Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus damaged Winsock2 and internet connectivity


  • This topic is locked This topic is locked
25 replies to this topic

#1 Brieyan

Brieyan

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 07 July 2012 - 01:11 PM

I am running Windows Vista Home Premium (32 bit) on an Acer laptop. The DDS logs would not pop up after the scan finished so I don't have any DDS logs to post at this time. I did get a GMER log that I will post following my description of the problem.

My laptop caught a nasty little bug that brought in a payload of other bugs with it. I have already used a payload of bug killers to try and get all the bugs out. The bugs were opening pop-ups, doing browser redirects, disabled my system restore and deleted my restore points, and finally destroyed my winsock2. I was not able to connect to my wireless network anymore. Reinstalling Windows is not an option as my DVD drive quit working in the middle of this. The system won't even boot to the DVD Drive. I am pretty experienced at getting rid of viruses but the damage left over from these is something I have not been able to fix. I thought I had all the bugs out and started a help topic in the networking forum, but was advised to make a post here as I may still be infected. Once infected I used these tools to try and remove the bugs.


Hijack this - I removed some entries that I knew were bad. I run this tool frequently so am familiar with what should be there on my PC
Malawarebytes - which was not much of a help and usually isn't against the nasty ones.
Combofix - This program would lock up just before the scan and would do nothing. Initially I waited a couple of hours once and nothing. I did get it work eventually when some of the other tools paved the way for it. Combofix did find problems that it deleted. (I know the warnings with this tool)
Unhackme - which was the first AV tool that made some progress and helped to get other tools functioning that would not even work.
Sophos - which made some progress as well
Trend Micro RootkitBuster - which struggled to begin with but eventually was a pretty big help and did remove some bugs. It currently finds nothing.
TDSSKiller - which wouldn't even run initially and by the time I got that working it found nothing and still finds nothing.
GMER - which would only run with reduced functionality initially. I eventually got it to work and found a library issue that combofix took care of GMER finds nothing suspicious now.
ASWMBR - which would not work initially but ran later and finds nothing now

At this time any virus tool that intalls into the system has been uninstalled.

After my machine looked clear my winsock2 was corrupted. Regedit would not allow me to modify or delete the winsock2 key as the catalog5 and catalog9 key folders had hidden entries in them. The folders would not open or delete. I tried everything to fix this to include trying to restore the key from the system hive and editing the registry from the command prompt when booting in repair command prompt only mode. I finally corrected this problem by changing all the ownership and usage rights of the winsock2 key and all its subfolders manually. It was about 30 folder rights I had to change, but I was finally able to delete winsock2 and it reinstalled like it should have. I've run the netsh winsock reset command which would not work until I deleted the winsock2 key. That netsh tool runs correctly now and says it resets winsock successfully. The netsh int ip reset command still appears a little buggy as it returns this.

Reseting Echo Request, failed.
Access is denied.

Reseting Interface, OK!
A reboot is required to complete this action.


I have run every command and tool as an elevated user. I also activated the administrator account logged onto it and ran everything from there as well. After all that I have done my laptops wireless adapter has come back to life. It now sees my wireless network and talks to my router. It does get TCP and DNS information assigned to it by the router and sees and connects to computers on my local network but the browsers will still not open internet pages. After getting my winsock working I uninstalled my network adapters to reinstall them and reset the bindings. I deleted the wireless connection in network sharing center and ran the network connection wizard. When I do this the internet lights up on the network map and its says I'm connected to the internet but none of the browers will load a page.

In all I've thrown the kitchen sink at the problem and I'm still left with an expensive paper weight. The computer boots quickly and seems to run fairly well overall except for not browsing the internet and I appear to have trouble opening text files on the laptop.

I know this has been long winded but I wanted to make sure the steps I have taken were known so that no repeat work is suggested.

BC AdBot (Login to Remove)

 


#2 Brieyan

Brieyan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 07 July 2012 - 01:12 PM

gmer log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-07 13:56:13
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542512K9SA00 rev.BB2OC31P
Running: gmer.exe; Driver: C:\Users\Brieyan\AppData\Local\Temp\kxtdqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8A804000, 0x213E57, 0xE8000020]
? C:\Users\Brieyan\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[2616] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 757BB37C 4 Bytes [F0, 1F, 00, 10]
.text C:\Windows\Explorer.EXE[2616] SHELL32.dll!ShellExecuteExW + 18B7 757EDA0C 4 Bytes [40, 1D, 00, 10]
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3384] kernel32.dll!SetUnhandledExceptionFilter 7563A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat

---- EOF - GMER 1.0.15 ----

Edited by Brieyan, 07 July 2012 - 01:15 PM.


#3 Brieyan

Brieyan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 07 July 2012 - 01:16 PM

Mini toolbox log

MiniToolBox by Farbar Version: 09-06-2012
Ran by Brieyan (administrator) on 07-07-2012 at 12:33:27
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= Winsock entries =====================================

Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/07/2012 07:40:35 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/07/2012 07:40:35 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/07/2012 07:40:17 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/07/2012 07:40:17 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/07/2012 07:26:33 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (07/07/2012 07:24:54 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (07/07/2012 07:23:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2012 07:21:53 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (07/07/2012 04:41:22 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (07/07/2012 04:38:22 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9


System errors:
=============
Error: (07/07/2012 07:41:02 AM) (Source: WinDefend) (User: )
Description: %27 has encountered an error trying to update signatures.

New Signature Version: 1.125.1854.0

Previous Signature Version: 1.0.0.0

Update Source: %20

Signature Type: %272

Update Type: %274

User: \

Current Engine Version: %275

Previous Engine Version: %276

Error code: %277

Error description: %278

Error: (07/07/2012 07:31:52 AM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (07/07/2012 07:26:33 AM) (Source: Service Control Manager) (User: )
Description: Print Spooler3

Error: (07/07/2012 07:24:54 AM) (Source: Service Control Manager) (User: )
Description: Print Spooler2600001Restart the service

Error: (07/07/2012 07:23:24 AM) (Source: Service Control Manager) (User: )
Description: Routing and Remote Access11001 (0x2AF9)

Error: (07/07/2012 07:23:24 AM) (Source: Service Control Manager) (User: )
Description: cdrom

Error: (07/07/2012 07:23:24 AM) (Source: Service Control Manager) (User: )
Description: Print Spooler1600001Restart the service

Error: (07/07/2012 07:23:24 AM) (Source: Service Control Manager) (User: )
Description: SQL Server VSS Writer1

Error: (07/07/2012 07:23:24 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (07/07/2012 07:22:04 AM) (Source: RemoteAccess) (User: )
Description: The currently configured authentication provider failed to load and initialize successfully. No such host is known.


Microsoft Office Sessions:
=========================
Error: (07/07/2012 07:40:35 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/07/2012 07:40:35 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/07/2012 07:40:17 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/07/2012 07:40:17 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/07/2012 07:26:33 AM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (07/07/2012 07:24:54 AM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (07/07/2012 07:23:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2012 07:21:53 AM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (07/07/2012 04:41:22 AM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (07/07/2012 04:38:22 AM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: SYSTEM)SYSTEM
Description: 0x80072af9


**** End of log ****

#4 Brieyan

Brieyan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 07 July 2012 - 01:18 PM

FSS Log

Farbar Service Scanner Version: 22-06-2012 01
Ran by Brieyan (administrator) on 07-07-2012 at 12:31:19
Running from "C:\Bug Removers"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blokked: Other errors
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.
The ServiceDll of RpcSs service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 12 July 2012 - 01:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459666 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 Brieyan

Brieyan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 12 July 2012 - 08:18 PM

I did get this laptop working again and have it connected to the internet. I also got the DDS program working and will post the log for that here. I also managed to get the system restore back up and running. Overall I have the laptop running well now. My only problem that I am aware of right now is that LSPFix won't work. Its says is cannot detect my winsock catalogs. I guess I only need someone to look these logs over and give an opinion on if they think I still have a virus. I believe I got all of them, but I'm no expert.

