSrv - ok
04:19:05.0714 6616 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
04:19:05.0760 6616 AxInstSV - ok
04:19:05.0854 6616 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
04:19:05.0916 6616 b06bdrv - ok
04:19:05.0979 6616 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:19:06.0057 6616 b57nd60a - ok
04:19:06.0182 6616 BBSvc (87f3bcf82a63e900af896cd930bf7e05) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
04:19:06.0228 6616 BBSvc - ok
04:19:06.0291 6616 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
04:19:06.0338 6616 BBUpdate - ok
04:19:06.0400 6616 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
04:19:06.0462 6616 BDESVC - ok
04:19:06.0509 6616 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:19:06.0556 6616 Beep - ok
04:19:06.0665 6616 BEHRINGER_2902 (b62abdc39b36184b6b8b9e71a8685f52) C:\Windows\system32\Drivers\BUSB2902.sys
04:19:06.0743 6616 BEHRINGER_2902 - ok
04:19:06.0837 6616 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
04:19:06.0915 6616 BFE - ok
04:19:07.0086 6616 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
04:19:07.0414 6616 BITS - ok
04:19:07.0492 6616 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
04:19:07.0539 6616 blbdrive - ok
04:19:07.0648 6616 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
04:19:07.0695 6616 Bonjour Service - ok
04:19:07.0742 6616 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
04:19:07.0773 6616 bowser - ok
04:19:07.0820 6616 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
04:19:07.0851 6616 BrFiltLo - ok
04:19:07.0866 6616 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
04:19:07.0913 6616 BrFiltUp - ok
04:19:07.0976 6616 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
04:19:08.0038 6616 BridgeMP - ok
04:19:08.0085 6616 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
04:19:08.0132 6616 Browser - ok
04:19:08.0178 6616 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:19:08.0272 6616 Brserid - ok
04:19:08.0303 6616 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:19:08.0350 6616 BrSerWdm - ok
04:19:08.0366 6616 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:19:08.0412 6616 BrUsbMdm - ok
04:19:08.0475 6616 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:19:08.0522 6616 BrUsbSer - ok
04:19:08.0553 6616 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
04:19:08.0600 6616 BTHMODEM - ok
04:19:08.0646 6616 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
04:19:08.0709 6616 bthserv - ok
04:19:08.0787 6616 BUSB_AUDIO_WDM (aec85ff9a00dd9ee7605afc66949f228) C:\Windows\system32\drivers\busbwdm.sys
04:19:08.0834 6616 BUSB_AUDIO_WDM - ok
04:19:08.0974 6616 CAAMSvc (51e0078586bf3ac6813cedacfb220fef) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
04:19:09.0052 6616 CAAMSvc - ok
04:19:09.0114 6616 CaCCProvSP (b3b8e9ae50343daaf7d4dd9953601e98) C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
04:19:09.0130 6616 CaCCProvSP - ok
04:19:09.0177 6616 CAISafe (e0f7e8b3ec79db2a191b42fcc06f17e6) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
04:19:09.0192 6616 CAISafe - ok
04:19:09.0208 6616 catchme - ok
04:19:09.0286 6616 ccSchedulerSVC (ed1cf50c7c3b1f81e62bf09b420fe5e7) C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
04:19:09.0333 6616 ccSchedulerSVC - ok
04:19:09.0504 6616 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:19:09.0551 6616 cdfs - ok
04:19:09.0598 6616 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
04:19:09.0660 6616 cdrom - ok
04:19:09.0707 6616 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:19:09.0770 6616 CertPropSvc - ok
04:19:09.0801 6616 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
04:19:09.0848 6616 circlass - ok
04:19:09.0926 6616 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:19:10.0082 6616 CLFS - ok
04:19:10.0206 6616 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:19:10.0269 6616 clr_optimization_v2.0.50727_32 - ok
04:19:10.0316 6616 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:19:10.0362 6616 clr_optimization_v2.0.50727_64 - ok
04:19:10.0487 6616 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:19:10.0628 6616 clr_optimization_v4.0.30319_32 - ok
04:19:10.0659 6616 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:19:10.0690 6616 clr_optimization_v4.0.30319_64 - ok
04:19:10.0752 6616 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
04:19:10.0799 6616 CmBatt - ok
04:19:10.0815 6616 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
04:19:10.0862 6616 cmdide - ok
04:19:10.0955 6616 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
04:19:11.0018 6616 CNG - ok
04:19:11.0189 6616 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\Windows\system32\drivers\CHDRT64.sys
04:19:11.0252 6616 CnxtHdAudService - ok
04:19:11.0423 6616 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
04:19:11.0501 6616 Compbatt - ok
04:19:11.0548 6616 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
04:19:11.0610 6616 CompositeBus - ok
04:19:11.0626 6616 COMSysApp - ok
04:19:11.0674 6616 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
04:19:11.0736 6616 crcdisk - ok
04:19:11.0816 6616 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
04:19:11.0888 6616 CryptSvc - ok
04:19:11.0951 6616 CxAudMsg (9d0d050170d47e778b624a28c90f23de) C:\Windows\system32\CxAudMsg64.exe
04:19:12.0040 6616 CxAudMsg - ok
04:19:12.0123 6616 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
04:19:12.0427 6616 DcomLaunch - ok
04:19:12.0468 6616 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
04:19:12.0568 6616 defragsvc - ok
04:19:12.0619 6616 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
04:19:12.0665 6616 DfsC - ok
04:19:12.0714 6616 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
04:19:12.0844 6616 Dhcp - ok
04:19:12.0881 6616 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:19:12.0926 6616 discache - ok
04:19:12.0941 6616 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
04:19:12.0992 6616 Disk - ok
04:19:13.0031 6616 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
04:19:13.0156 6616 Dnscache - ok
04:19:13.0189 6616 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
04:19:13.0332 6616 dot3svc - ok
04:19:13.0377 6616 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
04:19:13.0547 6616 DPS - ok
04:19:13.0627 6616 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:19:13.0755 6616 drmkaud - ok
04:19:13.0870 6616 DsiWMIService (9dd3a22f804697606c2b7ff9e912ff6b) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
04:19:13.0932 6616 DsiWMIService - ok
04:19:14.0033 6616 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
04:19:14.0085 6616 DXGKrnl - ok
04:19:14.0131 6616 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
04:19:14.0274 6616 EapHost - ok
04:19:14.0830 6616 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
