Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG detecting a trojan


  • This topic is locked This topic is locked
12 replies to this topic

#1 smewhen

smewhen

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 14 July 2012 - 01:49 PM

Yesterday my AVG started to detect a trojan, and which time I recieved several system alerts to the effect that my harddrive had been damaged or corrupted. My desktop was then wiped clean, save for my network manager and recycle bin. my entire startmenu is cleared except for the shutdown menu. I was able to confirm that my harddrive is still functional by going to the C: drive through the network manager, and get online by using internet explorer. However, I have not been able to remove the virus, and upon start up it pasts several error messages reporting a failure to reade/write to my harddrive and opening a "file recovery" program which claims to detect problems with my harddrive.

here is the DDS report

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Smewhen at 14:17:04 on 2012-07-14
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8169.6223 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CF43F60C-C11F-4CFA-87D5-16D71E2C2E74} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CF43F60C-C11F-4CFA-87D5-16D71E2C2E74}\65161602E4564777F627B6D27657563747 : DhcpNameServer = 192.168.3.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Smewhen\AppData\Roaming\Mozilla\Firefox\Profiles\ld9dbkyc.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-14 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-17 2348352]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8192Ce;ENCORE Wireless Manager - ENEWI-2XN4x;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-14 07:27:42 -------- d--h--w- C:\Users\Smewhen\AppData\Roaming\Malwarebytes
2012-07-14 07:27:38 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-14 07:27:37 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-14 07:27:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-13 19:25:16 -------- d--h--w- C:\Users\Smewhen\AppData\Local\SIX_Projects
2012-07-13 04:49:56 -------- d--h--w- C:\Users\Smewhen\AppData\Local\ArmA 2 OA
2012-07-13 04:45:45 -------- d--h--w- C:\Users\Smewhen\AppData\Roaming\six-zsync
2012-07-13 04:45:45 -------- d--h--w- C:\Users\Smewhen\AppData\Roaming\six-updater
2012-07-13 04:44:56 -------- d-----w- C:\Program Files (x86)\SIX Projects
2012-07-13 04:44:22 -------- d--h--w- C:\Users\Smewhen\AppData\Local\Downloaded Installations
2012-07-13 04:41:35 -------- d--h--w- C:\Users\Smewhen\AppData\Local\ArmA 2
2012-07-12 06:09:46 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 17:38:41 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-26 00:10:47 -------- d-----w- C:\Program Files (x86)\Artemis
2012-06-24 05:23:08 -------- d--h--w- C:\Users\Smewhen\AppData\Local\ArmA 2 Free
2012-06-23 22:45:54 -------- d--h--w- C:\Users\Smewhen\AppData\Local\dxhr
2012-06-23 22:42:55 -------- d--h--w- C:\Users\Smewhen\AppData\Local\28050
2012-06-22 19:29:02 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 19:28:42 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 19:28:29 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 19:28:29 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 21:35:14 4967624 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-15 03:54:31 -------- d--h--w- C:\Users\Smewhen\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2012-07-12 05:22:48 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 05:22:48 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-19 06:03:56 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-04-18 00:35:49 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-18 00:25:15 525544 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 14:17:36.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 15 July 2012 - 11:03 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Posted Image Download unhide.exe saving it to your desktop
  • Right click on unhide.exe and select Run as administrator
  • Reboot
Please include the following in your next post:
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 smewhen

smewhen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 15 July 2012 - 09:32 PM

Thank you for helping with this, here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-15 22:22:21
-----------------------------
22:22:21.534 OS Version: Windows x64 6.1.7600
22:22:21.534 Number of processors: 4 586 0x2A07
22:22:21.534 ComputerName: IMHOTEP_PR UserName: Smewhen
22:22:22.813 Initialize success
22:23:08.053 AVAST engine defs: 12071501
22:23:58.145 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
22:23:58.145 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 11
22:23:58.160 Disk 0 MBR read successfully
22:23:58.160 Disk 0 MBR scan
22:23:58.160 Disk 0 Windows 7 default MBR code
22:23:58.160 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:23:58.176 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
22:23:58.207 Disk 0 scanning C:\Windows\system32\drivers
22:24:04.026 Service scanning
22:24:17.052 Modules scanning
22:24:17.052 Disk 0 trace - called modules:
22:24:17.052 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:24:17.052 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077b2060]
22:24:17.052 3 CLASSPNP.SYS[fffff8800186543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80074d8060]
22:24:24.212 AVAST engine scan C:\Windows
22:24:26.412 AVAST engine scan C:\Windows\system32
22:30:15.915 Disk 0 MBR has been saved successfully to "C:\Users\Smewhen\Desktop\MBR.dat"
22:30:15.915 The log file has been saved successfully to "C:\Users\Smewhen\Desktop\aswMBR.txt"

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 15 July 2012 - 09:59 PM

Please do this next:

Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 smewhen

smewhen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 July 2012 - 10:40 AM