Here is the DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Brieyan at 20:59:13 on 2012-07-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1789.1083 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\System32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\taskeng.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\iashost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.msn.com
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{EC9DFD5C-29DF-4B32-B202-8297CA9B0CBC} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 166fm1f1;Vba32 Armour Driver;c:\windows\system32\drivers\166fm1f1.sys [2012-7-7 35904]
R0 fsh;fsh;c:\windows\system32\drivers\fsh.sys [2010-3-18 39744]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-6-10 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-10 35712]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 mhk;mhk;c:\windows\system32\drivers\mhk.sys [2010-3-18 16232]
R3 moh;moh;c:\windows\system32\drivers\moh.sys [2010-3-18 10600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-18 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-18 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-7 129976]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-7-7 24416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-09 04:24:34 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-09 04:23:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-09 04:23:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-09 00:29:25 -------- d-sh--w- c:\windows\Installer
2012-07-08 23:59:41 -------- d-----w- c:\users\brieyan\appdata\local\Apps
2012-07-07 21:47:53 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2012-07-07 21:35:33 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-07-07 21:35:33 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-07-07 21:35:29 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-07-07 21:35:25 -------- d-----w- c:\program files\UnHackMe
2012-07-07 20:43:26 -------- d-----w- c:\programdata\Viewpoint
2012-07-07 20:24:36 35904 ----a-w- c:\windows\system32\drivers\166fm1f1.sys
2012-07-07 18:57:25 -------- d-----w- c:\users\brieyan\appdata\local\Sophos
2012-07-07 18:52:38 -------- d-----w- c:\programdata\Sophos
2012-06-24 22:27:06 -------- d-----w- c:\users\brieyan\appdata\local\temp
2012-06-23 17:40:05 -------- d-----w- c:\programdata\Malwarebytes
2012-06-23 17:40:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-22 20:06:50 -------- d-sh--w- C:\$RECYCLE.BIN
.
==================== Find3M ====================
.
2012-07-09 00:43:43 411368 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-07 21:35:32 2 --shatr- c:\windows\winstart.bat
2012-04-16 23:24:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-16 23:24:12 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 20:59:50.89 ===============

#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:36 PM

Posted 13 July 2012 - 01:06 PM

Hi Brieyan,

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

You mentioned you had run Combofix. Please post the Combofix log, located at C:\Combofix.txt in your reply (if it exists).
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 Brieyan

Brieyan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 13 July 2012 - 02:52 PM

Hello Jason. Thank you for taking the time to help me. The combofix log does not exist anymore.

Edited by Brieyan, 13 July 2012 - 02:53 PM.


#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:36 PM

Posted 13 July 2012 - 03:10 PM

Brieyan,

Please delete any copies of Combofix.exe on your desktop. Do not make any other changes to your computer!

Please download a NEW version of Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 Brieyan

Brieyan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 13 July 2012 - 03:50 PM

Okay Jason I ran combofix again. It ran smoothly and did not reboot the system. I will post the log in this reply. The only error I can find in my system anymore is when I try to run LSPfix. I get this "Protocol or Namespace keys not present in the Registry. Please reinstall winsock2." All of my internet connectivity problems revolved around my winsock2 and I have a functioning one again as I am typing from the laptop that had the problems. I am very hesitant to mess with my winsock2 any further. I did however put catalog keys back into winsock2 to fix my connectivity issues. Here is the combofix log.

ComboFix 12-07-13.03 - Brieyan 07/13/2012 16:27:35.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1789.949 [GMT -4:00]
Running from: c:\bug removers\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 01:36 . 2012-06-18 07:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF44AECE-C156-4FB1-BC20-EF331BA337CE}\mpengine.dll
2012-07-10 23:24 . 2012-07-10 23:24 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-10 20:37 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 20:30 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-07-10 20:30 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-10 20:30 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-10 20:30 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 20:30 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 20:30 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 20:29 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 20:29 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 20:29 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 01:58 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-10 01:58 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-07-10 01:58 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-10 01:58 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-10 01:51 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-10 01:51 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-07-10 01:51 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-07-10 01:51 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-07-10 01:51 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-07-10 01:51 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-10 01:51 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-07-10 01:51 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-07-10 01:50 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-10 01:50 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-07-10 01:50 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-07-10 01:50 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-07-10 01:50 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-07-10 01:50 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-07-10 01:50 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-07-10 01:50 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-10 01:50 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-07-10 01:50 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-10 01:50 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-09 04:24 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-09 04:24 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-09 04:24 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-09 04:24 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-09 04:24 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-09 04:24 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-09 04:24 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-09 04:23 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-09 04:23 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-09 00:44 . 2012-07-09 00:44 -------- d-----w- c:\program files\Common Files\Java
2012-07-09 00:29 . 2012-07-13 02:14 -------- d-sh--w- c:\windows\Installer
2012-07-08 23:59 . 2012-07-08 23:59 -------- d-----w- c:\users\Brieyan\AppData\Local\Apps
2012-07-07 21:47 . 2012-07-07 21:47 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2012-07-07 21:35 . 2012-05-04 17:17 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-07-07 21:35 . 2012-07-10 20:48 -------- d-----w- c:\program files\UnHackMe
2012-07-07 20:43 . 2012-07-07 20:43 -------- d-----w- c:\programdata\Viewpoint
2012-07-07 20:24 . 2012-07-07 20:24 35904 ----a-w- c:\windows\system32\drivers\166fm1f1.sys
2012-07-07 18:57 . 2012-07-07 18:57 -------- d-----w- c:\users\Brieyan\AppData\Local\Sophos
2012-07-07 18:52 . 2012-07-07 21:32 -------- d-----w- c:\programdata\Sophos
2012-07-07 05:04 . 2012-07-07 05:04 -------- d-----w- c:\programdata\ATI
2012-06-24 01:43 . 2012-06-24 01:47 -------- d-----w- c:\users\Administrator
2012-06-23 17:40 . 2012-06-23 17:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-23 17:40 . 2012-06-23 18:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-23 01:24 . 2012-06-23 01:29 -------- d-----w- c:\users\Admin User
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-09 00:43 . 2011-01-10 01:33 411368 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-07 21:35 . 2012-05-18 08:07 2 --shatr- c:\windows\winstart.bat
2012-05-31 16:25 . 2009-10-03 10:04 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-16 23:24 . 2012-04-16 23:24 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-16 23:24 . 2011-08-31 21:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 02:56 . 2011-11-12 21:52 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-01-10 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17 1261568 ----a-w- c:\program files\Acer\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 01:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-01-03 08:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-12 12:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-12 12:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 19:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S0 166fm1f1;Vba32 Armour Driver;c:\windows\System32\Drivers\166fm1f1.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Partizan
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-04-10 20:10 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 23:24]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-18 18:24]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-18 18:24]
.
2012-07-13 c:\windows\Tasks\User_Feed_Synchronization-{11B46C76-C41C-4CCC-AFB6-FDBED5D038B0}.job
- c:\windows\system32\msfeedssync.exe [2011-04-10 20:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.msn.com
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{EC9DFD5C-29DF-4B32-B202-8297CA9B0CBC}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-46590266.sys
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-Hoyle Board Games - c:\sierra\HCBG2\Uninst.isu
AddRemove-Hoyle Card Games Demo - c:\sierra\HCCG2D\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-13 16:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2904)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Completion time: 2012-07-13 16:41:41
ComboFix-quarantined-files.txt 2012-07-13 20:41
.
Pre-Run: 23,771,705,344 bytes free
Post-Run: 23,689,179,136 bytes free
.
- - End Of File - - 63A22666F18D59BF300695BF6FED189D

