Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

audio ads playing in the background


  • This topic is locked This topic is locked
32 replies to this topic

#1 cloud4571

cloud4571

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 18 July 2012 - 09:49 AM

i keep hearing ads in the background and i also cant install avast it cant connect to there server to confirm registration. i have ran avg malware bytes and adaware all in safe mode and they dont detect anything. im running win xp 32 on sp3

here my dds file

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Valued Customer at 21:09:07 on 2012-07-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1044 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
"C:\WINDOWS\system32\svchost.exe"
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\System Explorer\SystemExplorer.exe
C:\Documents and Settings\Valued Customer\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\System Explorer\service\SystemExplorerService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\LiquorPOS\liquorpos.exe
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SystemExplorerAutoStart] "c:\program files\system explorer\SystemExplorer.exe" /TRAY
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_ActiveX.exe -update activex
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\valued customer\application data\dropbox\bin\Dropbox.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
Trusted Zone: intuit.com\ttlc
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://192.168.1.25:88/webrec.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.74.162 68.87.68.162
TCP: Interfaces\{C6332164-82F7-4781-BB94-7CBA5185F03B} : DhcpNameServer = 68.87.74.162 68.87.68.162
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-19 64512]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-9-3 24064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-7 612184]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-21 655944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2009-9-3 176640]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-21 22344]
R3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [2009-9-22 893696]
R3 SystemExplorerHelpService;System Explorer Service;c:\program files\system explorer\service\SystemExplorerService.exe [2012-5-17 535000]
S0 cerc6;cerc6; [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-22 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
S2 mfservice;mfservice;c:\program files\virtual-protect\myfolder2.5\mfservice.exe --> c:\program files\virtual-protect\myfolder2.5\mfservice.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-1-8 30312]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-1-2 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-1-2 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-22 136176]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
S3 mfkrnl2;mfkrnl2;\??\c:\program files\virtual-protect\myfolder2.5\mfkrnl.sys --> c:\program files\virtual-protect\myfolder2.5\mfkrnl.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2012-5-14 30576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-1-9 19056]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-1-8 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-1-8 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-1-8 121576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-18 01:03:36 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2012-07-17 15:07:55 388096 ----a-r- c:\documents and settings\valued customer\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-07-17 15:07:54 -------- d-----w- c:\program files\Trend Micro
2012-07-16 15:23:48 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-22 00:06:24 -------- d-----w- c:\documents and settings\valued customer\local settings\application data\Sun
2012-06-21 00:26:46 212240 --s-a-w- c:\windows\system32\richtx32.ocx
2012-06-21 00:26:46 109248 --s-a-w- c:\windows\system32\mswinsck.ocx
2012-06-21 00:26:45 438976 --s-a-w- c:\windows\system32\mshflxgd.ocx
2012-06-21 00:26:45 115920 --s-a-w- c:\windows\system32\msinet.ocx
2012-06-21 00:26:44 77824 ----a-w- c:\windows\system32\MSBIND.DLL
2012-06-21 00:26:44 608448 ----a-w- c:\windows\system32\comctl32.ocx
2012-06-21 00:26:44 232248 ----a-w- c:\windows\system32\MSDATLST.OCX
2012-06-21 00:26:44 198848 --s-a-w- c:\windows\system32\mci32.ocx
2012-06-21 00:26:44 172032 --s-a-w- c:\windows\system32\AniGIF.ocx
2012-06-21 00:26:44 152848 ----a-w- c:\windows\system32\comdlg32.ocx
2012-06-21 00:26:43 -------- d-----w- c:\program files\Atomic Entertainment
2012-06-20 23:58:40 -------- d-----w- c:\program files\Zidane_Games
.
==================== Find3M ====================
.
2012-07-12 18:28:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 18:28:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 08:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x89DB7AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Ide\IdeDeviceP0T0L0-3[0x89DD1B00]
kernel: MBR read successfully
_asm { NOP ; XOR AX, AX; NOP ; MOV DS, AX; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; NOP ; MOV DI, 0x600; NOP ; MOV CX, 0x80; NOP ; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x626; }
user != kernel MBR !!!
.
============= FINISH: 21:09:46.57 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 PM

Posted 19 July 2012 - 12:39 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cloud4571

cloud4571
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 19 July 2012 - 02:19 PM

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Lavasoft Ad-Watch Live! Anti-Virus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
JavaFX 2.1.0
Java™ 6 Update 20
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Malwarebytes Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 PM

Posted 19 July 2012 - 03:38 PM

very good let me have the report from combofix when it is complete



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cloud4571

cloud4571
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 19 July 2012 - 03:42 PM

yea im trying to its very big is there an easy way to post it
also where isthe log file saved

its so big. i cant even put 1/100th of it in a post
its a 16mb file its 841 pages
did i do something wrong

Edited by cloud4571, 19 July 2012 - 03:47 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 PM

Posted 19 July 2012 - 03:56 PM

Greetings

I want you to upload it to here and then send me the link to it

http://www.2shared.com/



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cloud4571

cloud4571
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 19 July 2012 - 04:01 PM

awesome thank you. this just saved me an hour
http://www.2shared.com/document/NE7mKPZy/combofix.html

Edited by cloud4571, 19 July 2012 - 04:01 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 PM

Posted 19 July 2012 - 04:53 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cloud4571

cloud4571
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 19 July 2012 - 05:27 PM