04:19:14.0974 6616 ebdrv - ok
04:19:15.0161 6616 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
04:19:15.0478 6616 EFS - ok
04:19:15.0721 6616 EgisTec Ticket Service (18dd872dd46acb24e106dc2c9c270466) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
04:19:15.0777 6616 EgisTec Ticket Service - ok
04:19:15.0921 6616 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
04:19:15.0982 6616 ehRecvr - ok
04:19:16.0034 6616 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
04:19:16.0067 6616 ehSched - ok
04:19:16.0179 6616 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
04:19:16.0272 6616 elxstor - ok
04:19:16.0616 6616 ePowerSvc (ac5c64f828c0a6a1350971501ac2a0c7) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
04:19:16.0787 6616 ePowerSvc - ok
04:19:16.0925 6616 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
04:19:16.0971 6616 ErrDev - ok
04:19:17.0046 6616 ETD (dbaa0c650c9549dc5c599d1e81dedaad) C:\Windows\system32\DRIVERS\ETD.sys
04:19:17.0128 6616 ETD - ok
04:19:17.0254 6616 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
04:19:17.0618 6616 EventSystem - ok
04:19:17.0887 6616 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:19:17.0978 6616 exfat - ok
04:19:18.0011 6616 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:19:18.0075 6616 fastfat - ok
04:19:18.0173 6616 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
04:19:18.0367 6616 Fax - ok
04:19:18.0413 6616 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
04:19:18.0460 6616 fdc - ok
04:19:18.0491 6616 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
04:19:18.0663 6616 fdPHost - ok
04:19:18.0710 6616 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
04:19:18.0866 6616 FDResPub - ok
04:19:18.0881 6616 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:19:18.0944 6616 FileInfo - ok
04:19:18.0975 6616 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:19:19.0037 6616 Filetrace - ok
04:19:19.0193 6616 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
04:19:19.0303 6616 FLEXnet Licensing Service - ok
04:19:19.0349 6616 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
04:19:19.0396 6616 flpydisk - ok
04:19:19.0443 6616 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
04:19:19.0537 6616 FltMgr - ok
04:19:19.0693 6616 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
04:19:19.0927 6616 FontCache - ok
04:19:20.0005 6616 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:19:20.0067 6616 FontCache3.0.0.0 - ok
04:19:20.0129 6616 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:19:20.0207 6616 FsDepends - ok
04:19:20.0254 6616 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
04:19:20.0317 6616 Fs_Rec - ok
04:19:20.0738 6616 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:19:20.0909 6616 fvevol - ok
04:19:20.0972 6616 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
04:19:21.0060 6616 gagp30kx - ok
04:19:21.0182 6616 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
04:19:21.0251 6616 GamesAppService - ok
04:19:21.0380 6616 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:19:21.0433 6616 GEARAspiWDM - ok
04:19:21.0738 6616 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
04:19:21.0930 6616 gpsvc - ok
04:19:22.0024 6616 GREGService (84e58fea8b1a7537696a20c59cb9b0c9) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
04:19:22.0054 6616 GREGService - ok
04:19:22.0336 6616 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:19:22.0408 6616 gupdate - ok
04:19:22.0433 6616 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:19:22.0449 6616 gupdatem - ok
04:19:22.0485 6616 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
04:19:22.0517 6616 gusvc - ok
04:19:22.0554 6616 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:19:22.0612 6616 hcw85cir - ok
04:19:22.0657 6616 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
04:19:22.0759 6616 HdAudAddService - ok
04:19:22.0822 6616 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
04:19:22.0869 6616 HDAudBus - ok
04:19:22.0896 6616 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
04:19:22.0979 6616 HidBatt - ok
04:19:23.0029 6616 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
04:19:23.0119 6616 HidBth - ok
04:19:23.0261 6616 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
04:19:23.0345 6616 HidIr - ok
04:19:23.0577 6616 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
04:19:23.0727 6616 hidserv - ok
04:19:23.0883 6616 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
04:19:23.0945 6616 HidUsb - ok
04:19:24.0070 6616 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
04:19:24.0319 6616 hkmsvc - ok
04:19:24.0522 6616 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
04:19:24.0741 6616 HomeGroupListener - ok
04:19:24.0803 6616 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
04:19:25.0099 6616 HomeGroupProvider - ok
04:19:25.0131 6616 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
04:19:25.0177 6616 HpSAMD - ok
04:19:25.0255 6616 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
04:19:25.0333 6616 HTTP - ok
04:19:25.0365 6616 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
04:19:25.0427 6616 hwpolicy - ok
04:19:25.0458 6616 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
04:19:25.0521 6616 i8042prt - ok
04:19:26.0021 6616 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
04:19:26.0099 6616 iaStorV - ok
04:19:26.0239 6616 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:19:26.0317 6616 idsvc - ok
04:19:26.0364 6616 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
04:19:26.0458 6616 iirsp - ok
04:19:26.0567 6616 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
04:19:26.0770 6616 IKEEXT - ok
04:19:26.0816 6616 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
04:19:26.0879 6616 intelide - ok
04:19:26.0927 6616 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
04:19:26.0973 6616 intelppm - ok
04:19:27.0036 6616 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
04:19:27.0207 6616 IPBusEnum - ok
04:19:27.0223 6616 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:19:27.0285 6616 IpFilterDriver - ok
04:19:27.0363 6616 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
04:19:27.0551 6616 iphlpsvc - ok
04:19:27.0613 6616 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
04:19:27.0675 6616 IPMIDRV - ok
04:19:27.0707 6616 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:19:27.0753 6616 IPNAT - ok
04:19:27.0957 6616 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
04:19:27.0988 6616 iPod Service - ok
04:19:28.0020 6616 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:19:28.0082 6616 IRENUM - ok
04:19:28.0098 6616 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
04:19:28.0160 6616 isapnp - ok
04:19:28.0191 6616 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
04:19:28.0269 6616 iScsiPrt - ok