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:36 PM

Posted 14 July 2012 - 08:51 AM

Brieyan,

Looking good. :thumbup2:

:step1: Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
When asked to update the definitions, click Yes.
Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

:step2:
  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply

In your next reply, please include:
  • aswMBR log
  • TDSSkiller log
  • Feedback from you - how is your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 Brieyan

Brieyan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 14 July 2012 - 11:22 AM

Hello again Jason. Overall my laptop is running great. It boots quickly and smoothly and loads the browser and all other programs quickly. The browser loads web pages quickly without any pop-ups or redirects. I have all the file associations fixed and any other problem the computer had. The only discernable I can find is the one I mentioned with trying to run LSPfix. Here are the logs you requested. No reboots were required with either program.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-14 12:05:08
-----------------------------
12:05:08.123 OS Version: Windows 6.0.6002 Service Pack 2
12:05:08.123 Number of processors: 2 586 0x6802
12:05:08.124 ComputerName: BKB-PC UserName:
12:05:08.737 Initialize success
12:08:07.433 AVAST engine defs: 12071401
12:08:18.464 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:08:18.468 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC31P Size: 114473MB BusType: 3
12:08:18.492 Disk 0 MBR read successfully
12:08:18.496 Disk 0 MBR scan
12:08:18.502 Disk 0 Windows VISTA default MBR code
12:08:18.510 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
12:08:18.535 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 52238 MB offset 20482048
12:08:18.569 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 52233 MB offset 127465472
12:08:18.597 Disk 0 scanning sectors +234438656
12:08:18.794 Disk 0 scanning C:\Windows\system32\drivers
12:08:32.183 Service scanning
12:09:06.619 Modules scanning
12:09:17.792 Disk 0 trace - called modules:
12:09:17.832 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
12:09:17.841 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8544fac8]
12:09:17.851 3 CLASSPNP.SYS[87fa28b3] -> nt!IofCallDriver -> [0x853f3f08]
12:09:17.860 5 acpi.sys[8060e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x853d7030]
12:09:18.579 AVAST engine scan C:\Windows
12:09:24.013 AVAST engine scan C:\Windows\system32
12:12:51.820 AVAST engine scan C:\Windows\system32\drivers
12:13:07.634 AVAST engine scan C:\Users\Brieyan
12:13:21.375 Disk 0 MBR has been saved successfully to "C:\Bug Removers\MBR.dat"
12:13:21.386 The log file has been saved successfully to "C:\Bug Removers\aswMBR.txt"