8:02:26.0359 1904 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
18:02:26.0687 1904 ============================================================
18:02:26.0687 1904 Current date / time: 2012/07/19 18:02:26.0687
18:02:26.0687 1904 SystemInfo:
18:02:26.0687 1904
18:02:26.0687 1904 OS Version: 5.1.2600 ServicePack: 3.0
18:02:26.0687 1904 Product type: Workstation
18:02:26.0687 1904 ComputerName: REGTHREE
18:02:26.0687 1904 UserName: Valued Customer
18:02:26.0687 1904 Windows directory: C:\WINDOWS
18:02:26.0687 1904 System windows directory: C:\WINDOWS
18:02:26.0687 1904 Processor architecture: Intel x86
18:02:26.0687 1904 Number of processors: 2
18:02:26.0687 1904 Page size: 0x1000
18:02:26.0687 1904 Boot type: Normal boot
18:02:26.0687 1904 ============================================================
18:02:30.0546 1904 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:02:30.0546 1904 ============================================================
18:02:30.0546 1904 \Device\Harddisk0\DR0:
18:02:30.0546 1904 MBR partitions:
18:02:30.0546 1904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x94E3276
18:02:30.0546 1904 ============================================================
18:02:30.0578 1904 C: <-> \Device\Harddisk0\DR0\Partition0
18:02:30.0578 1904 ============================================================
18:02:30.0578 1904 Initialize success
18:02:30.0578 1904 ============================================================
18:02:33.0359 2868 ============================================================
18:02:33.0359 2868 Scan started
18:02:33.0359 2868 Mode: Manual;
18:02:33.0359 2868 ============================================================
18:02:33.0859 2868 Abiosdsk - ok
18:02:33.0937 2868 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:02:33.0937 2868 abp480n5 - ok
18:02:33.0984 2868 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:02:33.0984 2868 ACPI - ok
18:02:34.0015 2868 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:02:34.0015 2868 ACPIEC - ok
18:02:34.0015 2868 adfs - ok
18:02:34.0062 2868 ADIHdAudAddService (803c7d4767132f2407431103055c9000) C:\WINDOWS\system32\drivers\ADIHdAud.sys
18:02:34.0078 2868 ADIHdAudAddService - ok
18:02:34.0140 2868 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:02:34.0140 2868 AdobeFlashPlayerUpdateSvc - ok
18:02:34.0187 2868 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:02:34.0187 2868 adpu160m - ok
18:02:34.0265 2868 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:02:34.0265 2868 aec - ok
18:02:34.0328 2868 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:02:34.0328 2868 AFD - ok
18:02:34.0375 2868 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:02:34.0375 2868 agp440 - ok
18:02:34.0375 2868 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:02:34.0375 2868 agpCPQ - ok
18:02:34.0390 2868 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:02:34.0390 2868 Aha154x - ok
18:02:34.0406 2868 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:02:34.0421 2868 aic78u2 - ok
18:02:34.0453 2868 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:02:34.0453 2868 aic78xx - ok
18:02:34.0484 2868 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:02:34.0484 2868 Alerter - ok
18:02:34.0515 2868 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:02:34.0515 2868 ALG - ok
18:02:34.0546 2868 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:02:34.0546 2868 AliIde - ok
18:02:34.0546 2868 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:02:34.0546 2868 alim1541 - ok
18:02:34.0546 2868 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:02:34.0546 2868 amdagp - ok
18:02:34.0593 2868 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:02:34.0593 2868 amsint - ok
18:02:34.0625 2868 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
18:02:34.0625 2868 androidusb - ok
18:02:34.0671 2868 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:02:34.0671 2868 AppMgmt - ok
18:02:34.0703 2868 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:02:34.0703 2868 asc - ok
18:02:34.0718 2868 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:02:34.0718 2868 asc3350p - ok
18:02:34.0718 2868 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:02:34.0718 2868 asc3550 - ok
18:02:34.0828 2868 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:02:34.0828 2868 aspnet_state - ok
18:02:34.0890 2868 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
18:02:34.0906 2868 aswSnx - ok
18:02:34.0937 2868 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:02:34.0937 2868 AsyncMac - ok
18:02:35.0031 2868 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:02:35.0031 2868 atapi - ok
18:02:35.0046 2868 Atdisk - ok
18:02:35.0062 2868 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:02:35.0062 2868 Atmarpc - ok
18:02:35.0109 2868 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:02:35.0109 2868 AudioSrv - ok
18:02:35.0156 2868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:02:35.0156 2868 audstub - ok
18:02:35.0453 2868 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe
18:02:35.0593 2868 AVGIDSAgent - ok
18:02:35.0796 2868 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
18:02:35.0812 2868 AVGIDSDriver - ok
18:02:35.0828 2868 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
18:02:35.0828 2868 AVGIDSFilter - ok
18:02:35.0843 2868 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
18:02:35.0843 2868 AVGIDSHX - ok
18:02:35.0890 2868 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
18:02:35.0890 2868 AVGIDSShim - ok
18:02:35.0953 2868 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:02:35.0968 2868 Avgldx86 - ok
18:02:35.0968 2868 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:02:35.0968 2868 Avgmfx86 - ok
18:02:35.0984 2868 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:02:35.0984 2868 Avgrkx86 - ok
18:02:36.0015 2868 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
18:02:36.0031 2868 Avgtdix - ok
18:02:36.0140 2868 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
18:02:36.0156 2868 avgwd - ok
18:02:36.0187 2868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:02:36.0187 2868 Beep - ok
18:02:36.0250 2868 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:02:36.0250 2868 BITS - ok
18:02:36.0312 2868 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
18:02:36.0312 2868 Bonjour Service - ok
18:02:36.0343 2868 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:02:36.0343 2868 Browser - ok
18:02:36.0500 2868 catchme - ok
18:02:36.0531 2868 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:02:36.0531 2868 cbidf - ok
18:02:36.0531 2868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:02:36.0531 2868 cbidf2k - ok
18:02:36.0578 2868 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:02:36.0578 2868 CCDECODE - ok
18:02:36.0609 2868 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:02:36.0609 2868 cd20xrnt - ok
18:02:36.0656 2868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:02:36.0656 2868 Cdaudio - ok