04:19:28.0300 6616 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
04:19:28.0347 6616 kbdclass - ok
04:19:28.0378 6616 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
04:19:28.0441 6616 kbdhid - ok
04:19:28.0503 6616 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:19:28.0675 6616 KeyIso - ok
04:19:28.0722 6616 KmxAgent (7594e8799fa212576c93bfdf54583452) C:\Windows\system32\DRIVERS\kmxagent.sys
04:19:28.0768 6616 KmxAgent - ok
04:19:28.0831 6616 KmxAMRT (e5bb08fcf05ef7333be3b5b35295c4c0) C:\Windows\system32\DRIVERS\KmxAMRT.sys
04:19:28.0893 6616 KmxAMRT - ok
04:19:28.0956 6616 KmxCF (54721e47b8350770332128fcffc7a460) C:\Windows\system32\DRIVERS\KmxCF.sys
04:19:29.0002 6616 KmxCF - ok
04:19:29.0049 6616 KmxCfg (174a70fd5367388f6f378cbc6dd723ee) C:\Windows\system32\DRIVERS\kmxcfg.sys
04:19:29.0096 6616 KmxCfg - ok
04:19:29.0127 6616 KmxFile (dc77781ab8cf3043da60187a1511fef6) C:\Windows\system32\DRIVERS\KmxFile.sys
04:19:29.0174 6616 KmxFile - ok
04:19:29.0221 6616 KmxFilter (87da5afc8950ec34d0cddf3438370727) C:\Windows\system32\DRIVERS\KmxFilter.sys
04:19:29.0268 6616 KmxFilter - ok
04:19:29.0299 6616 KmxFw (15260d1b5bb6ba8e5079e758fce88207) C:\Windows\system32\DRIVERS\kmxfw.sys
04:19:29.0377 6616 KmxFw - ok
04:19:29.0392 6616 KmxSbx (9ea56ddeeb080727ff448a0c6e37de08) C:\Windows\system32\DRIVERS\KmxSbx.sys
04:19:29.0439 6616 KmxSbx - ok
04:19:29.0486 6616 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
04:19:29.0564 6616 KSecDD - ok
04:19:29.0611 6616 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
04:19:29.0704 6616 KSecPkg - ok
04:19:29.0751 6616 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:19:29.0814 6616 ksthunk - ok
04:19:29.0892 6616 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
04:19:30.0126 6616 KtmRm - ok
04:19:30.0172 6616 L1C (6dd5383c9413aae3113faf89e345663d) C:\Windows\system32\DRIVERS\L1C62x64.sys
04:19:30.0219 6616 L1C - ok
04:19:30.0282 6616 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
04:19:30.0640 6616 LanmanServer - ok
04:19:30.0672 6616 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
04:19:31.0124 6616 LanmanWorkstation - ok
04:19:31.0218 6616 libusb0 (acec35f181075b20a5ef4a71958b13df) C:\Windows\system32\drivers\libusb0.sys
04:19:31.0280 6616 libusb0 - ok
04:19:31.0374 6616 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
04:19:31.0420 6616 Live Updater Service - ok
04:19:31.0452 6616 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:19:31.0498 6616 lltdio - ok
04:19:31.0545 6616 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
04:19:31.0795 6616 lltdsvc - ok
04:19:31.0826 6616 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
04:19:32.0060 6616 lmhosts - ok
04:19:32.0122 6616 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
04:19:32.0185 6616 LSI_FC - ok
04:19:32.0200 6616 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
04:19:32.0247 6616 LSI_SAS - ok
04:19:32.0263 6616 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
04:19:32.0310 6616 LSI_SAS2 - ok
04:19:32.0341 6616 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
04:19:32.0388 6616 LSI_SCSI - ok
04:19:32.0450 6616 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:19:32.0512 6616 luafv - ok
04:19:32.0575 6616 McAfee SiteAdvisor Service - ok
04:19:32.0606 6616 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
04:19:32.0840 6616 Mcx2Svc - ok
04:19:32.0871 6616 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
04:19:32.0934 6616 megasas - ok
04:19:33.0012 6616 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
04:19:33.0090 6616 MegaSR - ok
04:19:33.0183 6616 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
04:19:33.0246 6616 Microsoft Office Groove Audit Service - ok
04:19:33.0292 6616 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:19:33.0495 6616 MMCSS - ok
04:19:33.0526 6616 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:19:33.0589 6616 Modem - ok
04:19:33.0620 6616 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:19:33.0667 6616 monitor - ok
04:19:33.0714 6616 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
04:19:33.0760 6616 mouclass - ok
04:19:33.0807 6616 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:19:33.0854 6616 mouhid - ok
04:19:33.0885 6616 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
04:19:33.0948 6616 mountmgr - ok
04:19:33.0994 6616 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
04:19:34.0057 6616 mpio - ok
04:19:34.0088 6616 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:19:34.0150 6616 mpsdrv - ok
04:19:34.0275 6616 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
04:19:34.0540 6616 MpsSvc - ok
04:19:34.0587 6616 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
04:19:34.0650 6616 MRxDAV - ok
04:19:34.0681 6616 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:19:34.0743 6616 mrxsmb - ok
04:19:34.0790 6616 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:19:34.0884 6616 mrxsmb10 - ok
04:19:34.0930 6616 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:19:34.0993 6616 mrxsmb20 - ok
04:19:35.0008 6616 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
04:19:35.0071 6616 msahci - ok
04:19:35.0102 6616 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
04:19:35.0164 6616 msdsm - ok
04:19:35.0211 6616 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
04:19:35.0461 6616 MSDTC - ok
04:19:35.0508 6616 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:19:35.0570 6616 Msfs - ok
04:19:35.0586 6616 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:19:35.0679 6616 mshidkmdf - ok
04:19:35.0710 6616 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
04:19:35.0757 6616 msisadrv - ok
04:19:35.0804 6616 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
04:19:35.0991 6616 MSiSCSI - ok
04:19:36.0007 6616 msiserver - ok
04:19:36.0054 6616 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:19:36.0116 6616 MSKSSRV - ok
04:19:36.0147 6616 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:19:36.0210 6616 MSPCLOCK - ok
04:19:36.0225 6616 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:19:36.0288 6616 MSPQM - ok
04:19:36.0334 6616 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
04:19:36.0412 6616 MsRPC - ok
04:19:36.0444 6616 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
04:19:36.0506 6616 mssmbios - ok
04:19:36.0537 6616 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:19:36.0600 6616 MSTEE - ok
04:19:36.0615 6616 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
04:19:36.0693 6616 MTConfig - ok
04:19:36.0709 6616 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:19:36.0771 6616 Mup - ok
04:19:36.0787 6616 mwlPSDFilter (c009123b206c56854f4e88596035231d) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
04:19:36.0834 6616 mwlPSDFilter - ok