ComboFix 12-07-16.01 - Smewhen 07/16/2012 11:24:04.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8169.6241 [GMT -4:00]
Running from: c:\users\Smewhen\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-14 07:27 . 2012-07-14 07:27 -------- d-----w- c:\users\Smewhen\AppData\Roaming\Malwarebytes
2012-07-14 07:27 . 2012-07-14 07:27 -------- d-----w- c:\programdata\Malwarebytes
2012-07-13 19:25 . 2012-07-13 19:25 -------- d-----w- c:\users\Smewhen\AppData\Local\SIX_Projects
2012-07-13 04:49 . 2012-07-13 19:20 -------- d-----w- c:\users\Smewhen\AppData\Local\ArmA 2 OA
2012-07-13 04:45 . 2012-07-13 19:25 -------- d-----w- c:\users\Smewhen\AppData\Roaming\six-updater
2012-07-13 04:45 . 2012-07-13 04:45 -------- d-----w- c:\users\Smewhen\AppData\Roaming\six-zsync
2012-07-13 04:44 . 2012-07-13 04:44 -------- d-----w- c:\program files (x86)\SIX Projects
2012-07-13 04:44 . 2012-07-13 04:44 -------- d-----w- c:\users\Smewhen\AppData\Local\Downloaded Installations
2012-07-13 04:41 . 2012-07-13 04:41 -------- d-----w- c:\users\Smewhen\AppData\Local\ArmA 2
2012-07-12 06:09 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:38 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-26 00:10 . 2012-06-26 00:10 -------- d-----w- c:\program files (x86)\Artemis
2012-06-24 05:23 . 2012-06-24 05:48 -------- d-----w- c:\users\Smewhen\AppData\Local\ArmA 2 Free
2012-06-23 22:45 . 2012-06-23 23:09 -------- d-----w- c:\users\Smewhen\AppData\Local\dxhr
2012-06-23 22:42 . 2012-06-23 22:42 -------- d-----w- c:\users\Smewhen\AppData\Local\28050
2012-06-22 19:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 19:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 19:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 19:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 19:28 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 19:28 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 19:28 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 19:28 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 19:28 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 21:35 . 2012-06-19 21:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 05:22 . 2012-04-17 21:05 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 05:22 . 2012-04-17 21:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 10:52 . 2012-06-13 22:23 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 22:23 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 22:23 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-28 03:50 . 2012-06-13 22:23 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 22:23 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 22:23 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 22:23 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-19 17:17 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-19 17:17 . 2009-08-18 15:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-19 06:04 . 2012-04-19 06:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-19 06:04 . 2012-04-19 06:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-19 06:04 . 2012-04-19 06:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-19 06:04 . 2012-04-19 06:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-19 06:04 . 2012-04-19 06:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-19 06:04 . 2012-04-19 06:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-19 06:04 . 2012-04-19 06:04 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-19 06:04 . 2012-04-19 06:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-19 06:04 . 2012-04-19 06:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-19 06:04 . 2012-04-19 06:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-19 06:04 . 2012-04-19 06:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-19 06:04 . 2012-04-19 06:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-19 06:04 . 2012-04-19 06:04 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-19 06:04 . 2012-04-19 06:04 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-19 06:04 . 2012-04-19 06:04 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-19 06:04 . 2012-04-19 06:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-19 06:04 . 2012-04-19 06:04 448512 ----a-w- c:\windows\system32\html.iec
2012-04-19 06:04 . 2012-04-19 06:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-19 06:04 . 2012-04-19 06:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-19 06:04 . 2012-04-19 06:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-19 06:04 . 2012-04-19 06:04 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-19 06:04 . 2012-04-19 06:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-19 06:04 . 2012-04-19 06:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-19 06:04 . 2012-04-19 06:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-19 06:04 . 2012-04-19 06:04 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-19 06:04 . 2012-04-19 06:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-19 06:04 . 2012-04-19 06:04 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-19 06:04 . 2012-04-19 06:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-19 06:04 . 2012-04-19 06:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-19 06:04 . 2012-04-19 06:04 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-19 06:04 . 2012-04-19 06:04 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-19 06:04 . 2012-04-19 06:04 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-19 06:03 . 2012-04-19 06:03 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-19 06:03 . 2012-04-19 06:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-19 06:03 . 2012-04-19 06:03 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-19 06:03 . 2012-04-19 06:03 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-04-19 06:03 . 2012-04-19 06:03 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-04-19 06:03 . 2012-04-19 06:03 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-04-19 06:03 . 2012-04-19 06:03 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-04-19 06:03 . 2012-04-19 06:03 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-04-19 06:03 . 2012-04-19 06:03 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-04-19 06:03 . 2012-04-19 06:03 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-04-19 06:03 . 2012-04-19 06:03 144384 ----a-w- c:\windows\system32\cdd.dll
2012-04-19 06:03 . 2012-04-19 06:03 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-04-19 06:03 . 2012-04-19 06:03 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-04-19 06:03 . 2012-04-19 06:03 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-04-19 06:03 . 2012-04-19 06:03 4068864 ----a-w- c:\windows\system32\mf.dll
2012-04-19 06:03 . 2012-04-19 06:03 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-04-19 06:03 . 2012-04-19 06:03 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-04-19 06:03 . 2012-04-19 06:03 206848 ----a-w- c:\windows\system32\mfps.dll
2012-04-19 06:03 . 2012-04-19 06:03 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-04-18 00:35 . 2012-04-18 00:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-18 00:25 . 2012-04-18 00:25 525544 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-17 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-19 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8192Ce;ENCORE Wireless Manager - ENEWI-2XN4x;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-07-18 944672]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 05:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-10-20 7700480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Smewhen\AppData\Roaming\Mozilla\Firefox\Profiles\ld9dbkyc.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BattlEye A2 Free - c:\program files (x86)\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3753299252-176643038-1059778092-1000\Software\SecuROM\License information*]
"datasecu"=hex:8e,03,4b,7f,3f,27,2c,ed,ec,17,14,6d,b3,5d,fe,87,ea,da,3e,1c,9b,
c3,df,f6,bb,d6,5e,c0,9a,9a,50,00,f8,1d,d2,62,94,f1,6d,94,04,21,91,e7,20,88,\
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-07-16 11:37:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-16 15:37
.
Pre-Run: 775,104,552,960 bytes free
Post-Run: 774,948,077,568 bytes free
.
- - End Of File - - A392E7700C0D6142169E1FB7CA22E4C5

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 16 July 2012 - 05:12 PM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • TDSSKiller log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 smewhen

smewhen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 July 2012 - 10:15 PM

TDSSKiller.2.7.45.0_16.07.2012_20.23.56_log:

20:23:56.0230 2120 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
20:23:56.0486 2120 ============================================================
20:23:56.0486 2120 Current date / time: 2012/07/16 20:23:56.0486
20:23:56.0486 2120 SystemInfo:
20:23:56.0486 2120
20:23:56.0486 2120 OS Version: 6.1.7600 ServicePack: 0.0
20:23:56.0486 2120 Product type: Workstation
20:23:56.0486 2120 ComputerName: IMHOTEP_PR
20:23:56.0486 2120 UserName: Smewhen
20:23:56.0486 2120 Windows directory: C:\Windows
20:23:56.0486 2120 System windows directory: C:\Windows
20:23:56.0486 2120 Running under WOW64
20:23:56.0486 2120 Processor architecture: Intel x64
20:23:56.0486 2120 Number of processors: 4
20:23:56.0486 2120 Page size: 0x1000
20:23:56.0486 2120 Boot type: Normal boot
20:23:56.0486 2120 ============================================================
20:23:57.0373 2120 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:23:57.0378 2120 ============================================================
20:23:57.0378 2120 \Device\Harddisk0\DR0:
20:23:57.0378 2120 MBR partitions:
20:23:57.0378 2120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:23:57.0378 2120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
20:23:57.0378 2120 ============================================================
20:23:57.0394 2120 C: <-> \Device\Harddisk0\DR0\Partition1
20:23:57.0415 2120 ============================================================
20:23:57.0415 2120 Initialize success
20:23:57.0415 2120 ============================================================
20:24:26.0032 2240 ============================================================
20:24:26.0032 2240 Scan started
20:24:26.0032 2240 Mode: Manual; TDLFS;
20:24:26.0032 2240 ============================================================
20:24:26.0517 2240 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:24:26.0519 2240 1394ohci - ok
20:24:26.0544 2240 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:24:26.0548 2240 ACPI - ok
20:24:26.0564 2240 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:24:26.0567 2240 AcpiPmi - ok
20:24:26.0684 2240 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:24:26.0687 2240 AdobeFlashPlayerUpdateSvc - ok
20:24:26.0831 2240 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:24:26.0838 2240 adp94xx - ok
20:24:26.0851 2240 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:24:26.0856 2240 adpahci - ok
20:24:26.0863 2240 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:24:26.0866 2240 adpu320 - ok
20:24:26.0889 2240 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:24:26.0889 2240 AeLookupSvc - ok
20:24:26.0933 2240 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
20:24:26.0939 2240 AFD - ok
20:24:26.0946 2240 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:24:26.0948 2240 agp440 - ok
20:24:26.0953 2240 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:24:26.0954 2240 ALG - ok
20:24:26.0957 2240 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:24:26.0958 2240 aliide - ok
20:24:26.0961 2240 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:24:26.0962 2240 amdide - ok
20:24:26.0967 2240 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:24:26.0968 2240 AmdK8 - ok
20:24:26.0973 2240 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:24:26.0974 2240 AmdPPM - ok
20:24:26.0981 2240 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
20:24:26.0983 2240 amdsata - ok
20:24:27.0047 2240 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:24:27.0049 2240 amdsbs - ok
20:24:27.0066 2240 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
20:24:27.0067 2240 amdxata - ok
20:24:27.0086 2240 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:24:27.0087 2240 AppID - ok
20:24:27.0107 2240 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:24:27.0108 2240 AppIDSvc - ok
20:24:27.0113 2240 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
20:24:27.0114 2240 Appinfo - ok
20:24:27.0133 2240 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:24:27.0136 2240 AppMgmt - ok
20:24:27.0143 2240 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:24:27.0144 2240 arc - ok
20:24:27.0151 2240 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:24:27.0153 2240 arcsas - ok
20:24:27.0237 2240 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:24:27.0238 2240 aspnet_state - ok
20:24:27.0254 2240 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:24:27.0254 2240 AsyncMac - ok
20:24:27.0263 2240 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:24:27.0263 2240 atapi - ok
20:24:27.0291 2240 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:24:27.0297 2240 AudioEndpointBuilder - ok
20:24:27.0301 2240 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:24:27.0304 2240 AudioSrv - ok
20:24:27.0578 2240 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
20:24:27.0649 2240 AVGIDSAgent - ok
20:24:27.0871 2240 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:24:27.0873 2240 AVGIDSDriver - ok
20:24:27.0886 2240 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
20:24:27.0887 2240 AVGIDSFilter - ok
20:24:27.0908 2240 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
20:24:27.0909 2240 AVGIDSHA - ok
20:24:27.0928 2240 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
20:24:27.0932 2240 Avgldx64 - ok
20:24:27.0947 2240 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
20:24:27.0948 2240 Avgmfx64 - ok
20:24:27.0957 2240 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
20:24:27.0958 2240 Avgrkx64 - ok
20:24:27.0993 2240 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
20:24:27.0997 2240 Avgtdia - ok
20:24:28.0126 2240 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:24:28.0128 2240 avgwd - ok
20:24:28.0162 2240 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
20:24:28.0164 2240 AxInstSV - ok
20:24:28.0204 2240 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:24:28.0211 2240 b06bdrv - ok
20:24:28.0234 2240 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:24:28.0238 2240 b57nd60a - ok
20:24:28.0266 2240 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:24:28.0268 2240 BDESVC - ok
20:24:28.0281 2240 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:24:28.0282 2240 Beep - ok
20:24:28.0388 2240 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
20:24:28.0402 2240 BFE - ok
20:24:28.0443 2240 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
20:24:28.0454 2240 BITS - ok
20:24:28.0493 2240 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:24:28.0496 2240 blbdrive - ok
20:24:28.0529 2240 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:24:28.0531 2240 bowser - ok
20:24:28.0534 2240 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:24:28.0536 2240 BrFiltLo - ok
20:24:28.0549 2240 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:24:28.0551 2240 BrFiltUp - ok
20:24:28.0584 2240 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:24:28.0587 2240 BridgeMP - ok
20:24:28.0603 2240 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
20:24:28.0604 2240 Browser - ok
20:24:28.0619 2240 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:24:28.0624 2240 Brserid - ok
20:24:28.0629 2240 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:24:28.0631 2240 BrSerWdm - ok
20:24:28.0633 2240 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:24:28.0634 2240 BrUsbMdm - ok
20:24:28.0638 2240 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:24:28.0638 2240 BrUsbSer - ok
20:24:28.0644 2240 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:24:28.0646 2240 BTHMODEM - ok
20:24:28.0654 2240 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:24:28.0656 2240 bthserv - ok
20:24:28.0667 2240 catchme - ok
20:24:28.0686 2240 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:24:28.0687 2240 cdfs - ok
20:24:28.0719 2240 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:24:28.0722 2240 cdrom - ok
20:24:28.0731 2240 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:24:28.0732 2240 CertPropSvc - ok
20:24:28.0738 2240 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:24:28.0739 2240 circlass - ok
20:24:28.0759 2240 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:24:28.0763 2240 CLFS - ok
20:24:28.0838 2240 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:24:28.0841 2240 clr_optimization_v2.0.50727_32 - ok
20:24:28.0874 2240 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:24:28.0891 2240 clr_optimization_v2.0.50727_64 - ok
20:24:28.0973 2240 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:24:28.0974 2240 clr_optimization_v4.0.30319_32 - ok
20:24:29.0052 2240 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:24:29.0054 2240 clr_optimization_v4.0.30319_64 - ok
20:24:29.0058 2240 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:24:29.0059 2240 CmBatt - ok
20:24:29.0063 2240 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:24:29.0064 2240 cmdide - ok
