Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ukash


  • This topic is locked This topic is locked
14 replies to this topic

#1 BD1

BD1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 23 July 2012 - 09:19 AM

My computer is getting the Ukash locked screen. Unfortunately I tried to get rid of it with combofix in safe mode, as this worked on a previous occasion. However, it didn't work this time as it reappeared when I rebooted normally. I realise I may have made things worse. Sorry.

This is the DDS log.

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by David at 13:46:04 on 2012-07-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.2604 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip~1\wzwmcie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [WcnEapAuthProxy] c:\users\david\appdata\local\microsoft\windows\439\WcnEapAuthProxy.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\ubisof~1.lnk - c:\program files\ubisoft\eagle dynamics\lock on\register\schedule.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: ancestry.co.uk
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://de226.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxp://dashboardd.exam2score.com/ePenUKDashboard/Reserved.ReportViewerWebControl.axd?ReportSession=05by0j45qyjunjjwoazy5fma&ControlID=637f5a73326f4b8b9975723b09d9a753&Culture=2057&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CCA21D49-582E-4F37-9CE4-5B446D2A150C} - hxxp://downloads.exam2score.com/ePenClientSpec.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{805A2663-0EAD-404C-8CFB-4F228478ED7A} : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 171064]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-11-21 569344]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-23 12:03:25 -------- d-----w- c:\users\david\appdata\local\temp
2012-07-23 12:03:08 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-23 09:33:00 -------- d-----w- c:\users\david\appdata\roaming\hellomoto
2012-07-23 08:00:16 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cb1ac562-296d-4130-aa7e-22f681c1eccb}\mpengine.dll
2012-07-22 20:08:11 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-22 07:13:32 -------- d-----w- c:\users\david\appdata\local\{8FEAB66D-5609-49AF-94A4-8AC6167B0128}
2012-07-22 07:13:21 -------- d-----w- c:\users\david\appdata\local\{043427C9-157C-425F-B824-5A1F125383F3}
2012-07-21 11:46:33 -------- d-----w- c:\users\david\appdata\local\{1851A8FD-EE61-4B6A-A45F-1CA2BF39610C}
2012-07-21 11:46:19 -------- d-----w- c:\users\david\appdata\local\{1AF8A7C4-A0D3-4E4E-8E7B-BAB760DA481C}
2012-07-21 11:42:24 -------- d-----w- c:\windows\en
2012-07-21 11:37:51 89944 ----a-w- c:\program files\common files\windows live\.cache\42a0bb501cd673501\DSETUP.dll
2012-07-21 11:37:51 537432 ----a-w- c:\program files\common files\windows live\.cache\42a0bb501cd673501\DXSETUP.exe
2012-07-21 11:37:51 1801048 ----a-w- c:\program files\common files\windows live\.cache\42a0bb501cd673501\dsetup32.dll
2012-07-21 11:36:48 -------- d-----w- c:\users\david\appdata\local\{5F412E47-6C9B-49BD-9B23-A2059C894BE9}
2012-07-21 11:36:37 -------- d-----w- c:\users\david\appdata\local\{D4EB5A32-563B-415B-8558-F5E4DD71F669}
2012-07-12 02:04:33 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 05:13:42 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 05:13:41 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 05:13:41 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 05:13:40 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 05:13:40 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 05:13:40 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-08 09:14:48 -------- d-----w- c:\programdata\meopywyfzxdkqdo
2012-07-03 21:59:33 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d7af2f6b-38cd-4961-9d9e-caced5b9bf86}\gapaengine.dll
2012-06-29 18:30:19 -------- d-----w- c:\users\david\appdata\local\{623B4624-F82C-4ADF-8862-B92A9F2F97BC}
2012-06-29 18:30:09 -------- d-----w- c:\users\david\appdata\local\{F5050BB4-27F7-4DD2-A8D1-5FCEABC63E8F}
2012-06-29 18:30:00 -------- d-----w- c:\users\david\appdata\local\{11F47837-146D-4808-8399-BD36C1D8FA48}
2012-06-29 18:29:50 -------- d-----w- c:\users\david\appdata\local\{5F7645F2-A5B7-4F0F-8433-08E9B107D678}
2012-06-29 18:15:16 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-06-28 20:34:52 -------- d-----w- c:\users\david\appdata\local\{D3843CE6-A9B6-4FC4-8E64-97C795264162}
2012-06-28 20:34:43 -------- d-----w- c:\users\david\appdata\local\{14A1FE34-9DE1-48F9-99FC-6C27A09B72AD}
2012-06-28 20:34:33 -------- d-----w- c:\users\david\appdata\local\{FEB86126-BEC5-4812-A5B8-C5EEF4342F5D}
2012-06-28 20:34:24 -------- d-----w- c:\users\david\appdata\local\{1F7741D3-CEA4-4E15-BC02-EBC86AF02F31}
2012-06-28 20:34:14 -------- d-----w- c:\users\david\appdata\local\{D4CC8B67-C31E-4A2D-9F73-64DE3980CF23}
2012-06-28 20:34:05 -------- d-----w- c:\users\david\appdata\local\{7C60068D-029D-4D5E-9228-9A7D8E92287D}
2012-06-28 20:33:55 -------- d-----w- c:\users\david\appdata\local\{03425E44-88E2-4F73-8E19-55634331D9EF}
2012-06-28 20:33:45 -------- d-----w- c:\users\david\appdata\local\{0B72BFE6-1BEA-47BA-813D-51C38865AF39}
.
==================== Find3M ====================
.
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 13:48:13.16 ===============