04:19:36.0865 6616 mwlPSDNServ (bf3739eeb9f008b1debac115089a53f8) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
04:19:36.0927 6616 mwlPSDNServ - ok
04:19:36.0974 6616 mwlPSDVDisk (38dd143d95e7a01b86f219dda9c28779) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
04:19:37.0021 6616 mwlPSDVDisk - ok
04:19:37.0239 6616 NanoServiceMain (a830e59f98827943686e90bf79fc96fa) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
04:19:37.0364 6616 NanoServiceMain - ok
04:19:37.0426 6616 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
04:19:37.0738 6616 napagent - ok
04:19:37.0801 6616 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:19:37.0879 6616 NativeWifiP - ok
04:19:37.0988 6616 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
04:19:38.0082 6616 NDIS - ok
04:19:38.0113 6616 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:19:38.0175 6616 NdisCap - ok
04:19:38.0222 6616 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:19:38.0300 6616 NdisTapi - ok
04:19:38.0316 6616 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
04:19:38.0378 6616 Ndisuio - ok
04:19:38.0409 6616 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
04:19:38.0472 6616 NdisWan - ok
04:19:38.0487 6616 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
04:19:38.0565 6616 NDProxy - ok
04:19:38.0581 6616 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:19:38.0643 6616 NetBIOS - ok
04:19:38.0690 6616 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
04:19:38.0784 6616 NetBT - ok
04:19:38.0846 6616 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:19:39.0033 6616 Netlogon - ok
04:19:39.0097 6616 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
04:19:39.0346 6616 Netman - ok
04:19:39.0393 6616 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
04:19:39.0721 6616 netprofm - ok
04:19:39.0814 6616 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:19:39.0892 6616 NetTcpPortSharing - ok
04:19:40.0001 6616 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
04:19:40.0112 6616 nfrd960 - ok
04:19:40.0595 6616 NIHardwareService (0bcb418c2906852c6f9347a258fd5711) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
04:19:40.0673 6616 NIHardwareService - ok
04:19:40.0907 6616 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
04:19:41.0188 6616 NlaSvc - ok
04:19:41.0469 6616 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
04:19:41.0547 6616 NOBU - ok
04:19:41.0750 6616 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:19:41.0843 6616 Npfs - ok
04:19:41.0874 6616 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
04:19:42.0171 6616 nsi - ok
04:19:42.0186 6616 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:19:42.0249 6616 nsiproxy - ok
04:19:42.0405 6616 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
04:19:42.0576 6616 Ntfs - ok
04:19:42.0670 6616 NTI IScheduleSvc (1873214666f6f0a883742df91fbc48c9) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
04:19:42.0732 6616 NTI IScheduleSvc - ok
04:19:42.0873 6616 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
04:19:42.0935 6616 NTIDrvr - ok
04:19:42.0966 6616 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:19:43.0029 6616 Null - ok
04:19:43.0091 6616 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
04:19:43.0169 6616 nvraid - ok
04:19:43.0200 6616 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
04:19:43.0278 6616 nvstor - ok
04:19:43.0294 6616 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
04:19:43.0356 6616 nv_agp - ok
04:19:43.0497 6616 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:19:43.0590 6616 odserv - ok
04:19:43.0637 6616 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
04:19:43.0700 6616 ohci1394 - ok
04:19:43.0746 6616 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:19:43.0793 6616 ose - ok
04:19:43.0856 6616 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:19:44.0152 6616 p2pimsvc - ok
04:19:44.0199 6616 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
04:19:44.0480 6616 p2psvc - ok
04:19:44.0526 6616 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
04:19:44.0589 6616 Parport - ok
04:19:44.0636 6616 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
04:19:44.0714 6616 partmgr - ok
04:19:44.0745 6616 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
04:19:45.0026 6616 PcaSvc - ok
04:19:45.0072 6616 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
04:19:45.0119 6616 pci - ok
04:19:45.0150 6616 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
04:19:45.0228 6616 pciide - ok
04:19:45.0260 6616 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
04:19:45.0338 6616 pcmcia - ok
04:19:45.0353 6616 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:19:45.0416 6616 pcw - ok
04:19:45.0494 6616 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:19:45.0572 6616 PEAUTH - ok
04:19:45.0790 6616 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
04:19:45.0930 6616 PerfHost - ok
04:19:46.0149 6616 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
04:19:46.0523 6616 pla - ok
04:19:46.0617 6616 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
04:19:47.0022 6616 PlugPlay - ok
04:19:47.0116 6616 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
04:19:47.0412 6616 PNRPAutoReg - ok
04:19:47.0459 6616 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:19:47.0740 6616 PNRPsvc - ok
04:19:47.0818 6616 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
04:19:48.0068 6616 PolicyAgent - ok
04:19:48.0161 6616 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
04:19:48.0551 6616 Power - ok
04:19:48.0629 6616 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
04:19:48.0692 6616 PptpMiniport - ok
04:19:48.0723 6616 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
04:19:48.0801 6616 Processor - ok
04:19:48.0848 6616 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
04:19:49.0160 6616 ProfSvc - ok
04:19:49.0206 6616 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:19:49.0440 6616 ProtectedStorage - ok
04:19:49.0503 6616 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
04:19:49.0565 6616 Psched - ok
04:19:49.0643 6616 PSINAflt (bf6b640239be2c28a6bb43adc658fb7f) C:\Windows\system32\DRIVERS\PSINAflt.sys
04:19:49.0706 6616 PSINAflt - ok
04:19:49.0737 6616 PSINFile (2377f49c39725ed0021d75136fb0f746) C:\Windows\system32\DRIVERS\PSINFile.sys
04:19:49.0799 6616 PSINFile - ok
04:19:49.0830 6616 PSINKNC (a90f546b4f49122115768bc94bc81c04) C:\Windows\system32\DRIVERS\psinknc.sys
04:19:49.0893 6616 PSINKNC - ok
04:19:49.0940 6616 PSINProc (f8d7465cdd2a4ecae761ba8a0577d151) C:\Windows\system32\DRIVERS\PSINProc.sys
04:19:50.0002 6616 PSINProc - ok
04:19:50.0033 6616 PSINProt (076254556b4b03ade385619ff33e2f6b) C:\Windows\system32\DRIVERS\PSINProt.sys
04:19:50.0096 6616 PSINProt - ok
04:19:50.0158 6616 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
04:19:50.0220 6616 PxHlpa64 - ok