18:02:36.0687 2868 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:02:36.0687 2868 Cdfs - ok
18:02:36.0750 2868 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:02:36.0750 2868 Cdrom - ok
18:02:36.0750 2868 cerc6 - ok
18:02:36.0765 2868 Changer - ok
18:02:36.0796 2868 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:02:36.0796 2868 CiSvc - ok
18:02:36.0796 2868 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:02:36.0796 2868 ClipSrv - ok
18:02:36.0890 2868 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:02:36.0890 2868 clr_optimization_v2.0.50727_32 - ok
18:02:37.0046 2868 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:02:37.0062 2868 clr_optimization_v4.0.30319_32 - ok
18:02:37.0109 2868 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:02:37.0109 2868 CmdIde - ok
18:02:37.0125 2868 COMSysApp - ok
18:02:37.0156 2868 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:02:37.0171 2868 Cpqarray - ok
18:02:37.0218 2868 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:02:37.0218 2868 CryptSvc - ok
18:02:37.0265 2868 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:02:37.0281 2868 dac2w2k - ok
18:02:37.0390 2868 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:02:37.0390 2868 dac960nt - ok
18:02:37.0515 2868 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:02:37.0515 2868 DcomLaunch - ok
18:02:37.0578 2868 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:02:37.0578 2868 Dhcp - ok
18:02:37.0625 2868 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:02:37.0625 2868 Disk - ok
18:02:37.0640 2868 dmadmin - ok
18:02:37.0703 2868 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:02:37.0718 2868 dmboot - ok
18:02:37.0734 2868 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
18:02:37.0734 2868 dmio - ok
18:02:37.0734 2868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:02:37.0750 2868 dmload - ok
18:02:37.0781 2868 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:02:37.0781 2868 dmserver - ok
18:02:37.0828 2868 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:02:37.0828 2868 DMusic - ok
18:02:37.0875 2868 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:02:37.0875 2868 Dnscache - ok
18:02:37.0906 2868 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:02:37.0921 2868 Dot3svc - ok
18:02:37.0937 2868 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:02:37.0937 2868 dpti2o - ok
18:02:37.0937 2868 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:02:37.0937 2868 drmkaud - ok
18:02:37.0953 2868 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:02:37.0953 2868 EapHost - ok
18:02:37.0968 2868 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
18:02:37.0984 2868 epmntdrv - ok
18:02:37.0984 2868 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:02:37.0984 2868 ERSvc - ok
18:02:38.0015 2868 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
18:02:38.0015 2868 EuGdiDrv - ok
18:02:38.0046 2868 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:02:38.0062 2868 Eventlog - ok
18:02:38.0109 2868 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:02:38.0109 2868 EventSystem - ok
18:02:38.0171 2868 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:02:38.0171 2868 Fastfat - ok
18:02:38.0218 2868 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:02:38.0218 2868 FastUserSwitchingCompatibility - ok
18:02:38.0265 2868 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
18:02:38.0281 2868 Fax - ok
18:02:38.0328 2868 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:02:38.0328 2868 Fdc - ok
18:02:38.0375 2868 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:02:38.0375 2868 Fips - ok
18:02:38.0375 2868 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:02:38.0390 2868 Flpydisk - ok
18:02:38.0390 2868 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:02:38.0406 2868 FltMgr - ok
18:02:38.0515 2868 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:02:38.0515 2868 FontCache3.0.0.0 - ok
18:02:38.0546 2868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:02:38.0546 2868 Fs_Rec - ok
18:02:38.0562 2868 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:02:38.0562 2868 Ftdisk - ok
18:02:38.0609 2868 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:02:38.0609 2868 GEARAspiWDM - ok
18:02:38.0609 2868 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:02:38.0625 2868 Gpc - ok
18:02:38.0765 2868 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:02:38.0765 2868 gupdate - ok
18:02:38.0765 2868 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:02:38.0765 2868 gupdatem - ok
18:02:38.0843 2868 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:02:38.0843 2868 HDAudBus - ok
18:02:38.0921 2868 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:02:38.0921 2868 helpsvc - ok
18:02:38.0953 2868 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:02:38.0968 2868 HidServ - ok
18:02:39.0000 2868 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:02:39.0015 2868 hidusb - ok
18:02:39.0046 2868 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:02:39.0046 2868 hkmsvc - ok
18:02:39.0078 2868 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:02:39.0078 2868 hpn - ok
18:02:39.0125 2868 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:02:39.0140 2868 HTTP - ok
18:02:39.0187 2868 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:02:39.0187 2868 HTTPFilter - ok
18:02:39.0218 2868 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:02:39.0218 2868 i2omgmt - ok
18:02:39.0234 2868 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:02:39.0234 2868 i2omp - ok
18:02:39.0500 2868 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:02:39.0531 2868 ialm - ok
18:02:39.0812 2868 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:02:39.0812 2868 idsvc - ok
18:02:39.0984 2868 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:02:39.0984 2868 Imapi - ok
18:02:40.0031 2868 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:02:40.0031 2868 ImapiService - ok
18:02:40.0078 2868 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:02:40.0078 2868 ini910u - ok
18:02:40.0093 2868 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:02:40.0093 2868 IntelIde - ok
18:02:40.0125 2868 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:02:40.0125 2868 intelppm - ok
18:02:40.0156 2868 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:02:40.0156 2868 Ip6Fw - ok
18:02:40.0187 2868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:02:40.0187 2868 IpFilterDriver - ok
18:02:40.0203 2868 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:02:40.0203 2868 IpInIp - ok
18:02:40.0234 2868 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:02:40.0234 2868 IpNat - ok
18:02:40.0250 2868 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:02:40.0250 2868 IPSec - ok
18:02:40.0265 2868 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:02:40.0265 2868 IRENUM - ok