TDSSKiller Log

12:15:07.0816 4544 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
12:15:08.0233 4544 ============================================================
12:15:08.0234 4544 Current date / time: 2012/07/14 12:15:08.0233
12:15:08.0234 4544 SystemInfo:
12:15:08.0234 4544
12:15:08.0234 4544 OS Version: 6.0.6002 ServicePack: 2.0
12:15:08.0234 4544 Product type: Workstation
12:15:08.0234 4544 ComputerName: BKB-PC
12:15:08.0234 4544 UserName: Brieyan
12:15:08.0234 4544 Windows directory: C:\Windows
12:15:08.0234 4544 System windows directory: C:\Windows
12:15:08.0234 4544 Processor architecture: Intel x86
12:15:08.0234 4544 Number of processors: 2
12:15:08.0234 4544 Page size: 0x1000
12:15:08.0234 4544 Boot type: Normal boot
12:15:08.0234 4544 ============================================================
12:15:10.0701 4544 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:15:10.0704 4544 ============================================================
12:15:10.0704 4544 \Device\Harddisk0\DR0:
12:15:10.0704 4544 MBR partitions:
12:15:10.0704 4544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x6607000
12:15:10.0704 4544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x798F800, BlocksNum 0x6604800
12:15:10.0704 4544 ============================================================
12:15:10.0754 4544 C: <-> \Device\Harddisk0\DR0\Partition0
12:15:10.0836 4544 D: <-> \Device\Harddisk0\DR0\Partition1
12:15:10.0848 4544 ============================================================
12:15:10.0848 4544 Initialize success
12:15:10.0848 4544 ============================================================
12:15:48.0011 3844 ============================================================
12:15:48.0011 3844 Scan started
12:15:48.0011 3844 Mode: Manual;
12:15:48.0011 3844 ============================================================
12:15:49.0813 3844 166fm1f1 (04f76bc3aff4dd42a0ff860c8e70acc8) C:\Windows\system32\Drivers\166fm1f1.sys
12:15:49.0824 3844 166fm1f1 - ok
12:15:49.0866 3844 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:15:49.0870 3844 ACPI - ok
12:15:49.0946 3844 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:15:49.0949 3844 AdobeFlashPlayerUpdateSvc - ok
12:15:50.0148 3844 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
12:15:50.0178 3844 adp94xx - ok
12:15:50.0222 3844 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
12:15:50.0226 3844 adpahci - ok
12:15:50.0273 3844 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
12:15:50.0275 3844 adpu160m - ok
12:15:50.0301 3844 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
12:15:50.0303 3844 adpu320 - ok
12:15:50.0362 3844 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
12:15:50.0373 3844 AeLookupSvc - ok
12:15:50.0419 3844 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:15:50.0423 3844 AFD - ok
12:15:50.0477 3844 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
12:15:50.0479 3844 agp440 - ok
12:15:50.0497 3844 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:15:50.0498 3844 aic78xx - ok
12:15:50.0697 3844 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
12:15:50.0719 3844 ALG - ok
12:15:50.0741 3844 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
12:15:50.0742 3844 aliide - ok
12:15:50.0762 3844 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
12:15:50.0763 3844 amdagp - ok
12:15:50.0781 3844 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
12:15:50.0782 3844 amdide - ok
12:15:50.0833 3844 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
12:15:50.0834 3844 AmdK7 - ok
12:15:50.0851 3844 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
12:15:50.0852 3844 AmdK8 - ok
12:15:50.0891 3844 AnyDVD (d06f71af2fe5c485b6e778af191ac82b) C:\Windows\system32\Drivers\AnyDVD.sys
12:15:50.0893 3844 AnyDVD - ok
12:15:50.0927 3844 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
12:15:50.0928 3844 Appinfo - ok
12:15:51.0160 3844 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:15:51.0162 3844 Apple Mobile Device - ok
12:15:51.0188 3844 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
12:15:51.0189 3844 arc - ok
12:15:51.0215 3844 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
12:15:51.0216 3844 arcsas - ok
12:15:51.0267 3844 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:15:51.0267 3844 AsyncMac - ok
12:15:51.0292 3844 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:15:51.0293 3844 atapi - ok
12:15:51.0523 3844 Ati External Event Utility (80129b0f83f361130770d642e36f57ab) C:\Windows\system32\Ati2evxx.exe
12:15:51.0535 3844 Ati External Event Utility - ok
12:15:54.0442 3844 atikmdag (5e80c91ca04c46a9ac6d4f39e1bce636) C:\Windows\system32\DRIVERS\atikmdag.sys
12:15:54.0539 3844 atikmdag - ok
12:15:54.0699 3844 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:15:54.0700 3844 AtiPcie - ok
12:15:54.0753 3844 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:15:54.0759 3844 AudioEndpointBuilder - ok
12:15:54.0765 3844 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:15:54.0769 3844 Audiosrv - ok
12:15:54.0807 3844 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:15:54.0809 3844 b57nd60x - ok
12:15:55.0379 3844 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:15:55.0380 3844 Beep - ok
12:15:55.0435 3844 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
12:15:55.0442 3844 BFE - ok
12:15:55.0494 3844 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
12:15:55.0511 3844 BITS - ok
12:15:55.0530 3844 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
12:15:55.0532 3844 blbdrive - ok
12:15:55.0632 3844 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:15:55.0635 3844 Bonjour Service - ok
12:15:55.0677 3844 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:15:55.0678 3844 bowser - ok
12:15:55.0712 3844 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:15:55.0713 3844 BrFiltLo - ok
12:15:55.0734 3844 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:15:55.0735 3844 BrFiltUp - ok
12:15:55.0776 3844 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
12:15:55.0779 3844 Browser - ok
12:15:55.0801 3844 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:15:55.0802 3844 Brserid - ok
12:15:55.0828 3844 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:15:55.0829 3844 BrSerWdm - ok
12:15:55.0845 3844 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:15:55.0846 3844 BrUsbMdm - ok
12:15:55.0861 3844 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:15:55.0862 3844 BrUsbSer - ok
12:15:55.0899 3844 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:15:55.0900 3844 BTHMODEM - ok
12:15:56.0025 3844 catchme - ok
12:15:56.0053 3844 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:15:56.0055 3844 cdfs - ok
12:15:56.0088 3844 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:15:56.0089 3844 cdrom - ok
12:15:56.0127 3844 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:15:56.0128 3844 CertPropSvc - ok
12:15:56.0144 3844 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
12:15:56.0145 3844 circlass - ok
12:15:56.0209 3844 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:15:56.0214 3844 CLFS - ok
12:15:56.0259 3844 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:15:56.0261 3844 clr_optimization_v2.0.50727_32 - ok
12:15:56.0333 3844 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:15:56.0336 3844 clr_optimization_v4.0.30319_32 - ok
12:15:56.0361 3844 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:15:56.0362 3844 CmBatt - ok
12:15:56.0380 3844 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
12:15:56.0381 3844 cmdide - ok
12:15:56.0404 3844 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:15:56.0405 3844 Compbatt - ok
12:15:56.0409 3844 COMSysApp - ok
12:15:56.0417 3844 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
12:15:56.0418 3844 crcdisk - ok
12:15:56.0446 3844 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
12:15:56.0447 3844 Crusoe - ok
12:15:56.0492 3844 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
12:15:56.0495 3844 CryptSvc - ok
12:15:56.0573 3844 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:15:56.0585 3844 DcomLaunch - ok
12:15:56.0636 3844 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:15:56.0637 3844 DfsC - ok
12:15:56.0771 3844 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
12:15:56.0805 3844 DFSR - ok
12:15:56.0953 3844 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
12:15:56.0957 3844 Dhcp - ok
12:15:57.0025 3844 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:15:57.0026 3844 disk - ok
12:15:57.0050 3844 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
12:15:57.0051 3844 DKbFltr - ok
12:15:57.0094 3844 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
12:15:57.0096 3844 Dnscache - ok
12:15:57.0140 3844 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
12:15:57.0144 3844 dot3svc - ok
12:15:57.0187 3844 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
12:15:57.0190 3844 Dot4 - ok
12:15:57.0220 3844 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:15:57.0221 3844 Dot4Print - ok
12:15:57.0257 3844 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
12:15:57.0258 3844 Dot4Scan - ok
12:15:57.0278 3844 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
12:15:57.0279 3844 dot4usb - ok
12:15:57.0320 3844 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
12:15:57.0324 3844 DPS - ok
12:15:57.0340 3844 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:15:57.0340 3844 drmkaud - ok
12:15:57.0411 3844 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:15:57.0422 3844 DXGKrnl - ok
12:15:57.0446 3844 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:15:57.0448 3844 E1G60 - ok
12:15:57.0475 3844 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
12:15:57.0477 3844 EapHost - ok
12:15:57.0520 3844 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:15:57.0522 3844 Ecache - ok
12:15:57.0658 3844 eDataSecurity Service (668dca122ffc7f10beca6055e15ffabd) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
12:15:57.0663 3844 eDataSecurity Service - ok
12:15:57.0716 3844 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
12:15:57.0722 3844 ehRecvr - ok
12:15:57.0747 3844 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
12:15:57.0750 3844 ehSched - ok
12:15:57.0762 3844 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
12:15:57.0763 3844 ehstart - ok
12:15:57.0897 3844 ElbyCDIO (28cb0b64134ad62c2acf77db8501a619) C:\Windows\system32\Drivers\ElbyCDIO.sys
12:15:57.0898 3844 ElbyCDIO - ok
12:15:57.0938 3844 ElbyDelay (20d3b81663b3dfd5e32b0af8640aaf50) C:\Windows\system32\Drivers\ElbyDelay.sys
12:15:57.0939 3844 ElbyDelay - ok
12:15:57.0976 3844 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
12:15:57.0981 3844 elxstor - ok
12:15:58.0042 3844 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
12:15:58.0053 3844 EMDMgmt - ok
12:15:58.0086 3844 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
12:15:58.0087 3844 ErrDev - ok
12:15:58.0159 3844 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
12:15:58.0165 3844 EventSystem - ok
12:15:58.0214 3844 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:15:58.0216 3844 exfat - ok