04:19:50.0361 6616 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
04:19:50.0501 6616 ql2300 - ok
04:19:50.0673 6616 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
04:19:50.0751 6616 ql40xx - ok
04:19:50.0798 6616 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
04:19:51.0110 6616 QWAVE - ok
04:19:51.0141 6616 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:19:51.0219 6616 QWAVEdrv - ok
04:19:51.0250 6616 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:19:51.0312 6616 RasAcd - ok
04:19:51.0359 6616 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:19:51.0407 6616 RasAgileVpn - ok
04:19:51.0438 6616 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
04:19:51.0813 6616 RasAuto - ok
04:19:51.0859 6616 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:19:51.0937 6616 Rasl2tp - ok
04:19:52.0000 6616 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
04:19:52.0390 6616 RasMan - ok
04:19:52.0438 6616 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:19:52.0500 6616 RasPppoe - ok
04:19:52.0547 6616 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:19:52.0609 6616 RasSstp - ok
04:19:52.0640 6616 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
04:19:52.0718 6616 rdbss - ok
04:19:52.0750 6616 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
04:19:52.0812 6616 rdpbus - ok
04:19:52.0843 6616 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:19:52.0906 6616 RDPCDD - ok
04:19:52.0937 6616 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:19:52.0999 6616 RDPENCDD - ok
04:19:53.0015 6616 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:19:53.0077 6616 RDPREFMP - ok
04:19:53.0124 6616 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
04:19:53.0202 6616 RDPWD - ok
04:19:53.0280 6616 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
04:19:53.0358 6616 rdyboost - ok
04:19:53.0405 6616 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
04:19:53.0640 6616 RemoteAccess - ok
04:19:53.0687 6616 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
04:19:54.0014 6616 RemoteRegistry - ok
04:19:54.0030 6616 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
04:19:54.0357 6616 RpcEptMapper - ok
04:19:54.0389 6616 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
04:19:54.0591 6616 RpcLocator - ok
04:19:54.0654 6616 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
04:19:54.0950 6616 RpcSs - ok
04:19:54.0997 6616 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:19:55.0075 6616 rspndr - ok
04:19:55.0169 6616 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
04:19:55.0247 6616 RSUSBSTOR - ok
04:19:55.0309 6616 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:19:55.0481 6616 SamSs - ok
04:19:55.0527 6616 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
04:19:55.0621 6616 sbp2port - ok
04:19:55.0668 6616 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
04:19:56.0011 6616 SCardSvr - ok
04:19:56.0027 6616 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
04:19:56.0105 6616 scfilter - ok
04:19:56.0183 6616 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
04:19:56.0541 6616 Schedule - ok
04:19:56.0573 6616 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:19:56.0604 6616 SCPolicySvc - ok
04:19:56.0635 6616 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
04:19:56.0963 6616 SDRSVC - ok
04:19:57.0041 6616 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:19:57.0119 6616 secdrv - ok
04:19:57.0150 6616 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
04:19:57.0540 6616 seclogon - ok
04:19:57.0571 6616 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
04:19:57.0914 6616 SENS - ok
04:19:57.0945 6616 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
04:19:58.0273 6616 SensrSvc - ok
04:19:58.0320 6616 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
04:19:58.0398 6616 Serenum - ok
04:19:58.0445 6616 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
04:19:58.0523 6616 Serial - ok
04:19:58.0554 6616 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
04:19:58.0616 6616 sermouse - ok
04:19:58.0663 6616 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
04:19:58.0991 6616 SessionEnv - ok
04:19:59.0037 6616 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
04:19:59.0115 6616 sffdisk - ok
04:19:59.0147 6616 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
04:19:59.0209 6616 sffp_mmc - ok
04:19:59.0240 6616 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
04:19:59.0334 6616 sffp_sd - ok
04:19:59.0365 6616 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
04:19:59.0427 6616 sfloppy - ok
04:19:59.0537 6616 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
04:19:59.0724 6616 SharedAccess - ok
04:19:59.0771 6616 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
04:20:00.0145 6616 ShellHWDetection - ok
04:20:00.0192 6616 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
04:20:00.0317 6616 SiSRaid2 - ok
04:20:00.0473 6616 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
04:20:00.0535 6616 SiSRaid4 - ok
04:20:00.0613 6616 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:20:00.0675 6616 Smb - ok
04:20:00.0769 6616 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
04:20:01.0128 6616 SNMPTRAP - ok
04:20:01.0159 6616 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:20:01.0221 6616 spldr - ok
04:20:01.0284 6616 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
04:20:01.0644 6616 Spooler - ok
04:20:01.0878 6616 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
04:20:02.0283 6616 sppsvc - ok
04:20:02.0424 6616 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
04:20:02.0767 6616 sppuinotify - ok
04:20:02.0860 6616 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
04:20:02.0938 6616 srv - ok
04:20:03.0001 6616 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
04:20:03.0079 6616 srv2 - ok
04:20:03.0110 6616 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
04:20:03.0188 6616 srvnet - ok
04:20:03.0250 6616 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
04:20:03.0594 6616 SSDPSRV - ok
04:20:03.0625 6616 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
04:20:03.0968 6616 SstpSvc - ok
04:20:04.0015 6616 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
04:20:04.0093 6616 stexstor - ok
04:20:04.0171 6616 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
04:20:04.0592 6616 stisvc - ok
04:20:04.0608 6616 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
04:20:04.0670 6616 swenum - ok
04:20:04.0873 6616 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04:20:04.0904 6616 SwitchBoard - ok
04:20:04.0966 6616 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
04:20:05.0310 6616 swprv - ok
04:20:05.0450 6616 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
04:20:05.0871 6616 SysMain - ok
04:20:06.0012 6616 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