18:02:40.0296 2868 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:02:40.0312 2868 isapnp - ok
18:02:40.0437 2868 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
18:02:40.0453 2868 JavaQuickStarterService - ok
18:02:40.0500 2868 k57w2k (cb46c36f55cdfe4d20d9833e0f267c84) C:\WINDOWS\system32\DRIVERS\k57xp32.sys
18:02:40.0500 2868 k57w2k - ok
18:02:40.0531 2868 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:02:40.0531 2868 Kbdclass - ok
18:02:40.0562 2868 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:02:40.0562 2868 kbdhid - ok
18:02:40.0593 2868 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:02:40.0593 2868 kmixer - ok
18:02:40.0625 2868 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:02:40.0625 2868 KSecDD - ok
18:02:40.0656 2868 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:02:40.0671 2868 LanmanServer - ok
18:02:40.0718 2868 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:02:40.0718 2868 lanmanworkstation - ok
18:02:40.0890 2868 Lavasoft Ad-Aware Service (4d99fca201b72e0f2ca996e357baa170) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
18:02:40.0890 2868 Lavasoft Ad-Aware Service - ok
18:02:40.0984 2868 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
18:02:40.0984 2868 Lavasoft Kernexplorer - ok
18:02:41.0328 2868 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
18:02:41.0328 2868 Lbd - ok
18:02:41.0343 2868 lbrtfdc - ok
18:02:41.0375 2868 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:02:41.0390 2868 LmHosts - ok
18:02:41.0390 2868 lmimirr - ok
18:02:41.0390 2868 ManyCam - ok
18:02:41.0421 2868 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
18:02:41.0421 2868 MBAMProtector - ok
18:02:41.0484 2868 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:02:41.0484 2868 MBAMService - ok
18:02:41.0531 2868 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
18:02:41.0531 2868 mcdbus - ok
18:02:41.0562 2868 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:02:41.0578 2868 Messenger - ok
18:02:41.0578 2868 mfkrnl2 - ok
18:02:41.0578 2868 mfservice - ok
18:02:41.0609 2868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:02:41.0625 2868 mnmdd - ok
18:02:41.0640 2868 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:02:41.0656 2868 mnmsrvc - ok
18:02:41.0687 2868 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:02:41.0687 2868 Modem - ok
18:02:41.0765 2868 mosuport (63006c649d31cbdaf303f872caf04f98) C:\WINDOWS\system32\DRIVERS\mosuport.sys
18:02:41.0781 2868 mosuport - ok
18:02:41.0828 2868 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:02:41.0828 2868 Mouclass - ok
18:02:41.0843 2868 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:02:41.0859 2868 mouhid - ok
18:02:41.0875 2868 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:02:41.0875 2868 MountMgr - ok
18:02:41.0906 2868 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:02:41.0921 2868 mraid35x - ok
18:02:41.0921 2868 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:02:41.0921 2868 MRxDAV - ok
18:02:41.0984 2868 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:02:42.0000 2868 MRxSmb - ok
18:02:42.0140 2868 MSCamSvc (b03e3f64b70f8031e65eb26da23de91a) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
18:02:42.0140 2868 MSCamSvc - ok
18:02:42.0171 2868 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:02:42.0171 2868 MSDTC - ok
18:02:42.0203 2868 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:02:42.0203 2868 Msfs - ok
18:02:42.0234 2868 MSHUSBVideo (7a0f9cbdbdb135113b9a3c138e20c85d) C:\WINDOWS\system32\Drivers\nx6000.sys
18:02:42.0234 2868 MSHUSBVideo - ok
18:02:42.0234 2868 MSIServer - ok
18:02:42.0265 2868 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:02:42.0265 2868 MSKSSRV - ok
18:02:42.0281 2868 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:02:42.0281 2868 MSPCLOCK - ok
18:02:42.0296 2868 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:02:42.0296 2868 MSPQM - ok
18:02:42.0328 2868 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:02:42.0328 2868 mssmbios - ok
18:02:42.0343 2868 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:02:42.0343 2868 MSTEE - ok
18:02:42.0375 2868 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:02:42.0375 2868 Mup - ok
18:02:42.0406 2868 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:02:42.0406 2868 NABTSFEC - ok
18:02:42.0437 2868 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:02:42.0437 2868 napagent - ok
18:02:42.0484 2868 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:02:42.0484 2868 NDIS - ok
18:02:42.0531 2868 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:02:42.0531 2868 NdisIP - ok
18:02:42.0562 2868 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:02:42.0562 2868 NdisTapi - ok
18:02:42.0609 2868 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:02:42.0609 2868 Ndisuio - ok
18:02:42.0625 2868 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:02:42.0625 2868 NdisWan - ok
18:02:42.0671 2868 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:02:42.0671 2868 NDProxy - ok
18:02:42.0687 2868 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:02:42.0687 2868 NetBIOS - ok
18:02:42.0703 2868 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:02:42.0703 2868 NetBT - ok
18:02:42.0718 2868 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:02:42.0734 2868 NetDDE - ok
18:02:42.0734 2868 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:02:42.0734 2868 NetDDEdsdm - ok
18:02:42.0781 2868 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:02:42.0781 2868 Netlogon - ok
18:02:42.0828 2868 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:02:42.0828 2868 Netman - ok
18:02:42.0937 2868 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:02:42.0937 2868 NetTcpPortSharing - ok
18:02:42.0984 2868 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:02:43.0000 2868 Nla - ok
18:02:43.0046 2868 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:02:43.0046 2868 Npfs - ok
18:02:43.0125 2868 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:02:43.0125 2868 Ntfs - ok
18:02:43.0125 2868 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:02:43.0125 2868 NtLmSsp - ok
18:02:43.0187 2868 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:02:43.0187 2868 NtmsSvc - ok
18:02:43.0218 2868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:02:43.0218 2868 Null - ok
18:02:43.0250 2868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:02:43.0250 2868 NwlnkFlt - ok
18:02:43.0265 2868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:02:43.0265 2868 NwlnkFwd - ok
18:02:43.0343 2868 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:02:43.0343 2868 ose - ok
18:02:43.0812 2868 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:02:43.0843 2868 osppsvc - ok
18:02:44.0031 2868 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:02:44.0031 2868 Parport - ok
18:02:44.0046 2868 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:02:44.0046 2868 PartMgr - ok