12:15:58.0255 3844 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:15:58.0257 3844 fastfat - ok
12:15:58.0276 3844 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:15:58.0277 3844 fdc - ok
12:15:58.0302 3844 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
12:15:58.0304 3844 fdPHost - ok
12:15:58.0322 3844 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
12:15:58.0324 3844 FDResPub - ok
12:15:58.0341 3844 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:15:58.0342 3844 FileInfo - ok
12:15:58.0368 3844 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:15:58.0369 3844 Filetrace - ok
12:15:58.0388 3844 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:15:58.0389 3844 flpydisk - ok
12:15:58.0429 3844 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:15:58.0432 3844 FltMgr - ok
12:15:58.0522 3844 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
12:15:58.0537 3844 FontCache - ok
12:15:58.0607 3844 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:15:58.0608 3844 FontCache3.0.0.0 - ok
12:15:58.0637 3844 fsh (ed75a99ab3d9512a6d1b7fed070348eb) C:\Windows\system32\drivers\fsh.sys
12:15:58.0638 3844 fsh - ok
12:15:58.0677 3844 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
12:15:58.0678 3844 Fs_Rec - ok
12:15:58.0706 3844 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
12:15:58.0708 3844 gagp30kx - ok
12:15:58.0738 3844 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:15:58.0739 3844 GEARAspiWDM - ok
12:15:58.0807 3844 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
12:15:58.0818 3844 gpsvc - ok
12:15:58.0909 3844 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:15:58.0912 3844 gupdate - ok
12:15:58.0917 3844 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:15:58.0918 3844 gupdatem - ok
12:15:58.0955 3844 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:15:58.0958 3844 HdAudAddService - ok
12:15:59.0023 3844 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:15:59.0033 3844 HDAudBus - ok
12:15:59.0068 3844 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:15:59.0069 3844 HidBth - ok
12:15:59.0094 3844 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:15:59.0094 3844 HidIr - ok
12:15:59.0137 3844 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
12:15:59.0139 3844 hidserv - ok
12:15:59.0179 3844 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:15:59.0180 3844 HidUsb - ok
12:15:59.0210 3844 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
12:15:59.0213 3844 hkmsvc - ok
12:15:59.0238 3844 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
12:15:59.0239 3844 HpCISSs - ok
12:15:59.0269 3844 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:15:59.0273 3844 HSFHWAZL - ok
12:15:59.0351 3844 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:15:59.0368 3844 HSF_DPV - ok
12:15:59.0393 3844 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
12:15:59.0396 3844 HSXHWAZL - ok
12:15:59.0458 3844 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:15:59.0465 3844 HTTP - ok
12:15:59.0499 3844 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
12:15:59.0500 3844 i2omp - ok
12:15:59.0542 3844 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:15:59.0543 3844 i8042prt - ok
12:15:59.0581 3844 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
12:15:59.0585 3844 iaStorV - ok
12:15:59.0714 3844 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:15:59.0730 3844 idsvc - ok
12:15:59.0747 3844 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:15:59.0748 3844 iirsp - ok
12:15:59.0810 3844 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
12:15:59.0819 3844 IKEEXT - ok
12:15:59.0909 3844 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
12:15:59.0910 3844 int15 - ok
12:16:00.0056 3844 IntcAzAudAddService (b795745f7e51aa20d46753ec5a811aca) C:\Windows\system32\drivers\RTKVHDA.sys
12:16:00.0090 3844 IntcAzAudAddService - ok
12:16:00.0237 3844 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:16:00.0238 3844 intelide - ok
12:16:00.0262 3844 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:16:00.0263 3844 intelppm - ok
12:16:00.0290 3844 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
12:16:00.0292 3844 IPBusEnum - ok
12:16:00.0322 3844 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:16:00.0323 3844 IpFilterDriver - ok
12:16:00.0380 3844 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
12:16:00.0385 3844 iphlpsvc - ok
12:16:00.0389 3844 IpInIp - ok
12:16:00.0412 3844 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
12:16:00.0413 3844 IPMIDRV - ok
12:16:00.0437 3844 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:16:00.0439 3844 IPNAT - ok
12:16:00.0554 3844 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
12:16:00.0568 3844 iPod Service - ok
12:16:00.0583 3844 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
12:16:00.0584 3844 irda - ok
12:16:00.0597 3844 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:16:00.0598 3844 IRENUM - ok
12:16:00.0628 3844 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
12:16:00.0630 3844 Irmon - ok
12:16:00.0651 3844 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
12:16:00.0652 3844 isapnp - ok
12:16:00.0694 3844 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:16:00.0698 3844 iScsiPrt - ok
12:16:00.0733 3844 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:16:00.0734 3844 iteatapi - ok
12:16:00.0769 3844 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:16:00.0770 3844 iteraid - ok
12:16:00.0791 3844 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:16:00.0792 3844 kbdclass - ok
12:16:00.0811 3844 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
12:16:00.0812 3844 kbdhid - ok
12:16:00.0833 3844 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:16:00.0835 3844 KeyIso - ok
12:16:00.0890 3844 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
12:16:00.0897 3844 KSecDD - ok
12:16:00.0946 3844 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
12:16:00.0954 3844 KtmRm - ok
12:16:00.0990 3844 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
12:16:00.0995 3844 LanmanServer - ok
12:16:01.0039 3844 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
12:16:01.0046 3844 LanmanWorkstation - ok
12:16:01.0082 3844 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:16:01.0083 3844 lltdio - ok
12:16:01.0114 3844 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
12:16:01.0119 3844 lltdsvc - ok
12:16:01.0138 3844 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
12:16:01.0140 3844 lmhosts - ok
12:16:01.0163 3844 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
12:16:01.0165 3844 LSI_FC - ok
12:16:01.0187 3844 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
12:16:01.0188 3844 LSI_SAS - ok
12:16:01.0204 3844 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
12:16:01.0206 3844 LSI_SCSI - ok
12:16:01.0229 3844 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:16:01.0230 3844 luafv - ok
12:16:01.0258 3844 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
12:16:01.0260 3844 Mcx2Svc - ok
12:16:01.0400 3844 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:16:01.0406 3844 MDM - ok
12:16:01.0433 3844 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:16:01.0435 3844 mdmxsdk - ok
12:16:01.0469 3844 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
12:16:01.0470 3844 megasas - ok
12:16:01.0507 3844 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
12:16:01.0513 3844 MegaSR - ok
12:16:01.0541 3844 mhk (9ff6af74ee8a9a9605359d8c861b78e1) C:\Windows\system32\drivers\mhk.sys
12:16:01.0542 3844 mhk - ok
12:16:01.0576 3844 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:16:01.0579 3844 MMCSS - ok
12:16:01.0621 3844 MobilityService - ok
12:16:01.0640 3844 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:16:01.0641 3844 Modem - ok
12:16:01.0649 3844 moh (101a75711d6134fa88822037b69390ad) C:\Windows\system32\drivers\moh.sys
12:16:01.0650 3844 moh - ok
12:16:01.0671 3844 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:16:01.0672 3844 monitor - ok
12:16:01.0708 3844 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:16:01.0709 3844 mouclass - ok
12:16:01.0734 3844 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:16:01.0735 3844 mouhid - ok
12:16:01.0753 3844 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:16:01.0754 3844 MountMgr - ok
12:16:01.0785 3844 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:16:01.0788 3844 MozillaMaintenance - ok
12:16:01.0815 3844 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
12:16:01.0817 3844 mpio - ok
12:16:01.0844 3844 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:16:01.0846 3844 mpsdrv - ok
12:16:01.0909 3844 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
12:16:01.0918 3844 MpsSvc - ok
12:16:01.0938 3844 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:16:01.0939 3844 Mraid35x - ok
12:16:01.0981 3844 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:16:01.0982 3844 MRxDAV - ok
12:16:02.0016 3844 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:16:02.0018 3844 mrxsmb - ok
12:16:02.0067 3844 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:16:02.0070 3844 mrxsmb10 - ok
12:16:02.0088 3844 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:16:02.0089 3844 mrxsmb20 - ok
12:16:02.0120 3844 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
12:16:02.0122 3844 msahci - ok
12:16:02.0140 3844 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
12:16:02.0141 3844 msdsm - ok
12:16:02.0172 3844 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
12:16:02.0175 3844 MSDTC - ok
12:16:02.0208 3844 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:16:02.0210 3844 Msfs - ok
12:16:02.0217 3844 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:16:02.0218 3844 msisadrv - ok
12:16:02.0255 3844 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
12:16:02.0257 3844 MSiSCSI - ok
12:16:02.0262 3844 msiserver - ok
12:16:02.0279 3844 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:16:02.0280 3844 MSKSSRV - ok
12:16:02.0313 3844 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:16:02.0314 3844 MSPCLOCK - ok
12:16:02.0335 3844 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:16:02.0335 3844 MSPQM - ok
12:16:02.0377 3844 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:16:02.0379 3844 MsRPC - ok
12:16:02.0395 3844 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:16:02.0396 3844 mssmbios - ok
12:16:02.0415 3844 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:16:02.0416 3844 MSTEE - ok
12:16:02.0439 3844 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:16:02.0441 3844 Mup - ok
12:16:02.0494 3844 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
12:16:02.0502 3844 napagent - ok
12:16:02.0548 3844 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:16:02.0550 3844 NativeWifiP - ok
12:16:02.0613 3844 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:16:02.0623 3844 NDIS - ok
12:16:02.0641 3844 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:16:02.0642 3844 NdisTapi - ok