20:24:29.0123 2240 cmuda3 (afbc0ac028b7498a7151f75d9bed4430) C:\Windows\system32\drivers\cmudax3.sys
20:24:29.0158 2240 cmuda3 - ok
20:24:29.0196 2240 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
20:24:29.0213 2240 CNG - ok
20:24:29.0217 2240 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:24:29.0218 2240 Compbatt - ok
20:24:29.0262 2240 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:24:29.0264 2240 CompositeBus - ok
20:24:29.0267 2240 COMSysApp - ok
20:24:29.0279 2240 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:24:29.0281 2240 crcdisk - ok
20:24:29.0317 2240 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
20:24:29.0319 2240 CryptSvc - ok
20:24:29.0357 2240 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
20:24:29.0363 2240 CSC - ok
20:24:29.0392 2240 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
20:24:29.0401 2240 CscService - ok
20:24:29.0433 2240 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:24:29.0441 2240 DcomLaunch - ok
20:24:29.0474 2240 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:24:29.0478 2240 defragsvc - ok
20:24:29.0528 2240 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:24:29.0531 2240 DfsC - ok
20:24:29.0552 2240 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
20:24:29.0556 2240 Dhcp - ok
20:24:29.0568 2240 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:24:29.0569 2240 discache - ok
20:24:29.0581 2240 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:24:29.0583 2240 Disk - ok
20:24:29.0612 2240 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
20:24:29.0614 2240 Dnscache - ok
20:24:29.0728 2240 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
20:24:29.0744 2240 dot3svc - ok
20:24:29.0752 2240 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
20:24:29.0754 2240 DPS - ok
20:24:29.0786 2240 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:24:29.0787 2240 drmkaud - ok
20:24:29.0838 2240 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:24:29.0873 2240 DXGKrnl - ok
20:24:29.0914 2240 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:24:29.0917 2240 EapHost - ok
20:24:30.0232 2240 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:24:30.0281 2240 ebdrv - ok
20:24:30.0530 2240 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
20:24:30.0532 2240 EFS - ok
20:24:30.0571 2240 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
20:24:30.0580 2240 ehRecvr - ok
20:24:30.0591 2240 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:24:30.0592 2240 ehSched - ok
20:24:30.0631 2240 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:24:30.0638 2240 elxstor - ok
20:24:30.0653 2240 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:24:30.0655 2240 ErrDev - ok
20:24:30.0681 2240 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:24:30.0686 2240 EventSystem - ok
20:24:30.0706 2240 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:24:30.0708 2240 exfat - ok
20:24:30.0727 2240 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:24:30.0731 2240 fastfat - ok
20:24:30.0773 2240 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
20:24:30.0782 2240 Fax - ok
20:24:30.0787 2240 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:24:30.0788 2240 fdc - ok
20:24:30.0807 2240 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:24:30.0808 2240 fdPHost - ok
20:24:30.0817 2240 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:24:30.0818 2240 FDResPub - ok
20:24:30.0835 2240 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:24:30.0836 2240 FileInfo - ok
20:24:30.0848 2240 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:24:30.0850 2240 Filetrace - ok
20:24:30.0853 2240 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:24:30.0855 2240 flpydisk - ok
20:24:30.0875 2240 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:24:30.0878 2240 FltMgr - ok
20:24:31.0068 2240 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
20:24:31.0083 2240 FontCache - ok
20:24:31.0121 2240 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:24:31.0122 2240 FontCache3.0.0.0 - ok
20:24:31.0150 2240 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:24:31.0151 2240 FsDepends - ok
20:24:31.0171 2240 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
20:24:31.0185 2240 Fs_Rec - ok
20:24:31.0202 2240 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
20:24:31.0206 2240 fvevol - ok
20:24:31.0220 2240 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:24:31.0222 2240 gagp30kx - ok
20:24:31.0387 2240 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
20:24:31.0397 2240 gpsvc - ok
20:24:31.0402 2240 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:24:31.0403 2240 hcw85cir - ok
20:24:31.0476 2240 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:24:31.0481 2240 HdAudAddService - ok
20:24:31.0523 2240 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:24:31.0525 2240 HDAudBus - ok
20:24:31.0528 2240 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:24:31.0531 2240 HidBatt - ok
20:24:31.0538 2240 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:24:31.0541 2240 HidBth - ok
20:24:31.0580 2240 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:24:31.0581 2240 HidIr - ok
20:24:31.0595 2240 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:24:31.0596 2240 hidserv - ok
20:24:31.0621 2240 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:24:31.0623 2240 HidUsb - ok
20:24:31.0646 2240 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
20:24:31.0648 2240 hkmsvc - ok
20:24:31.0663 2240 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
20:24:31.0667 2240 HomeGroupListener - ok
20:24:31.0690 2240 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
20:24:31.0693 2240 HomeGroupProvider - ok
20:24:31.0701 2240 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:24:31.0702 2240 HpSAMD - ok
20:24:31.0735 2240 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:24:31.0743 2240 HTTP - ok
20:24:31.0760 2240 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:24:31.0761 2240 hwpolicy - ok
20:24:31.0770 2240 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:24:31.0773 2240 i8042prt - ok
20:24:31.0800 2240 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
20:24:31.0806 2240 iaStorV - ok
20:24:31.0887 2240 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:24:31.0897 2240 idsvc - ok
20:24:31.0903 2240 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:24:31.0905 2240 iirsp - ok
20:24:31.0940 2240 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
20:24:31.0950 2240 IKEEXT - ok
20:24:31.0955 2240 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:24:31.0957 2240 intelide - ok
20:24:31.0968 2240 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:24:31.0968 2240 intelppm - ok
20:24:31.0977 2240 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:24:31.0978 2240 IPBusEnum - ok
20:24:31.0995 2240 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:24:31.0996 2240 IpFilterDriver - ok
20:24:32.0025 2240 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
20:24:32.0032 2240 iphlpsvc - ok
20:24:32.0040 2240 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:24:32.0041 2240 IPMIDRV - ok
20:24:32.0050 2240 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:24:32.0051 2240 IPNAT - ok
20:24:32.0083 2240 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:24:32.0085 2240 IRENUM - ok
20:24:32.0090 2240 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:24:32.0091 2240 isapnp - ok
20:24:32.0105 2240 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:24:32.0108 2240 iScsiPrt - ok
20:24:32.0117 2240 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:24:32.0118 2240 kbdclass - ok
20:24:32.0123 2240 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:24:32.0125 2240 kbdhid - ok
20:24:32.0153 2240 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:24:32.0155 2240 KeyIso - ok
20:24:32.0216 2240 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
20:24:32.0217 2240 KSecDD - ok
20:24:32.0235 2240 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
20:24:32.0237 2240 KSecPkg - ok
20:24:32.0256 2240 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:24:32.0257 2240 ksthunk - ok
20:24:32.0293 2240 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:24:32.0300 2240 KtmRm - ok
20:24:32.0336 2240 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
20:24:32.0340 2240 LanmanServer - ok
20:24:32.0356 2240 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
20:24:32.0358 2240 LanmanWorkstation - ok
20:24:32.0382 2240 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:24:32.0385 2240 lltdio - ok
20:24:32.0405 2240 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:24:32.0410 2240 lltdsvc - ok
20:24:32.0447 2240 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:24:32.0448 2240 lmhosts - ok
20:24:32.0473 2240 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:24:32.0476 2240 LSI_FC - ok