18:02:44.0093 2868 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:02:44.0093 2868 ParVdm - ok
18:02:44.0218 2868 pbfilter (f678cd9e3afcc9264a514b941a85a9d4) C:\Program Files\PeerBlock\pbfilter.sys
18:02:44.0218 2868 pbfilter - ok
18:02:44.0218 2868 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:02:44.0218 2868 PCI - ok
18:02:44.0234 2868 PCIDump - ok
18:02:44.0234 2868 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:02:44.0234 2868 PCIIde - ok
18:02:44.0281 2868 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:02:44.0281 2868 Pcmcia - ok
18:02:44.0281 2868 PDCOMP - ok
18:02:44.0281 2868 PDFRAME - ok
18:02:44.0281 2868 PDRELI - ok
18:02:44.0296 2868 PDRFRAME - ok
18:02:44.0312 2868 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:02:44.0312 2868 perc2 - ok
18:02:44.0359 2868 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:02:44.0359 2868 perc2hib - ok
18:02:44.0406 2868 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:02:44.0421 2868 PlugPlay - ok
18:02:44.0437 2868 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:02:44.0437 2868 PolicyAgent - ok
18:02:44.0484 2868 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:02:44.0484 2868 PptpMiniport - ok
18:02:44.0484 2868 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:02:44.0500 2868 ProtectedStorage - ok
18:02:44.0500 2868 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:02:44.0500 2868 PSched - ok
18:02:44.0500 2868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:02:44.0500 2868 Ptilink - ok
18:02:44.0562 2868 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:02:44.0562 2868 PxHelp20 - ok
18:02:44.0609 2868 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:02:44.0609 2868 ql1080 - ok
18:02:44.0640 2868 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:02:44.0640 2868 Ql10wnt - ok
18:02:44.0656 2868 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:02:44.0656 2868 ql12160 - ok
18:02:44.0656 2868 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:02:44.0656 2868 ql1240 - ok
18:02:44.0671 2868 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:02:44.0671 2868 ql1280 - ok
18:02:44.0703 2868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:02:44.0703 2868 RasAcd - ok
18:02:44.0750 2868 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:02:44.0750 2868 RasAuto - ok
18:02:44.0796 2868 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:02:44.0796 2868 Rasl2tp - ok
18:02:44.0859 2868 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:02:44.0859 2868 RasMan - ok
18:02:44.0875 2868 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:02:44.0875 2868 RasPppoe - ok
18:02:45.0000 2868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:02:45.0000 2868 Raspti - ok
18:02:45.0031 2868 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:02:45.0031 2868 Rdbss - ok
18:02:45.0046 2868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:02:45.0046 2868 RDPCDD - ok
18:02:45.0109 2868 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:02:45.0109 2868 rdpdr - ok
18:02:45.0140 2868 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
18:02:45.0140 2868 RDPWD - ok
18:02:45.0171 2868 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:02:45.0171 2868 RDSessMgr - ok
18:02:45.0218 2868 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:02:45.0218 2868 redbook - ok
18:02:45.0250 2868 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:02:45.0250 2868 RemoteAccess - ok
18:02:45.0281 2868 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:02:45.0281 2868 RemoteRegistry - ok
18:02:45.0312 2868 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:02:45.0312 2868 RpcLocator - ok
18:02:45.0375 2868 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:02:45.0375 2868 RpcSs - ok
18:02:45.0421 2868 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:02:45.0421 2868 RSVP - ok
18:02:45.0453 2868 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:02:45.0453 2868 SamSs - ok
18:02:45.0484 2868 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:02:45.0500 2868 SCardSvr - ok
18:02:45.0531 2868 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:02:45.0531 2868 Schedule - ok
18:02:45.0562 2868 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:02:45.0562 2868 Secdrv - ok
18:02:45.0593 2868 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:02:45.0609 2868 seclogon - ok
18:02:45.0609 2868 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:02:45.0609 2868 SENS - ok
18:02:45.0656 2868 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:02:45.0656 2868 Serenum - ok
18:02:45.0656 2868 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:02:45.0671 2868 Serial - ok
18:02:45.0734 2868 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
18:02:45.0734 2868 SFAUDIO - ok
18:02:45.0734 2868 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:02:45.0734 2868 Sfloppy - ok
18:02:45.0750 2868 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:02:45.0765 2868 SharedAccess - ok
18:02:45.0812 2868 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:02:45.0828 2868 ShellHWDetection - ok
18:02:45.0828 2868 Simbad - ok
18:02:45.0859 2868 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:02:45.0859 2868 sisagp - ok
18:02:46.0015 2868 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:02:46.0015 2868 SLIP - ok
18:02:46.0046 2868 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:02:46.0046 2868 Sparrow - ok
18:02:46.0078 2868 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:02:46.0078 2868 splitter - ok
18:02:46.0125 2868 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:02:46.0140 2868 Spooler - ok
18:02:46.0578 2868 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:02:46.0593 2868 SQLWriter - ok
18:02:46.0609 2868 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:02:46.0609 2868 sr - ok
18:02:46.0609 2868 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:02:46.0625 2868 srservice - ok
18:02:46.0671 2868 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:02:46.0671 2868 Srv - ok
18:02:46.0703 2868 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
18:02:46.0718 2868 ssadbus - ok
18:02:46.0734 2868 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
18:02:46.0734 2868 ssadmdfl - ok
18:02:46.0750 2868 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
18:02:46.0750 2868 ssadmdm - ok
18:02:46.0781 2868 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
18:02:46.0796 2868 sscdbus - ok
18:02:46.0796 2868 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
18:02:46.0796 2868 sscdmdfl - ok
18:02:46.0812 2868 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
18:02:46.0812 2868 sscdmdm - ok
18:02:46.0859 2868 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:02:46.0859 2868 SSDPSRV - ok
18:02:46.0906 2868 Steam Client Service - ok
18:02:46.0953 2868 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:02:46.0953 2868 stisvc - ok
18:02:47.0000 2868 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:02:47.0000 2868 streamip - ok