04:20:06.0386 6616 TabletInputService - ok
04:20:06.0448 6616 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
04:20:06.0807 6616 TapiSrv - ok
04:20:06.0838 6616 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
04:20:07.0182 6616 TBS - ok
04:20:07.0400 6616 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
04:20:07.0540 6616 Tcpip - ok
04:20:07.0993 6616 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
04:20:08.0055 6616 TCPIP6 - ok
04:20:08.0211 6616 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
04:20:08.0289 6616 tcpipreg - ok
04:20:08.0336 6616 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:20:08.0414 6616 TDPIPE - ok
04:20:08.0445 6616 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
04:20:08.0523 6616 TDTCP - ok
04:20:08.0570 6616 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
04:20:08.0648 6616 tdx - ok
04:20:08.0679 6616 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
04:20:08.0742 6616 TermDD - ok
04:20:08.0820 6616 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
04:20:09.0194 6616 TermService - ok
04:20:09.0225 6616 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
04:20:09.0584 6616 Themes - ok
04:20:09.0631 6616 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:20:09.0818 6616 THREADORDER - ok
04:20:09.0849 6616 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
04:20:10.0208 6616 TrkWks - ok
04:20:10.0270 6616 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
04:20:10.0270 6616 TrustedInstaller - ok
04:20:10.0302 6616 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:20:10.0380 6616 tssecsrv - ok
04:20:10.0442 6616 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
04:20:10.0520 6616 TsUsbFlt - ok
04:20:10.0567 6616 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
04:20:10.0629 6616 TsUsbGD - ok
04:20:10.0660 6616 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
04:20:10.0738 6616 tunnel - ok
04:20:10.0770 6616 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
04:20:10.0848 6616 uagp35 - ok
04:20:10.0879 6616 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
04:20:10.0941 6616 UBHelper - ok
04:20:10.0988 6616 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
04:20:11.0066 6616 udfs - ok
04:20:11.0113 6616 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
04:20:11.0487 6616 UI0Detect - ok
04:20:11.0518 6616 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
04:20:11.0628 6616 uliagpkx - ok
04:20:11.0674 6616 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
04:20:11.0752 6616 umbus - ok
04:20:11.0799 6616 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
04:20:11.0862 6616 UmPass - ok
04:20:12.0018 6616 UmxEngine (af950f62e5fc72ffdb7363f72600b21c) C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
04:20:12.0064 6616 UmxEngine - ok
04:20:12.0142 6616 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
04:20:12.0532 6616 upnphost - ok
04:20:12.0610 6616 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
04:20:12.0751 6616 USBAAPL64 - ok
04:20:12.0829 6616 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
04:20:12.0891 6616 usbaudio - ok
04:20:12.0938 6616 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
04:20:13.0016 6616 usbccgp - ok
04:20:13.0063 6616 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
04:20:13.0141 6616 usbcir - ok
04:20:13.0156 6616 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
04:20:13.0234 6616 usbehci - ok
04:20:13.0281 6616 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys
04:20:13.0344 6616 usbfilter - ok
04:20:13.0422 6616 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
04:20:13.0515 6616 usbhub - ok
04:20:13.0546 6616 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
04:20:13.0687 6616 usbohci - ok
04:20:13.0734 6616 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
04:20:13.0843 6616 usbprint - ok
04:20:13.0890 6616 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:20:13.0968 6616 USBSTOR - ok
04:20:13.0968 6616 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
04:20:14.0046 6616 usbuhci - ok
04:20:14.0077 6616 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
04:20:14.0170 6616 usbvideo - ok
04:20:14.0186 6616 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
04:20:14.0560 6616 UxSms - ok
04:20:14.0654 6616 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:20:14.0841 6616 VaultSvc - ok
04:20:14.0872 6616 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
04:20:14.0950 6616 vdrvroot - ok
04:20:14.0997 6616 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
04:20:15.0403 6616 vds - ok
04:20:15.0450 6616 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:20:15.0528 6616 vga - ok
04:20:15.0574 6616 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:20:15.0652 6616 VgaSave - ok
04:20:15.0699 6616 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
04:20:15.0793 6616 vhdmp - ok
04:20:15.0824 6616 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
04:20:15.0918 6616 viaide - ok
04:20:15.0964 6616 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
04:20:16.0042 6616 volmgr - ok
04:20:16.0089 6616 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
04:20:16.0214 6616 volmgrx - ok
04:20:16.0292 6616 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
04:20:16.0401 6616 volsnap - ok
04:20:16.0432 6616 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
04:20:16.0510 6616 vsmraid - ok
04:20:16.0666 6616 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
04:20:17.0103 6616 VSS - ok
04:20:17.0259 6616 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
04:20:17.0337 6616 vwifibus - ok
04:20:17.0368 6616 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
04:20:17.0446 6616 vwififlt - ok
04:20:17.0493 6616 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
04:20:17.0930 6616 W32Time - ok
04:20:17.0977 6616 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
04:20:18.0055 6616 WacomPen - ok
04:20:18.0102 6616 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:20:18.0180 6616 WANARP - ok
04:20:18.0195 6616 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:20:18.0242 6616 Wanarpv6 - ok
04:20:18.0382 6616 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
04:20:18.0476 6616 WatAdminSvc - ok
04:20:18.0601 6616 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
04:20:19.0131 6616 wbengine - ok
04:20:19.0287 6616 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
04:20:19.0693 6616 WbioSrvc - ok
04:20:19.0740 6616 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
04:20:20.0161 6616 wcncsvc - ok
04:20:20.0176 6616 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
04:20:20.0566 6616 WcsPlugInService - ok
04:20:20.0644 6616 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
04:20:20.0785 6616 Wd - ok