20:24:32.0482 2240 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:24:32.0485 2240 LSI_SAS - ok
20:24:32.0490 2240 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:24:32.0491 2240 LSI_SAS2 - ok
20:24:32.0498 2240 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:24:32.0500 2240 LSI_SCSI - ok
20:24:32.0518 2240 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:24:32.0520 2240 luafv - ok
20:24:32.0540 2240 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
20:24:32.0542 2240 Mcx2Svc - ok
20:24:32.0546 2240 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:24:32.0547 2240 megasas - ok
20:24:32.0563 2240 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:24:32.0567 2240 MegaSR - ok
20:24:32.0577 2240 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:24:32.0578 2240 MMCSS - ok
20:24:32.0583 2240 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:24:32.0585 2240 Modem - ok
20:24:32.0593 2240 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:24:32.0595 2240 monitor - ok
20:24:32.0608 2240 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:24:32.0610 2240 mouclass - ok
20:24:32.0622 2240 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:24:32.0625 2240 mouhid - ok
20:24:32.0640 2240 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:24:32.0641 2240 mountmgr - ok
20:24:32.0685 2240 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:24:32.0687 2240 MozillaMaintenance - ok
20:24:32.0697 2240 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:24:32.0700 2240 mpio - ok
20:24:32.0711 2240 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:24:32.0712 2240 mpsdrv - ok
20:24:32.0746 2240 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
20:24:32.0756 2240 MpsSvc - ok
20:24:32.0767 2240 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:24:32.0768 2240 MRxDAV - ok
20:24:32.0798 2240 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:32.0801 2240 mrxsmb - ok
20:24:32.0822 2240 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:32.0826 2240 mrxsmb10 - ok
20:24:32.0840 2240 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:32.0842 2240 mrxsmb20 - ok
20:24:32.0851 2240 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:24:32.0852 2240 msahci - ok
20:24:32.0862 2240 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:24:32.0865 2240 msdsm - ok
20:24:32.0882 2240 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:24:32.0885 2240 MSDTC - ok
20:24:32.0907 2240 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:24:32.0907 2240 Msfs - ok
20:24:32.0918 2240 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:24:32.0918 2240 mshidkmdf - ok
20:24:32.0930 2240 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:24:32.0931 2240 msisadrv - ok
20:24:32.0956 2240 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:24:32.0958 2240 MSiSCSI - ok
20:24:32.0960 2240 msiserver - ok
20:24:33.0006 2240 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:24:33.0007 2240 MSKSSRV - ok
20:24:33.0016 2240 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:33.0017 2240 MSPCLOCK - ok
20:24:33.0027 2240 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:24:33.0027 2240 MSPQM - ok
20:24:33.0052 2240 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:24:33.0056 2240 MsRPC - ok
20:24:33.0070 2240 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:24:33.0071 2240 mssmbios - ok
20:24:33.0073 2240 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:24:33.0075 2240 MSTEE - ok
20:24:33.0088 2240 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:24:33.0091 2240 MTConfig - ok
20:24:33.0107 2240 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:24:33.0108 2240 Mup - ok
20:24:33.0131 2240 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
20:24:33.0136 2240 napagent - ok
20:24:33.0166 2240 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:24:33.0170 2240 NativeWifiP - ok
20:24:33.0215 2240 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:24:33.0223 2240 NDIS - ok
20:24:33.0228 2240 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:24:33.0230 2240 NdisCap - ok
20:24:33.0238 2240 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:33.0240 2240 NdisTapi - ok
20:24:33.0250 2240 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:33.0251 2240 Ndisuio - ok
20:24:33.0266 2240 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:33.0268 2240 NdisWan - ok
20:24:33.0282 2240 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:24:33.0283 2240 NDProxy - ok
20:24:33.0290 2240 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:24:33.0291 2240 NetBIOS - ok
20:24:33.0306 2240 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:24:33.0308 2240 NetBT - ok
20:24:33.0335 2240 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:24:33.0336 2240 Netlogon - ok
20:24:33.0357 2240 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:24:33.0363 2240 Netman - ok
20:24:33.0458 2240 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:33.0465 2240 NetMsmqActivator - ok
20:24:33.0467 2240 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:33.0470 2240 NetPipeActivator - ok
20:24:33.0493 2240 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:24:33.0501 2240 netprofm - ok
20:24:33.0503 2240 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:33.0506 2240 NetTcpActivator - ok
20:24:33.0508 2240 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:33.0511 2240 NetTcpPortSharing - ok
20:24:33.0563 2240 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:24:33.0566 2240 nfrd960 - ok
20:24:33.0600 2240 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
20:24:33.0603 2240 NlaSvc - ok
20:24:33.0615 2240 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:24:33.0616 2240 Npfs - ok
20:24:33.0630 2240 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:24:33.0631 2240 nsi - ok
20:24:33.0661 2240 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:24:33.0661 2240 nsiproxy - ok
20:24:33.0722 2240 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
20:24:33.0757 2240 Ntfs - ok
20:24:33.0821 2240 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:24:33.0822 2240 Null - ok
20:24:33.0892 2240 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
20:24:33.0896 2240 NVHDA - ok
20:24:34.0292 2240 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:24:34.0480 2240 nvlddmkm - ok
20:24:34.0542 2240 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
20:24:34.0546 2240 nvraid - ok
20:24:34.0553 2240 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
20:24:34.0557 2240 nvstor - ok
20:24:34.0603 2240 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
20:24:34.0615 2240 nvsvc - ok
20:24:34.0717 2240 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:24:34.0727 2240 nvUpdatusService - ok
20:24:34.0772 2240 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:24:34.0773 2240 nv_agp - ok
20:24:34.0778 2240 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:24:34.0780 2240 ohci1394 - ok
20:24:34.0807 2240 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:24:34.0810 2240 p2pimsvc - ok
20:24:34.0831 2240 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:24:34.0836 2240 p2psvc - ok
20:24:34.0842 2240 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:24:34.0845 2240 Parport - ok
20:24:34.0867 2240 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
20:24:34.0868 2240 partmgr - ok
20:24:34.0880 2240 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:24:34.0883 2240 PcaSvc - ok
20:24:34.0900 2240 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:24:34.0902 2240 pci - ok
20:24:34.0906 2240 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:24:34.0908 2240 pciide - ok
20:24:34.0922 2240 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:24:34.0926 2240 pcmcia - ok
20:24:34.0941 2240 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:24:34.0941 2240 pcw - ok
20:24:34.0966 2240 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:24:34.0972 2240 PEAUTH - ok
20:24:35.0052 2240 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:24:35.0066 2240 PeerDistSvc - ok
20:24:35.0158 2240 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:24:35.0160 2240 PerfHost - ok
20:24:35.0238 2240 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
20:24:35.0270 2240 pla - ok
20:24:35.0310 2240 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
20:24:35.0315 2240 PlugPlay - ok
20:24:35.0328 2240 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:24:35.0330 2240 PNRPAutoReg - ok
20:24:35.0348 2240 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:24:35.0351 2240 PNRPsvc - ok
20:24:35.0402 2240 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
20:24:35.0407 2240 PolicyAgent - ok
20:24:35.0425 2240 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:24:35.0427 2240 Power - ok
20:24:35.0455 2240 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:24:35.0456 2240 PptpMiniport - ok