18:02:47.0031 2868 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:02:47.0046 2868 swenum - ok
18:02:47.0078 2868 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:02:47.0093 2868 swmidi - ok
18:02:47.0093 2868 SwPrv - ok
18:02:47.0125 2868 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:02:47.0125 2868 symc810 - ok
18:02:47.0156 2868 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:02:47.0171 2868 symc8xx - ok
18:02:47.0203 2868 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:02:47.0203 2868 sym_hi - ok
18:02:47.0406 2868 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:02:47.0406 2868 sym_u3 - ok
18:02:47.0437 2868 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:02:47.0437 2868 sysaudio - ok
18:02:47.0468 2868 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:02:47.0468 2868 SysmonLog - ok
18:02:47.0562 2868 SystemExplorerHelpService (bd24dfc2382a2dadbfb5a15fcd53538e) C:\Program Files\System Explorer\service\SystemExplorerService.exe
18:02:47.0578 2868 SystemExplorerHelpService - ok
18:02:47.0640 2868 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:02:47.0640 2868 TapiSrv - ok
18:02:47.0687 2868 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:02:47.0703 2868 Tcpip - ok
18:02:47.0734 2868 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:02:47.0734 2868 TDPIPE - ok
18:02:47.0750 2868 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:02:47.0750 2868 TDTCP - ok
18:02:47.0796 2868 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:02:47.0796 2868 TermDD - ok
18:02:47.0812 2868 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:02:47.0812 2868 TermService - ok
18:02:47.0859 2868 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:02:47.0859 2868 Themes - ok
18:02:47.0906 2868 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:02:47.0921 2868 TlntSvr - ok
18:02:47.0937 2868 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:02:47.0953 2868 TosIde - ok
18:02:47.0968 2868 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:02:47.0968 2868 TrkWks - ok
18:02:48.0015 2868 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:02:48.0015 2868 Udfs - ok
18:02:48.0062 2868 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:02:48.0062 2868 ultra - ok
18:02:48.0093 2868 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
18:02:48.0109 2868 UMWdf - ok
18:02:48.0171 2868 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:02:48.0171 2868 Update - ok
18:02:48.0218 2868 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:02:48.0218 2868 upnphost - ok
18:02:48.0218 2868 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:02:48.0234 2868 UPS - ok
18:02:48.0234 2868 USBAAPL - ok
18:02:48.0265 2868 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:02:48.0281 2868 usbaudio - ok
18:02:48.0281 2868 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:02:48.0296 2868 usbccgp - ok
18:02:48.0343 2868 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:02:48.0343 2868 usbehci - ok
18:02:48.0343 2868 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:02:48.0359 2868 usbhub - ok
18:02:48.0406 2868 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:02:48.0406 2868 usbscan - ok
18:02:48.0453 2868 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:02:48.0453 2868 USBSTOR - ok
18:02:48.0453 2868 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:02:48.0453 2868 usbuhci - ok
18:02:48.0515 2868 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
18:02:48.0531 2868 usbvideo - ok
18:02:48.0531 2868 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:02:48.0531 2868 VgaSave - ok
18:02:48.0593 2868 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:02:48.0593 2868 viaagp - ok
18:02:48.0640 2868 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:02:48.0640 2868 ViaIde - ok
18:02:48.0656 2868 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:02:48.0656 2868 VolSnap - ok
18:02:48.0687 2868 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:02:48.0703 2868 VSS - ok
18:02:48.0781 2868 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:02:48.0781 2868 w32time - ok
18:02:48.0796 2868 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:02:48.0796 2868 Wanarp - ok
18:02:48.0859 2868 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:02:48.0875 2868 Wdf01000 - ok
18:02:48.0875 2868 WDICA - ok
18:02:48.0921 2868 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:02:48.0937 2868 wdmaud - ok
18:02:48.0968 2868 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:02:48.0984 2868 WebClient - ok
18:02:49.0078 2868 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:02:49.0093 2868 winmgmt - ok
18:02:49.0140 2868 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
18:02:49.0140 2868 WinUSB - ok
18:02:49.0390 2868 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:02:49.0390 2868 wlidsvc - ok
18:02:49.0546 2868 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
18:02:49.0546 2868 WmdmPmSN - ok
18:02:49.0640 2868 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:02:49.0640 2868 Wmi - ok
18:02:49.0734 2868 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:02:49.0734 2868 WmiApSrv - ok
18:02:49.0875 2868 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:02:49.0875 2868 WPFFontCache_v0400 - ok
18:02:49.0968 2868 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:02:49.0968 2868 WS2IFSL - ok
18:02:50.0015 2868 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:02:50.0015 2868 wscsvc - ok
18:02:50.0015 2868 WSearch - ok
18:02:50.0062 2868 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:02:50.0078 2868 WSTCODEC - ok
18:02:50.0265 2868 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:02:50.0281 2868 wuauserv - ok
18:02:50.0750 2868 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:02:50.0765 2868 WZCSVC - ok
18:02:50.0796 2868 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:02:50.0812 2868 xmlprov - ok
18:02:50.0859 2868 MBR (0x1B8) (b264e05dd2690db43eafb80ac5b7f869) \Device\Harddisk0\DR0
18:02:50.0890 2868 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
18:02:50.0890 2868 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
18:02:50.0921 2868 Boot (0x1200) (f14245a3bde7a7dd52ad5065ce23277d) \Device\Harddisk0\DR0\Partition0
18:02:50.0921 2868 \Device\Harddisk0\DR0\Partition0 - ok
18:02:50.0921 2868 ============================================================
18:02:50.0921 2868 Scan finished
18:02:50.0921 2868 ============================================================
18:02:50.0937 6104 Detected object count: 1
18:02:50.0937 6104 Actual detected object count: 1
18:03:02.0218 6104 \Device\Harddisk0\DR0\# - copied to quarantine
18:03:02.0218 6104 \Device\Harddisk0\DR0 - copied to quarantine
18:03:02.0218 6104 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot
18:03:02.0218 6104 \Device\Harddisk0\DR0 - ok
18:03:02.0218 6104 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
18:03:11.0468 3768 Deinitialize success