04:20:20.0864 6616 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:20:21.0004 6616 Wdf01000 - ok
04:20:21.0035 6616 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:20:21.0410 6616 WdiServiceHost - ok
04:20:21.0425 6616 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:20:21.0784 6616 WdiSystemHost - ok
04:20:21.0848 6616 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
04:20:22.0253 6616 WebClient - ok
04:20:22.0300 6616 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
04:20:22.0752 6616 Wecsvc - ok
04:20:22.0784 6616 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
04:20:23.0159 6616 wercplsupport - ok
04:20:23.0206 6616 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
04:20:23.0565 6616 WerSvc - ok
04:20:23.0627 6616 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:20:23.0799 6616 WfpLwf - ok
04:20:23.0845 6616 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:20:23.0986 6616 WIMMount - ok
04:20:24.0079 6616 WinDefend - ok
04:20:24.0111 6616 WinHttpAutoProxySvc - ok
04:20:24.0189 6616 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
04:20:24.0267 6616 Winmgmt - ok
04:20:24.0438 6616 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
04:20:24.0984 6616 WinRM - ok
04:20:25.0156 6616 WinSvchostManagerSrv (468570216ad689fd4af9db4b3d3027c9) C:\Windows\SysWOW64\cfgmig32.exe
04:20:25.0203 6616 WinSvchostManagerSrv - ok
04:20:25.0343 6616 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
04:20:25.0421 6616 WinUsb - ok
04:20:25.0515 6616 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
04:20:25.0967 6616 Wlansvc - ok
04:20:26.0045 6616 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
04:20:26.0076 6616 wlcrasvc - ok
04:20:26.0295 6616 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:20:26.0404 6616 wlidsvc - ok
04:20:26.0607 6616 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
04:20:26.0685 6616 WmiAcpi - ok
04:20:26.0809 6616 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
04:20:26.0872 6616 wmiApSrv - ok
04:20:26.0950 6616 WMPNetworkSvc - ok
04:20:26.0981 6616 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
04:20:27.0402 6616 WPCSvc - ok
04:20:27.0418 6616 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
04:20:27.0855 6616 WPDBusEnum - ok
04:20:27.0870 6616 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:20:27.0948 6616 ws2ifsl - ok
04:20:28.0011 6616 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
04:20:28.0416 6616 wscsvc - ok
04:20:28.0416 6616 WSearch - ok
04:20:28.0603 6616 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
04:20:29.0134 6616 wuauserv - ok
04:20:29.0321 6616 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
04:20:29.0399 6616 WudfPf - ok
04:20:29.0446 6616 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:20:29.0539 6616 WUDFRd - ok
04:20:29.0586 6616 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
04:20:30.0023 6616 wudfsvc - ok
04:20:30.0070 6616 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
04:20:30.0507 6616 WwanSvc - ok
04:20:30.0553 6616 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
04:20:30.0819 6616 \Device\Harddisk0\DR0 - ok
04:20:30.0834 6616 Boot (0x1200) (4d9bf04d20feff5fdc70d2f4560b2a06) \Device\Harddisk0\DR0\Partition0
04:20:30.0834 6616 \Device\Harddisk0\DR0\Partition0 - ok
04:20:30.0865 6616 Boot (0x1200) (2b35b513bd88028a64bb4bdde2baa4c5) \Device\Harddisk0\DR0\Partition1
04:20:30.0865 6616 \Device\Harddisk0\DR0\Partition1 - ok
04:20:30.0865 6616 ============================================================
04:20:30.0865 6616 Scan finished
04:20:30.0865 6616 ============================================================
04:20:30.0912 1084 Detected object count: 0
04:20:30.0912 1084 Actual detected object count: 0
04:21:39.0424 5708 Deinitialize success

#12 brokenclown

brokenclown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 15 June 2012 - 04:16 AM

aswMBR log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-15 04:22:16
-----------------------------
04:22:16.365 OS Version: Windows x64 6.1.7601 Service Pack 1
04:22:16.365 Number of processors: 2 586 0x200
04:22:16.381 ComputerName: LUSCIOUS-PC UserName: Luscious
04:22:19.751 Initialize success
04:23:25.328 AVAST engine defs: 12061401
04:23:37.434 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:23:37.434 Disk 0 Vendor: ST9250315AS 0001SDM1 Size: 238475MB BusType: 11
04:23:37.465 Disk 0 MBR read successfully
04:23:37.465 Disk 0 MBR scan
04:23:37.496 Disk 0 Windows 7 default MBR code
04:23:37.512 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
04:23:37.558 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
04:23:37.714 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223013 MB offset 31664128
04:23:37.870 Disk 0 scanning C:\Windows\system32\drivers
04:24:06.606 Service scanning
04:24:58.612 Modules scanning
04:24:58.644 Disk 0 trace - called modules:
04:24:58.659 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
04:24:58.675 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047f4590]
04:24:58.690 3 CLASSPNP.SYS[fffff880019a543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003dcc680]
04:24:59.736 AVAST engine scan C:\Windows
04:25:08.986 AVAST engine scan C:\Windows\system32
04:30:35.570 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
04:33:11.793 AVAST engine scan C:\Windows\system32\drivers
04:33:47.083 AVAST engine scan C:\Users\Luscious
04:36:30.482 File: C:\Users\Luscious\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00014d **INFECTED** Win32:MalOb-HU [Cryp]
04:59:27.758 AVAST engine scan C:\ProgramData
05:13:07.697 Scan finished successfully
05:14:14.841 Disk 0 MBR has been saved successfully to "C:\Users\Luscious\Desktop\MBR.dat"
05:14:14.874 The log file has been saved successfully to "C:\Users\Luscious\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:56 AM

Posted 15 June 2012 - 07:20 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Users\Luscious\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00014d

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 brokenclown

brokenclown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 16 June 2012 - 02:39 AM

So far the computer looks good. I'll give it a full use tomorrow and see how it goes.
here is the second COMBOFIX log


ComboFix 12-06-15.06 - Luscious 06/15/2012 17:40:38.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3819.2398 [GMT -4:00]
Running from: c:\users\Luscious_2\Downloads\ComboFix.exe
Command switches used :: c:\users\Luscious_2\Desktop\CFScript.txt
AV: CA Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
FW: CA Personal Firewall *Disabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
SP: CA Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Luscious\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00014d"
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
.