20:24:35.0471 2240 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:24:35.0472 2240 Processor - ok
20:24:35.0496 2240 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
20:24:35.0498 2240 ProfSvc - ok
20:24:35.0525 2240 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:24:35.0525 2240 ProtectedStorage - ok
20:24:35.0543 2240 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:24:35.0545 2240 Psched - ok
20:24:35.0632 2240 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:24:35.0666 2240 ql2300 - ok
20:24:35.0756 2240 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:24:35.0758 2240 ql40xx - ok
20:24:35.0783 2240 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:24:35.0787 2240 QWAVE - ok
20:24:35.0798 2240 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:24:35.0800 2240 QWAVEdrv - ok
20:24:35.0803 2240 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:24:35.0805 2240 RasAcd - ok
20:24:35.0820 2240 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:24:35.0821 2240 RasAgileVpn - ok
20:24:35.0836 2240 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:24:35.0840 2240 RasAuto - ok
20:24:35.0851 2240 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:35.0853 2240 Rasl2tp - ok
20:24:35.0873 2240 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
20:24:35.0878 2240 RasMan - ok
20:24:35.0890 2240 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:35.0891 2240 RasPppoe - ok
20:24:35.0902 2240 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:24:35.0903 2240 RasSstp - ok
20:24:35.0941 2240 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:24:35.0945 2240 rdbss - ok
20:24:35.0953 2240 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:24:35.0955 2240 rdpbus - ok
20:24:35.0975 2240 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:35.0975 2240 RDPCDD - ok
20:24:35.0998 2240 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
20:24:36.0016 2240 RDPDR - ok
20:24:36.0038 2240 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:24:36.0040 2240 RDPENCDD - ok
20:24:36.0051 2240 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:24:36.0051 2240 RDPREFMP - ok
20:24:36.0080 2240 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
20:24:36.0092 2240 RDPWD - ok
20:24:36.0108 2240 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:24:36.0111 2240 rdyboost - ok
20:24:36.0150 2240 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:24:36.0152 2240 RemoteAccess - ok
20:24:36.0168 2240 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:24:36.0172 2240 RemoteRegistry - ok
20:24:36.0186 2240 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:24:36.0188 2240 RpcEptMapper - ok
20:24:36.0198 2240 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:24:36.0201 2240 RpcLocator - ok
20:24:36.0226 2240 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:24:36.0231 2240 RpcSs - ok
20:24:36.0242 2240 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:24:36.0245 2240 rspndr - ok
20:24:36.0310 2240 RTL8192Ce (7b6776d2c449310fa9052f7940347c49) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
20:24:36.0328 2240 RTL8192Ce - ok
20:24:36.0345 2240 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
20:24:36.0346 2240 s3cap - ok
20:24:36.0365 2240 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:24:36.0366 2240 SamSs - ok
20:24:36.0376 2240 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:24:36.0378 2240 sbp2port - ok
20:24:36.0397 2240 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:24:36.0401 2240 SCardSvr - ok
20:24:36.0417 2240 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:24:36.0418 2240 scfilter - ok
20:24:36.0475 2240 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
20:24:36.0500 2240 Schedule - ok
20:24:36.0522 2240 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:24:36.0523 2240 SCPolicySvc - ok
20:24:36.0542 2240 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
20:24:36.0546 2240 SDRSVC - ok
20:24:36.0606 2240 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:24:36.0608 2240 secdrv - ok
20:24:36.0615 2240 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
20:24:36.0616 2240 seclogon - ok
20:24:36.0628 2240 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:24:36.0631 2240 SENS - ok
20:24:36.0636 2240 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:24:36.0637 2240 SensrSvc - ok
20:24:36.0673 2240 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:24:36.0675 2240 Serenum - ok
20:24:36.0700 2240 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:24:36.0702 2240 Serial - ok
20:24:36.0720 2240 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:24:36.0721 2240 sermouse - ok
20:24:36.0745 2240 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
20:24:36.0747 2240 SessionEnv - ok
20:24:36.0751 2240 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:24:36.0752 2240 sffdisk - ok
20:24:36.0756 2240 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:24:36.0756 2240 sffp_mmc - ok
20:24:36.0763 2240 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:24:36.0765 2240 sffp_sd - ok
20:24:36.0767 2240 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:24:36.0768 2240 sfloppy - ok
20:24:36.0817 2240 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:24:36.0822 2240 SharedAccess - ok
20:24:36.0847 2240 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
20:24:36.0853 2240 ShellHWDetection - ok
20:24:36.0863 2240 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:24:36.0866 2240 SiSRaid2 - ok
20:24:36.0880 2240 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:24:36.0882 2240 SiSRaid4 - ok
20:24:37.0027 2240 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:24:37.0081 2240 Skype C2C Service - ok
20:24:37.0133 2240 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:24:37.0136 2240 SkypeUpdate - ok
20:24:37.0207 2240 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:24:37.0208 2240 Smb - ok
20:24:37.0238 2240 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:24:37.0241 2240 SNMPTRAP - ok
20:24:37.0253 2240 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:24:37.0255 2240 spldr - ok
20:24:37.0292 2240 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
20:24:37.0298 2240 Spooler - ok
20:24:37.0405 2240 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
20:24:37.0422 2240 sppsvc - ok
20:24:37.0467 2240 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:24:37.0468 2240 sppuinotify - ok
20:24:37.0506 2240 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:24:37.0511 2240 srv - ok
20:24:37.0535 2240 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:24:37.0540 2240 srv2 - ok
20:24:37.0552 2240 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:24:37.0555 2240 srvnet - ok
20:24:37.0572 2240 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:24:37.0573 2240 SSDPSRV - ok
20:24:37.0588 2240 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:24:37.0591 2240 SstpSvc - ok
20:24:37.0661 2240 Steam Client Service - ok
20:24:37.0737 2240 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:24:37.0741 2240 Stereo Service - ok
20:24:37.0762 2240 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:24:37.0763 2240 stexstor - ok
20:24:37.0797 2240 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
20:24:37.0805 2240 stisvc - ok
20:24:37.0823 2240 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:24:37.0825 2240 storflt - ok
20:24:37.0828 2240 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:24:37.0831 2240 StorSvc - ok
20:24:37.0878 2240 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
20:24:37.0880 2240 storvsc - ok
20:24:37.0893 2240 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:24:37.0896 2240 swenum - ok
20:24:37.0917 2240 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:24:37.0925 2240 swprv - ok
20:24:38.0003 2240 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
20:24:38.0038 2240 SysMain - ok
20:24:38.0116 2240 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
20:24:38.0118 2240 TabletInputService - ok
20:24:38.0142 2240 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
20:24:38.0146 2240 TapiSrv - ok
20:24:38.0156 2240 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:24:38.0158 2240 TBS - ok
20:24:38.0243 2240 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
20:24:38.0276 2240 Tcpip - ok
20:24:38.0376 2240 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
20:24:38.0391 2240 TCPIP6 - ok
20:24:38.0437 2240 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:24:38.0440 2240 tcpipreg - ok
20:24:38.0455 2240 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:24:38.0456 2240 TDPIPE - ok
20:24:38.0476 2240 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
20:24:38.0478 2240 TDTCP - ok
20:24:38.0495 2240 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:24:38.0496 2240 tdx - ok