#10 cloud4571

cloud4571
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 19 July 2012 - 05:51 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-19 18:24:50
-----------------------------
18:24:50.187 OS Version: Windows 5.1.2600 Service Pack 3
18:24:50.187 Number of processors: 2 586 0x170A
18:24:50.187 ComputerName: REGTHREE UserName:
18:24:50.765 Initialize success
18:31:42.421 AVAST engine defs: 12071902
18:32:49.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:32:49.484 Disk 0 Vendor: ST380815AS 4.ADA Size: 76293MB BusType: 3
18:32:49.515 Disk 0 MBR read successfully
18:32:49.515 Disk 0 MBR scan
18:32:49.531 Disk 0 Windows VISTA default MBR code
18:32:49.531 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
18:32:49.546 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76230 MB offset 112455
18:32:49.562 Disk 0 scanning sectors +156232125
18:32:49.640 Disk 0 scanning C:\WINDOWS\system32\drivers
18:33:00.359 Service scanning
18:33:18.859 Modules scanning
18:33:23.468 Disk 0 trace - called modules:
18:33:23.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:33:23.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dceab8]
18:33:23.500 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89deed98]
18:33:23.875 AVAST engine scan C:\WINDOWS
18:33:26.625 AVAST engine scan C:\WINDOWS\system32
18:35:57.906 AVAST engine scan C:\WINDOWS\system32\drivers
18:36:13.109 AVAST engine scan C:\Documents and Settings\Valued Customer
18:38:35.343 AVAST engine scan C:\Documents and Settings\All Users
18:39:54.578 Scan finished successfully
18:47:31.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\MBR.dat"
18:47:31.312 The log file has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\bullbleep3.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 PM

Posted 19 July 2012 - 06:29 PM

Greetings

NOT to worry report will be allot shorter

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 cloud4571

cloud4571
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 19 July 2012 - 07:09 PM