12:16:02.0675 3844 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:16:02.0676 3844 Ndisuio - ok
12:16:02.0697 3844 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:16:02.0699 3844 NdisWan - ok
12:16:02.0719 3844 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:16:02.0720 3844 NDProxy - ok
12:16:02.0731 3844 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:16:02.0732 3844 NetBIOS - ok
12:16:02.0789 3844 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:16:02.0792 3844 netbt - ok
12:16:02.0821 3844 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:16:02.0824 3844 Netlogon - ok
12:16:02.0875 3844 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
12:16:02.0882 3844 Netman - ok
12:16:02.0913 3844 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
12:16:02.0920 3844 netprofm - ok
12:16:03.0000 3844 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:16:03.0002 3844 NetTcpPortSharing - ok
12:16:03.0038 3844 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:16:03.0039 3844 nfrd960 - ok
12:16:03.0076 3844 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
12:16:03.0082 3844 NlaSvc - ok
12:16:03.0101 3844 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:16:03.0102 3844 Npfs - ok
12:16:03.0128 3844 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
12:16:03.0129 3844 NSCIRDA - ok
12:16:03.0140 3844 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
12:16:03.0143 3844 nsi - ok
12:16:03.0162 3844 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:16:03.0163 3844 nsiproxy - ok
12:16:03.0275 3844 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:16:03.0293 3844 Ntfs - ok
12:16:03.0321 3844 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:16:03.0322 3844 ntrigdigi - ok
12:16:03.0361 3844 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
12:16:03.0362 3844 NuidFltr - ok
12:16:03.0375 3844 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:16:03.0376 3844 Null - ok
12:16:03.0407 3844 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
12:16:03.0409 3844 nvraid - ok
12:16:03.0420 3844 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
12:16:03.0421 3844 nvstor - ok
12:16:03.0442 3844 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
12:16:03.0444 3844 nv_agp - ok
12:16:03.0448 3844 NwlnkFlt - ok
12:16:03.0481 3844 NwlnkFwd - ok
12:16:03.0517 3844 O2MDRDR (36ed541ff0ad27d7f1c1e8f86f026309) C:\Windows\system32\DRIVERS\o2media.sys
12:16:03.0518 3844 O2MDRDR - ok
12:16:03.0526 3844 O2SDRDR (f3d467025d365a96b5e51c6229562716) C:\Windows\system32\DRIVERS\o2sd.sys
12:16:03.0531 3844 O2SDRDR - ok
12:16:03.0579 3844 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
12:16:03.0581 3844 ohci1394 - ok
12:16:03.0704 3844 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:16:03.0707 3844 ose - ok
12:16:03.0776 3844 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:16:03.0790 3844 p2pimsvc - ok
12:16:03.0799 3844 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:16:03.0807 3844 p2psvc - ok
12:16:03.0831 3844 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:16:03.0832 3844 Parport - ok
12:16:03.0887 3844 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys
12:16:03.0889 3844 Partizan - ok
12:16:03.0926 3844 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
12:16:03.0927 3844 partmgr - ok
12:16:03.0949 3844 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:16:03.0951 3844 Parvdm - ok
12:16:03.0980 3844 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
12:16:03.0984 3844 PcaSvc - ok
12:16:04.0024 3844 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:16:04.0027 3844 pci - ok
12:16:04.0047 3844 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
12:16:04.0048 3844 pciide - ok
12:16:04.0091 3844 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
12:16:04.0094 3844 pcmcia - ok
12:16:04.0178 3844 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:16:04.0190 3844 PEAUTH - ok
12:16:04.0321 3844 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
12:16:04.0349 3844 pla - ok
12:16:04.0492 3844 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
12:16:04.0499 3844 PlugPlay - ok
12:16:04.0530 3844 Pml Driver HPZ12 (2b81b089d9364083f5046ad1307a65be) C:\Windows\system32\HPZipm12.dll
12:16:04.0532 3844 Pml Driver HPZ12 - ok
12:16:04.0598 3844 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:16:04.0606 3844 PNRPAutoReg - ok
12:16:04.0615 3844 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:16:04.0622 3844 PNRPsvc - ok
12:16:04.0650 3844 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
12:16:04.0658 3844 PolicyAgent - ok
12:16:04.0706 3844 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:16:04.0707 3844 PptpMiniport - ok
12:16:04.0732 3844 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
12:16:04.0734 3844 Processor - ok
12:16:04.0768 3844 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
12:16:04.0774 3844 ProfSvc - ok
12:16:04.0810 3844 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:16:04.0812 3844 ProtectedStorage - ok
12:16:04.0855 3844 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:16:04.0857 3844 PSched - ok
12:16:04.0899 3844 PSDFilter (18de162f9b83079c24cd96f59292f5ed) C:\Windows\system32\DRIVERS\psdfilter.sys
12:16:04.0900 3844 PSDFilter - ok
12:16:04.0920 3844 PSDNServ (bc1457a28e76ab3106d43802ac22a627) C:\Windows\system32\DRIVERS\PSDNServ.sys
12:16:04.0921 3844 PSDNServ - ok
12:16:04.0934 3844 psdvdisk (ac151e5b0943304e368c98ec78b5fc4f) C:\Windows\system32\DRIVERS\PSDVdisk.sys
12:16:04.0935 3844 psdvdisk - ok
12:16:05.0125 3844 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
12:16:05.0133 3844 ql2300 - ok
12:16:05.0166 3844 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:16:05.0168 3844 ql40xx - ok
12:16:05.0220 3844 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
12:16:05.0227 3844 QWAVE - ok
12:16:05.0267 3844 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:16:05.0268 3844 QWAVEdrv - ok
12:16:05.0284 3844 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:16:05.0285 3844 RasAcd - ok
12:16:05.0306 3844 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
12:16:05.0311 3844 RasAuto - ok
12:16:05.0327 3844 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:16:05.0329 3844 Rasl2tp - ok
12:16:05.0360 3844 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
12:16:05.0368 3844 RasMan - ok
12:16:05.0393 3844 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:16:05.0395 3844 RasPppoe - ok
12:16:05.0410 3844 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:16:05.0412 3844 RasSstp - ok
12:16:05.0438 3844 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:16:05.0441 3844 rdbss - ok
12:16:05.0468 3844 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:16:05.0469 3844 RDPCDD - ok
12:16:05.0523 3844 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
12:16:05.0527 3844 rdpdr - ok
12:16:05.0531 3844 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:16:05.0532 3844 RDPENCDD - ok
12:16:05.0577 3844 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
12:16:05.0580 3844 RDPWD - ok
12:16:05.0642 3844 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\Windows\system32\Drivers\regguard.sys
12:16:05.0643 3844 RegGuard - ok
12:16:05.0684 3844 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
12:16:05.0688 3844 RemoteAccess - ok
12:16:05.0729 3844 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
12:16:05.0734 3844 RemoteRegistry - ok
12:16:05.0759 3844 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
12:16:05.0762 3844 RpcLocator - ok
12:16:05.0839 3844 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:16:05.0846 3844 RpcSs - ok
12:16:05.0866 3844 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:16:05.0868 3844 rspndr - ok
12:16:05.0882 3844 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:16:05.0884 3844 SamSs - ok
12:16:05.0904 3844 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:16:05.0905 3844 sbp2port - ok
12:16:05.0938 3844 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
12:16:05.0943 3844 SCardSvr - ok
12:16:06.0012 3844 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
12:16:06.0026 3844 Schedule - ok
12:16:06.0047 3844 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:16:06.0048 3844 SCPolicySvc - ok
12:16:06.0078 3844 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
12:16:06.0080 3844 sdbus - ok
12:16:06.0111 3844 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
12:16:06.0116 3844 SDRSVC - ok
12:16:06.0154 3844 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:16:06.0154 3844 secdrv - ok
12:16:06.0163 3844 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
12:16:06.0167 3844 seclogon - ok
12:16:06.0177 3844 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
12:16:06.0181 3844 SENS - ok
12:16:06.0205 3844 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:16:06.0206 3844 Serenum - ok
12:16:06.0226 3844 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:16:06.0227 3844 Serial - ok
12:16:06.0245 3844 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:16:06.0246 3844 sermouse - ok
12:16:06.0288 3844 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
12:16:06.0292 3844 SessionEnv - ok
12:16:06.0308 3844 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
12:16:06.0309 3844 sffdisk - ok
12:16:06.0331 3844 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
12:16:06.0332 3844 sffp_mmc - ok
12:16:06.0343 3844 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
12:16:06.0344 3844 sffp_sd - ok
12:16:06.0364 3844 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:16:06.0366 3844 sfloppy - ok
12:16:06.0447 3844 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
12:16:06.0453 3844 SharedAccess - ok
12:16:06.0525 3844 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
12:16:06.0532 3844 ShellHWDetection - ok
12:16:06.0573 3844 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
12:16:06.0575 3844 sisagp - ok
12:16:06.0595 3844 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
12:16:06.0596 3844 SiSRaid2 - ok
12:16:06.0609 3844 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
12:16:06.0610 3844 SiSRaid4 - ok
12:16:06.0834 3844 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
12:16:06.0895 3844 slsvc - ok
12:16:07.0029 3844 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
12:16:07.0034 3844 SLUINotify - ok
12:16:07.0105 3844 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:16:07.0107 3844 Smb - ok
12:16:07.0143 3844 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
12:16:07.0147 3844 SNMPTRAP - ok
12:16:07.0166 3844 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:16:07.0167 3844 spldr - ok
12:16:07.0212 3844 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
12:16:07.0217 3844 Spooler - ok
12:16:07.0291 3844 SQLWriter (54902536aad0e9b99bc65f89c0caf93f) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:16:07.0294 3844 SQLWriter - ok
12:16:07.0350 3844 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:16:07.0355 3844 srv - ok
12:16:07.0394 3844 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:16:07.0397 3844 srv2 - ok
12:16:07.0413 3844 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:16:07.0415 3844 srvnet - ok