20:24:38.0531 2240 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:24:38.0532 2240 TermDD - ok
20:24:38.0577 2240 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
20:24:38.0585 2240 TermService - ok
20:24:38.0595 2240 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:24:38.0597 2240 Themes - ok
20:24:38.0612 2240 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:24:38.0613 2240 THREADORDER - ok
20:24:38.0632 2240 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:24:38.0635 2240 TrkWks - ok
20:24:38.0673 2240 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
20:24:38.0676 2240 TrustedInstaller - ok
20:24:38.0692 2240 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:38.0693 2240 tssecsrv - ok
20:24:38.0745 2240 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:24:38.0747 2240 tunnel - ok
20:24:38.0755 2240 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:24:38.0756 2240 uagp35 - ok
20:24:38.0781 2240 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:24:38.0785 2240 udfs - ok
20:24:38.0801 2240 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:24:38.0803 2240 UI0Detect - ok
20:24:38.0815 2240 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:24:38.0817 2240 uliagpkx - ok
20:24:38.0836 2240 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:24:38.0837 2240 umbus - ok
20:24:38.0853 2240 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:24:38.0856 2240 UmPass - ok
20:24:38.0875 2240 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
20:24:38.0878 2240 UmRdpService - ok
20:24:38.0902 2240 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:24:38.0908 2240 upnphost - ok
20:24:38.0960 2240 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
20:24:38.0966 2240 usbaudio - ok
20:24:38.0978 2240 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:38.0980 2240 usbccgp - ok
20:24:38.0998 2240 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:24:39.0001 2240 usbcir - ok
20:24:39.0018 2240 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
20:24:39.0020 2240 usbehci - ok
20:24:39.0043 2240 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
20:24:39.0048 2240 usbhub - ok
20:24:39.0061 2240 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:24:39.0062 2240 usbohci - ok
20:24:39.0067 2240 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:24:39.0070 2240 usbprint - ok
20:24:39.0090 2240 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:39.0092 2240 USBSTOR - ok
20:24:39.0097 2240 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:24:39.0098 2240 usbuhci - ok
20:24:39.0111 2240 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:24:39.0113 2240 UxSms - ok
20:24:39.0137 2240 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:24:39.0138 2240 VaultSvc - ok
20:24:39.0165 2240 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:24:39.0166 2240 vdrvroot - ok
20:24:39.0190 2240 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
20:24:39.0197 2240 vds - ok
20:24:39.0203 2240 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:39.0205 2240 vga - ok
20:24:39.0220 2240 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:24:39.0221 2240 VgaSave - ok
20:24:39.0235 2240 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:24:39.0238 2240 vhdmp - ok
20:24:39.0243 2240 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:24:39.0245 2240 viaide - ok
20:24:39.0275 2240 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
20:24:39.0277 2240 vmbus - ok
20:24:39.0282 2240 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:24:39.0283 2240 VMBusHID - ok
20:24:39.0302 2240 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:24:39.0303 2240 volmgr - ok
20:24:39.0321 2240 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:24:39.0325 2240 volmgrx - ok
20:24:39.0347 2240 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:24:39.0351 2240 volsnap - ok
20:24:39.0378 2240 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:24:39.0381 2240 vsmraid - ok
20:24:39.0435 2240 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
20:24:39.0463 2240 VSS - ok
20:24:39.0538 2240 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:24:39.0540 2240 vwifibus - ok
20:24:39.0562 2240 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:24:39.0563 2240 vwififlt - ok
20:24:39.0591 2240 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:24:39.0592 2240 vwifimp - ok
20:24:39.0623 2240 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:24:39.0630 2240 W32Time - ok
20:24:39.0636 2240 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:24:39.0638 2240 WacomPen - ok
20:24:39.0662 2240 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:39.0665 2240 WANARP - ok
20:24:39.0667 2240 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:39.0668 2240 Wanarpv6 - ok
20:24:39.0738 2240 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:24:39.0763 2240 WatAdminSvc - ok
20:24:39.0857 2240 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
20:24:39.0883 2240 wbengine - ok
20:24:39.0925 2240 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:24:39.0930 2240 WbioSrvc - ok
20:24:39.0951 2240 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
20:24:39.0957 2240 wcncsvc - ok
20:24:39.0970 2240 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:24:39.0972 2240 WcsPlugInService - ok
20:24:39.0988 2240 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:24:39.0990 2240 Wd - ok
20:24:40.0022 2240 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:24:40.0030 2240 Wdf01000 - ok
20:24:40.0047 2240 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:24:40.0051 2240 WdiServiceHost - ok
20:24:40.0053 2240 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:24:40.0056 2240 WdiSystemHost - ok
20:24:40.0071 2240 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
20:24:40.0075 2240 WebClient - ok
20:24:40.0091 2240 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:24:40.0096 2240 Wecsvc - ok
20:24:40.0105 2240 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:24:40.0107 2240 wercplsupport - ok
20:24:40.0128 2240 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:24:40.0132 2240 WerSvc - ok
20:24:40.0153 2240 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:24:40.0155 2240 WfpLwf - ok
20:24:40.0160 2240 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:24:40.0161 2240 WIMMount - ok
20:24:40.0172 2240 WinDefend - ok
20:24:40.0178 2240 WinHttpAutoProxySvc - ok
20:24:40.0266 2240 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:24:40.0280 2240 Winmgmt - ok
20:24:40.0345 2240 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
20:24:40.0385 2240 WinRM - ok
20:24:40.0438 2240 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
20:24:40.0441 2240 WinUsb - ok
20:24:40.0512 2240 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:24:40.0525 2240 Wlansvc - ok
20:24:40.0643 2240 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:24:40.0683 2240 wlidsvc - ok
20:24:40.0756 2240 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:24:40.0756 2240 WmiAcpi - ok
20:24:40.0805 2240 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:24:40.0808 2240 wmiApSrv - ok
20:24:40.0830 2240 WMPNetworkSvc - ok
20:24:40.0843 2240 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:24:40.0846 2240 WPCSvc - ok
20:24:40.0861 2240 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
20:24:40.0863 2240 WPDBusEnum - ok
20:24:40.0876 2240 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:24:40.0877 2240 ws2ifsl - ok
20:24:40.0903 2240 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:24:40.0906 2240 wscsvc - ok
20:24:40.0908 2240 WSearch - ok
20:24:41.0000 2240 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:24:41.0042 2240 wuauserv - ok
20:24:41.0088 2240 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:24:41.0091 2240 WudfPf - ok
20:24:41.0130 2240 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:24:41.0132 2240 WUDFRd - ok
20:24:41.0151 2240 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
20:24:41.0153 2240 wudfsvc - ok
20:24:41.0170 2240 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:24:41.0173 2240 WwanSvc - ok
20:24:41.0217 2240 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:24:41.0437 2240 \Device\Harddisk0\DR0 - ok
20:24:41.0466 2240 Boot (0x1200) (7cac3838691a0ded82129809efaddd0c) \Device\Harddisk0\DR0\Partition0
20:24:41.0468 2240 \Device\Harddisk0\DR0\Partition0 - ok
20:24:41.0478 2240 Boot (0x1200) (e6dec09603e369072ed43c2843909bac) \Device\Harddisk0\DR0\Partition1
20:24:41.0480 2240 \Device\Harddisk0\DR0\Partition1 - ok
20:24:41.0481 2240 ============================================================
20:24:41.0481 2240 Scan finished
20:24:41.0481 2240 ============================================================
20:24:41.0488 4648 Detected object count: 0
20:24:41.0488 4648 Actual detected object count: 0
20:24:47.0627 2568 Deinitialize success