ComboFix 12-07-19.02 - Valued Customer 07/19/2012 19:58:01.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1495 [GMT -4:00]
Running from: c:\documents and settings\Valued Customer\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Valued Customer\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-19 22:03 . 2012-07-19 22:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-18 01:03 . 2012-07-18 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-07-17 15:07 . 2012-07-17 15:07 388096 ----a-r- c:\documents and settings\Valued Customer\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-17 15:07 . 2012-07-17 15:07 -------- d-----w- c:\program files\Trend Micro
2012-07-16 15:23 . 2012-07-19 12:34 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-22 00:06 . 2012-06-22 00:06 -------- d-----w- c:\documents and settings\Valued Customer\Local Settings\Application Data\Sun
2012-06-21 00:26 . 2004-03-09 04:00 212240 --s-a-w- c:\windows\system32\richtx32.ocx
2012-06-21 00:26 . 2000-12-06 19:02 109248 --s-a-w- c:\windows\system32\mswinsck.ocx
2012-06-21 00:26 . 2000-05-22 22:58 115920 --s-a-w- c:\windows\system32\msinet.ocx
2012-06-21 00:26 . 2000-05-22 20:58 438976 --s-a-w- c:\windows\system32\mshflxgd.ocx
2012-06-21 00:26 . 2004-03-09 21:45 152848 ----a-w- c:\windows\system32\comdlg32.ocx
2012-06-21 00:26 . 2004-03-07 21:28 172032 --s-a-w- c:\windows\system32\AniGIF.ocx
2012-06-21 00:26 . 2003-09-23 05:00 608448 ----a-w- c:\windows\system32\comctl32.ocx
2012-06-21 00:26 . 2000-05-22 22:58 198848 --s-a-w- c:\windows\system32\mci32.ocx
2012-06-21 00:26 . 1998-06-24 05:00 232248 ----a-w- c:\windows\system32\MSDATLST.OCX
2012-06-21 00:26 . 1998-06-18 05:00 77824 ----a-w- c:\windows\system32\MSBIND.DLL
2012-06-21 00:26 . 2012-06-21 00:26 -------- d-----w- c:\program files\Atomic Entertainment
2012-06-21 00:26 . 2012-06-21 00:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-06-20 23:58 . 2012-06-20 23:58 -------- d-----w- c:\program files\Zidane_Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 18:28 . 2012-04-12 14:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 18:28 . 2011-06-17 15:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2010-04-21 21:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2008-04-13 23:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-13 23:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-13 23:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-13 23:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-06 23:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2008-04-25 21:27 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2008-04-25 21:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2008-04-25 21:27 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-06 23:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2008-04-25 21:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2008-04-25 21:27 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2008-04-13 23:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-06 23:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2008-04-25 21:27 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2008-04-25 21:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-06-16 00:43 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2010-06-16 00:43 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-06-16 00:43 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-13 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-13 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-13 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-13 23:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2008-04-13 23:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-04-25 21:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2012-05-14 2612696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-16 1044480]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
.
c:\documents and settings\Valued Customer\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0aswBoot.exe /M:1a49d138d31c11\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Valued Customer^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Valued Customer\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
c:\progra~1\ALWILS~1\Avast5\avastUI.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-19 01:33 136176 ----atw- c:\documents and settings\Valued Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-07-16 04:00 150040 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 17:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-07-16 04:00 141848 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 22:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-03-20 15:39 296056 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Valued Customer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\terraria\\TerrariaServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Documents and Settings\\Valued Customer\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/19/2011 9:21 PM 64512]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [9/3/2009 7:15 PM 24064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/7/2012 4:37 PM 612184]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/21/2010 5:19 PM 655944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [9/3/2009 7:15 PM 176640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/21/2010 5:19 PM 22344]
R3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [9/22/2009 7:43 PM 893696]
R3 SystemExplorerHelpService;System Explorer Service;c:\program files\System Explorer\service\SystemExplorerService.exe [5/17/2012 6:28 PM 535000]
S0 cerc6;cerc6; [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/22/2012 4:19 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2152152]
S2 mfservice;mfservice;c:\program files\Virtual-Protect\MyFolder2.5\mfservice.exe --> c:\program files\Virtual-Protect\MyFolder2.5\mfservice.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/12/2012 10:51 AM 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [1/8/2012 6:26 PM 30312]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [1/2/2011 4:54 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [1/2/2011 4:54 PM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/22/2012 4:19 PM 136176]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 mfkrnl2;mfkrnl2;\??\c:\program files\Virtual-Protect\MyFolder2.5\mfkrnl.sys --> c:\program files\Virtual-Protect\MyFolder2.5\mfkrnl.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [5/14/2012 11:10 AM 30576]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [1/9/2012 4:39 PM 19056]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [1/8/2012 6:26 PM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [1/8/2012 6:26 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [1/8/2012 6:26 PM 121576]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 01:24]
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 18:28]
.
2012-07-19 c:\windows\Tasks\BKCOPY.job
- C:\BKCOPY.BAT [2009-10-03 19:33]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-22 20:19]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-22 20:19]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4155168554-2516166103-2276380427-1005Core.job
- c:\documents and settings\Valued Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-19 01:33]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4155168554-2516166103-2276380427-1005UA.job
- c:\documents and settings\Valued Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-19 01:33]
.
2012-07-19 c:\windows\Tasks\MyDefrag v4.3.1 Daily.job
- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2012-05-29 16:03]
.
2012-07-01 c:\windows\Tasks\MyDefrag v4.3.1 Monthly.job
- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2012-05-29 16:03]
.
2012-07-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 20:02]
.
2012-07-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4155168554-2516166103-2276380427-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 20:02]
.
2012-07-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 20:02]
.
2012-07-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4155168554-2516166103-2276380427-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 20:02]
.
2012-07-19 c:\windows\Tasks\User_Feed_Synchronization-{81FFC46D-8919-4540-A22D-FAD2CE815EDA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 68.87.74.162 68.87.68.162
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://192.168.1.25:88/webrec.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-19 20:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,dd,17,de,d4,69,c3,46,b6,9a,48,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,dd,17,de,d4,69,c3,46,b6,9a,48,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2292)
c:\windows\system32\WININET.dll
c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-07-19 20:05:06
ComboFix-quarantined-files.txt 2012-07-20 00:05
ComboFix2.txt 2010-04-21 23:20
.
Pre-Run: 36,049,707,008 bytes free
Post-Run: 36,198,256,640 bytes free
.
- - End Of File - - 8709BBDA7A261A6A4EB4B6344402E977

i misssplet the script so had to fix that. and i use wordpad instead of notepad. needed to restart computer to get the script again. then did the steps again and it worked. i got this ^^^^^^^

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 PM

Posted 19 July 2012 - 08:15 PM

Hello

How are things running now?

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 cloud4571

cloud4571
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 19 July 2012 - 08:29 PM

7-Zip 9.22beta
Ad-Aware
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader 9.3.2
Android Commander version 0.7.9.9
AVG 2012
AviSynth 2.5
Bonjour
Broadcom Management Programs
CCleaner
Cheat Engine 5.6.1
Cheat Engine 6.1
Choice Guard
Combined Community Codec Pack 2011-11-11
Compatibility Pack for the 2007 Office system
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
Dell Backup and Recovery Manager
DivX Setup
Dropbox
EASEUS Partition Master 6.5.2 Home Edition
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.3.0119
GamersFirst LIVE!
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 20
Java™ 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
LiquorPOS Version 5.01.181
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
Microsoft Word 2010
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSVCRT
MSXML 6.0 Parser
MyFolder Setup 2.5.8.0
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
PeerBlock 1.0+ (r484)
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RPG MAKER VX Ace
RPG MAKER VX Ace RTP
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Segoe UI
Steam
System Explorer 3.8.8
Terraria
TetraMaster SP & MP 1.5
Triple Triad Extreme
Unlocker 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
USB Compound Device
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Winamp Detector Plug-in
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Presentation Foundation
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Zebra Setup Utilities
Zebra Status Monitor 4.6.39

i feel like its running better. i havent heard the ads all day since the first scan.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 PM

Posted 19 July 2012 - 09:17 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.3.2
Java™ 6 Update 20
Java™ 7 Update 4
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users