12:16:07.0450 3844 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
12:16:07.0456 3844 SSDPSRV - ok
12:16:07.0477 3844 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
12:16:07.0483 3844 SstpSvc - ok
12:16:07.0548 3844 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
12:16:07.0563 3844 stisvc - ok
12:16:07.0586 3844 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:16:07.0587 3844 swenum - ok
12:16:07.0656 3844 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
12:16:07.0665 3844 swprv - ok
12:16:07.0683 3844 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:16:07.0685 3844 Symc8xx - ok
12:16:07.0707 3844 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:16:07.0708 3844 Sym_hi - ok
12:16:07.0723 3844 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:16:07.0724 3844 Sym_u3 - ok
12:16:07.0786 3844 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
12:16:07.0800 3844 SysMain - ok
12:16:07.0832 3844 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
12:16:07.0837 3844 TabletInputService - ok
12:16:07.0894 3844 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
12:16:07.0902 3844 TapiSrv - ok
12:16:07.0916 3844 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
12:16:07.0921 3844 TBS - ok
12:16:08.0008 3844 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
12:16:08.0023 3844 Tcpip - ok
12:16:08.0035 3844 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
12:16:08.0043 3844 Tcpip6 - ok
12:16:08.0071 3844 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:16:08.0072 3844 tcpipreg - ok
12:16:08.0107 3844 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:16:08.0108 3844 TDPIPE - ok
12:16:08.0125 3844 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:16:08.0126 3844 TDTCP - ok
12:16:08.0148 3844 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:16:08.0149 3844 tdx - ok
12:16:08.0188 3844 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:16:08.0190 3844 TermDD - ok
12:16:08.0251 3844 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
12:16:08.0263 3844 TermService - ok
12:16:08.0324 3844 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
12:16:08.0329 3844 Themes - ok
12:16:08.0364 3844 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:16:08.0366 3844 THREADORDER - ok
12:16:08.0398 3844 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
12:16:08.0403 3844 TrkWks - ok
12:16:08.0453 3844 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
12:16:08.0454 3844 TrustedInstaller - ok
12:16:08.0497 3844 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:16:08.0498 3844 tssecsrv - ok
12:16:08.0523 3844 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:16:08.0524 3844 tunmp - ok
12:16:08.0564 3844 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:16:08.0565 3844 tunnel - ok
12:16:08.0585 3844 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
12:16:08.0587 3844 uagp35 - ok
12:16:08.0627 3844 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:16:08.0631 3844 udfs - ok
12:16:08.0669 3844 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
12:16:08.0673 3844 UI0Detect - ok
12:16:08.0689 3844 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
12:16:08.0691 3844 uliagpkx - ok
12:16:08.0719 3844 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
12:16:08.0723 3844 uliahci - ok
12:16:08.0758 3844 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:16:08.0760 3844 UlSata - ok
12:16:08.0784 3844 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:16:08.0786 3844 ulsata2 - ok
12:16:08.0802 3844 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:16:08.0804 3844 umbus - ok
12:16:08.0835 3844 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
12:16:08.0843 3844 upnphost - ok
12:16:08.0877 3844 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\Windows\system32\DRIVERS\lgusbbus.sys
12:16:08.0878 3844 usbbus - ok
12:16:08.0899 3844 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:16:08.0901 3844 usbccgp - ok
12:16:08.0917 3844 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:16:08.0919 3844 usbcir - ok
12:16:08.0951 3844 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\Windows\system32\DRIVERS\lgusbdiag.sys
12:16:08.0952 3844 UsbDiag - ok
12:16:08.0993 3844 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:16:08.0994 3844 usbehci - ok
12:16:09.0018 3844 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:16:09.0021 3844 usbhub - ok
12:16:09.0031 3844 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\Windows\system32\DRIVERS\lgusbmodem.sys
12:16:09.0032 3844 USBModem - ok
12:16:09.0073 3844 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
12:16:09.0075 3844 usbohci - ok
12:16:09.0098 3844 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
12:16:09.0100 3844 usbprint - ok
12:16:09.0124 3844 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:16:09.0126 3844 usbscan - ok
12:16:09.0144 3844 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:16:09.0146 3844 USBSTOR - ok
12:16:09.0159 3844 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:16:09.0161 3844 usbuhci - ok
12:16:09.0189 3844 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
12:16:09.0191 3844 usbvideo - ok
12:16:09.0258 3844 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
12:16:09.0262 3844 UxSms - ok
12:16:09.0320 3844 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
12:16:09.0331 3844 vds - ok
12:16:09.0372 3844 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
12:16:09.0373 3844 vga - ok
12:16:09.0394 3844 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:16:09.0395 3844 VgaSave - ok
12:16:09.0420 3844 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
12:16:09.0421 3844 viaagp - ok
12:16:09.0441 3844 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
12:16:09.0442 3844 ViaC7 - ok
12:16:09.0465 3844 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
12:16:09.0467 3844 viaide - ok
12:16:09.0485 3844 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:16:09.0487 3844 volmgr - ok
12:16:09.0540 3844 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:16:09.0543 3844 volmgrx - ok
12:16:09.0603 3844 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:16:09.0606 3844 volsnap - ok
12:16:09.0640 3844 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
12:16:09.0641 3844 vsmraid - ok
12:16:09.0732 3844 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
12:16:09.0753 3844 VSS - ok
12:16:09.0806 3844 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
12:16:09.0814 3844 W32Time - ok
12:16:09.0886 3844 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:16:09.0886 3844 WacomPen - ok
12:16:09.0910 3844 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:16:09.0912 3844 Wanarp - ok
12:16:09.0916 3844 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:16:09.0917 3844 Wanarpv6 - ok
12:16:09.0960 3844 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
12:16:09.0971 3844 wcncsvc - ok
12:16:10.0004 3844 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
12:16:10.0008 3844 WcsPlugInService - ok
12:16:10.0040 3844 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
12:16:10.0041 3844 Wd - ok
12:16:10.0139 3844 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:16:10.0147 3844 Wdf01000 - ok
12:16:10.0163 3844 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:16:10.0169 3844 WdiServiceHost - ok
12:16:10.0173 3844 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:16:10.0177 3844 WdiSystemHost - ok
12:16:10.0224 3844 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
12:16:10.0232 3844 WebClient - ok
12:16:10.0299 3844 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
12:16:10.0305 3844 Wecsvc - ok
12:16:10.0345 3844 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
12:16:10.0350 3844 wercplsupport - ok
12:16:10.0385 3844 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
12:16:10.0391 3844 WerSvc - ok
12:16:10.0452 3844 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:16:10.0463 3844 winachsf - ok
12:16:10.0533 3844 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
12:16:10.0538 3844 WinDefend - ok
12:16:10.0547 3844 WinHttpAutoProxySvc - ok
12:16:10.0633 3844 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
12:16:10.0637 3844 Winmgmt - ok
12:16:10.0731 3844 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
12:16:10.0756 3844 WinRM - ok
12:16:10.0874 3844 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
12:16:10.0876 3844 WinUSB - ok
12:16:10.0934 3844 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
12:16:10.0947 3844 Wlansvc - ok
12:16:10.0981 3844 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:16:10.0982 3844 WmiAcpi - ok
12:16:11.0067 3844 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
12:16:11.0071 3844 wmiApSrv - ok
12:16:11.0188 3844 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:16:11.0204 3844 WMPNetworkSvc - ok
12:16:11.0249 3844 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
12:16:11.0255 3844 WPCSvc - ok
12:16:11.0299 3844 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
12:16:11.0305 3844 WPDBusEnum - ok
12:16:11.0359 3844 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:16:11.0361 3844 WpdUsb - ok
12:16:11.0523 3844 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:16:11.0529 3844 WPFFontCache_v0400 - ok
12:16:11.0568 3844 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:16:11.0570 3844 ws2ifsl - ok
12:16:11.0610 3844 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
12:16:11.0615 3844 wscsvc - ok
12:16:11.0619 3844 WSearch - ok
12:16:11.0755 3844 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
12:16:11.0791 3844 wuauserv - ok
12:16:11.0966 3844 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:16:11.0968 3844 WUDFRd - ok
12:16:12.0000 3844 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
12:16:12.0005 3844 wudfsvc - ok
12:16:12.0038 3844 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
12:16:12.0038 3844 XAudio - ok
12:16:12.0078 3844 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
12:16:12.0084 3844 XAudioService - ok
12:16:12.0134 3844 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
12:16:12.0138 3844 yukonwlh - ok
12:16:12.0192 3844 ZuneWlanCfgSvc (aef3d950f6a8a85a0342e48908cf5b3d) C:\Windows\system32\ZuneWlanCfgSvc.exe
12:16:12.0199 3844 ZuneWlanCfgSvc - ok
12:16:12.0242 3844 MBR (0x1B8) (27a811553a4f7a6a891ca99ffae128f7) \Device\Harddisk0\DR0
12:16:12.0447 3844 \Device\Harddisk0\DR0 - ok
12:16:12.0452 3844 Boot (0x1200) (bbce2f9e2db1ca9032e08bcddfdb6d97) \Device\Harddisk0\DR0\Partition0
12:16:12.0453 3844 \Device\Harddisk0\DR0\Partition0 - ok
12:16:12.0476 3844 Boot (0x1200) (c1aed92f169a34f0866be8154cc0dd0a) \Device\Harddisk0\DR0\Partition1
12:16:12.0478 3844 \Device\Harddisk0\DR0\Partition1 - ok
12:16:12.0478 3844 ============================================================
12:16:12.0478 3844 Scan finished
12:16:12.0478 3844 ============================================================
12:16:12.0493 5076 Detected object count: 0
12:16:12.0493 5076 Actual detected object count: 0
12:16:21.0476 5448 Deinitialize success