mbam-log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.12

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Smewhen :: IMHOTEP_PR [administrator]

Protection: Disabled

7/16/2012 8:33:43 PM
mbam-log-2012-07-16 (20-33-43).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 431141
Time elapsed: 52 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 17 July 2012 - 10:35 AM

What, if any, symptoms are you still having? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Control Panel > Programs > Uninstall a program, and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name and select "uninstall".
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the insatller you just downloaded
Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 smewhen

smewhen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 17 July 2012 - 11:34 PM

It seems to be running fine now, the error prompts no longer so up, and AVG has been showing no infections

ESET log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1a0d407d7f76f94b82e0f8dfd4c96a27
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-17 11:17:18
# local_time=2012-07-17 07:17:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 7780118 7780118 0 0
# compatibility_mode=5893 16776574 100 94 7019657 94105519 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=216126
# found=0
# cleaned=0
# scan_time=4969

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 18 July 2012 - 05:19 PM

Good! Your logs look clean, also. All I have left for you is another update and some very important cleanup:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • aswMBR
  • unhide
  • TDSSKiller
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 smewhen

smewhen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 19 July 2012 - 10:30 AM

Adobe is updated now
combofix is uninstalled and all other programs are deleted along with the logs
TFX has beend downloaded and run

Thank you very much for helping me through this

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 19 July 2012 - 04:44 PM

You're welcome, smewhen. Take care!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 20 July 2012 - 09:59 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users