.
((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-16 01:28 . 2012-06-16 07:08 -------- d-----w- c:\users\Luscious\AppData\Local\temp
2012-06-16 01:28 . 2012-06-16 01:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 08:04 . 2012-06-16 07:06 -------- d-----w- c:\users\Luscious_2\AppData\Local\temp
2012-06-14 05:28 . 2012-06-14 05:28 -------- d-----w- c:\users\Luscious_2\AppData\Local\Macromedia
2012-06-13 21:43 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 21:43 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 21:43 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 21:42 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 21:42 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 21:42 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 21:42 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 21:42 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 21:42 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 21:42 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 21:42 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 21:41 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 21:41 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 21:41 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 21:41 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 21:41 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 21:41 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 16:12 . 2012-06-13 16:12 116016 ----a-w- c:\windows\system32\drivers\10330432.sys
2012-06-13 07:54 . 2012-06-13 07:54 -------- d-----w- c:\users\Luscious_2\Pavark
2012-06-13 06:20 . 2012-06-13 06:20 -------- d-----w- c:\users\Luscious_2\AppData\Roaming\Malwarebytes
2012-06-12 21:09 . 2012-06-12 21:09 -------- d-----w- c:\users\Luscious\AppData\Roaming\Malwarebytes
2012-06-12 21:09 . 2012-06-12 21:09 -------- d-----w- c:\programdata\Malwarebytes
2012-06-12 21:09 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 21:09 . 2012-06-12 21:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-12 18:39 . 2012-06-12 18:39 -------- d-----w- c:\users\Luscious_2\AppData\Roaming\Panda Security
2012-06-12 18:15 . 2012-06-12 18:15 -------- d-----w- c:\users\Luscious\AppData\Roaming\Panda Security
2012-06-12 18:12 . 2012-06-12 18:12 -------- d-----w- c:\programdata\Panda Security
2012-06-12 18:12 . 2012-06-12 18:12 -------- d-----w- c:\program files (x86)\Panda Security
2012-06-12 18:10 . 2012-06-12 18:11 -------- d-----w- C:\temp
2012-06-10 22:50 . 2012-06-10 22:50 -------- d-----w- c:\users\Luscious\AppData\Local\ElevatedDiagnostics
2012-06-10 19:34 . 2012-06-10 19:34 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-18 07:04 . 2012-05-18 07:04 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-18 07:04 . 2012-05-18 07:04 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 18:07 . 2012-04-03 19:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 18:07 . 2011-07-25 05:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2012-05-09 02:11 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 22:47 . 2012-05-09 02:11 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35 . 2012-05-11 03:15 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-15_07.26.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-16 07:09 56418 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2012-06-16 07:07 . 2012-06-16 07:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-15 07:24 . 2012-06-15 07:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-15 07:24 . 2012-06-15 07:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-16 07:07 . 2012-06-16 07:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-06-16 07:07 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-15 07:25 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-06-16 07:04 567940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-15 07:23 567940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-06-16 07:07 2031616 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-15 07:25 2031616 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-15 07:25 6504448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-16 07:07 6504448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-24 07:12 . 2012-06-16 01:44 2492184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-24 07:12 . 2012-05-25 06:44 2492184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-23 20:38 . 2012-06-15 07:23 5863019 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1388795440-3148423484-601039858-1001-8192.dat
+ 2011-12-23 20:38 . 2012-06-15 10:01 5863019 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1388795440-3148423484-601039858-1001-8192.dat
- 2011-12-24 07:12 . 2012-06-15 04:07 10375560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1388795440-3148423484-601039858-1003-8192.dat
+ 2011-12-24 07:12 . 2012-06-16 07:04 10375560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1388795440-3148423484-601039858-1003-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-10 177448]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-03 95504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2008-4-3 415072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2011-02-24 19:33 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys [x]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2012-03-02 29184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [x]
S0 KmxFw;KmxFw;c:\windows\System32\DRIVERS\kmxfw.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [x]
S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [x]
S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [x]
S1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\DRIVERS\KmxFilter.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-15 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-13 249648]
S2 CAAMSvc;CAAMSvc;c:\program files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe [2011-12-23 291656]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2011-07-02 286032]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [x]
S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-04-04 920656]
S2 WinSvchostManagerSrv;WinSvchostManagerSrv;c:\windows\SysWOW64\cfgmig32.exe [2011-07-02 263504]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1388795440-3148423484-601039858-1003Core.job
- c:\users\Luscious_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-24 00:44]
.
2012-06-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1388795440-3148423484-601039858-1003UA.job
- c:\users\Luscious_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-24 00:44]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 20:16]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 20:16]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388795440-3148423484-601039858-1001Core.job
- c:\users\Luscious\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 20:21]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388795440-3148423484-601039858-1001UA.job
- c:\users\Luscious\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 20:21]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388795440-3148423484-601039858-1003Core.job
- c:\users\Luscious_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 00:42]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388795440-3148423484-601039858-1003UA.job
- c:\users\Luscious_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 00:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2011-07-02 2658128]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
.
**************************************************************************
.
Completion time: 2012-06-16 03:32:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-16 07:32
ComboFix2.txt 2012-06-15 08:04
.
Pre-Run: 127,147,708,416 bytes free
Post-Run: 127,253,045,248 bytes free
.
- - End Of File - - F08B34778FB111A4BE00F4E1EC5513B3

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:56 AM

Posted 16 June 2012 - 03:07 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Bing Bar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users