Edited by Brieyan, 14 July 2012 - 11:23 AM.


#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:36 PM

Posted 14 July 2012 - 11:30 AM

Brieyan,

If the only thing you notice is the error with LSPFix, let's not worry about.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

In addition to the ESET log, please post the contents of C:\Qoobox\Add-Remove Programs.txt in your reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 Brieyan

Brieyan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 14 July 2012 - 06:42 PM

Ok the only thing ESET found was something that was not a virus as I got it from this site on my other post..

C:\Bug Removers\KeyFinderInstaller.exe Win32/OpenCandy application cleaned by deleting - quarantined

and here is the other log you requested

Acer Assist
Acer Crystal Eye Webcam
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Activation Assistant for the 2007 Microsoft Office suites
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.3.1
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon Digital Camera USB Driver
Canon PhotoRecord
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 1.3
Canon Utilities ZoomBrowser EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CloneDVD2
Compatibility Pack for the 2007 Office system
Download Updater (AOL LLC)
Google Earth Plug-in
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Board Games
Hoyle Card Games Demo
iTunes
Java Auto Updater
Java™ 6 Update 20
K-Lite Codec Pack 6.8.0 (Standard)
Launch Manager
LG USB Modem Driver
LightScribe 1.4.142.1
MahJong Suite 2010 Delux v7.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Small Business Connectivity Components
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NeoDownloader 2.9.1
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
Opera 11.10
QuickTime
Rapid-Fire for Windows .8
Rapid-Fire for Windows Database
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Toolbars
Skype™ 4.2
UnHackMe 5.99 release
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
V1 Home 2.0
WinRAR archiver
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:36 PM

Posted 15 July 2012 - 10:59 AM

Brieyan,

Malwarebytes
Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

In your next reply, please include:
  • Malwarebytes log
  • Feedback from you - how is your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users