Thank you for your attention.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 28 July 2012 - 09:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462066 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 BD1

BD1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 28 July 2012 - 12:08 PM

I still require help with this problem.

As requested, here is the new DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by David at 17:18:55 on 2012-07-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.2030 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\Explorer.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FirstClass\fcc32.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip~1\wzwmcie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [WcnEapAuthProxy] c:\users\david\appdata\local\microsoft\windows\439\WcnEapAuthProxy.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11f_ActiveX.exe -update activex
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\ubisof~1.lnk - c:\program files\ubisoft\eagle dynamics\lock on\register\schedule.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: ancestry.co.uk
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://de226.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxp://dashboardd.exam2score.com/ePenUKDashboard/Reserved.ReportViewerWebControl.axd?ReportSession=05by0j45qyjunjjwoazy5fma&ControlID=637f5a73326f4b8b9975723b09d9a753&Culture=2057&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CCA21D49-582E-4F37-9CE4-5B446D2A150C} - hxxp://downloads.exam2score.com/ePenClientSpec.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{805A2663-0EAD-404C-8CFB-4F228478ED7A} : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-11-21 569344]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 171064]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-23 12:03:25 -------- d-----w- c:\users\david\appdata\local\temp
2012-07-23 12:03:08 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-23 09:33:00 -------- d-----w- c:\users\david\appdata\roaming\hellomoto
2012-07-23 08:00:16 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cb1ac562-296d-4130-aa7e-22f681c1eccb}\mpengine.dll
2012-07-22 20:08:11 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-22 07:13:32 -------- d-----w- c:\users\david\appdata\local\{8FEAB66D-5609-49AF-94A4-8AC6167B0128}
2012-07-22 07:13:21 -------- d-----w- c:\users\david\appdata\local\{043427C9-157C-425F-B824-5A1F125383F3}
2012-07-21 11:46:33 -------- d-----w- c:\users\david\appdata\local\{1851A8FD-EE61-4B6A-A45F-1CA2BF39610C}
2012-07-21 11:46:19 -------- d-----w- c:\users\david\appdata\local\{1AF8A7C4-A0D3-4E4E-8E7B-BAB760DA481C}
2012-07-21 11:42:24 -------- d-----w- c:\windows\en
2012-07-21 11:37:51 89944 ----a-w- c:\program files\common files\windows live\.cache\42a0bb501cd673501\DSETUP.dll
2012-07-21 11:37:51 537432 ----a-w- c:\program files\common files\windows live\.cache\42a0bb501cd673501\DXSETUP.exe
2012-07-21 11:37:51 1801048 ----a-w- c:\program files\common files\windows live\.cache\42a0bb501cd673501\dsetup32.dll
2012-07-21 11:36:48 -------- d-----w- c:\users\david\appdata\local\{5F412E47-6C9B-49BD-9B23-A2059C894BE9}
2012-07-21 11:36:37 -------- d-----w- c:\users\david\appdata\local\{D4EB5A32-563B-415B-8558-F5E4DD71F669}
2012-07-12 02:04:33 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 05:13:42 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 05:13:41 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 05:13:41 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 05:13:40 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 05:13:40 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 05:13:40 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-08 09:14:48 -------- d-----w- c:\programdata\meopywyfzxdkqdo
2012-07-03 21:59:33 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d7af2f6b-38cd-4961-9d9e-caced5b9bf86}\gapaengine.dll
2012-06-29 18:30:19 -------- d-----w- c:\users\david\appdata\local\{623B4624-F82C-4ADF-8862-B92A9F2F97BC}
2012-06-29 18:30:09 -------- d-----w- c:\users\david\appdata\local\{F5050BB4-27F7-4DD2-A8D1-5FCEABC63E8F}
2012-06-29 18:30:00 -------- d-----w- c:\users\david\appdata\local\{11F47837-146D-4808-8399-BD36C1D8FA48}
2012-06-29 18:29:50 -------- d-----w- c:\users\david\appdata\local\{5F7645F2-A5B7-4F0F-8433-08E9B107D678}
2012-06-29 18:15:16 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-06-28 20:34:52 -------- d-----w- c:\users\david\appdata\local\{D3843CE6-A9B6-4FC4-8E64-97C795264162}
2012-06-28 20:34:43 -------- d-----w- c:\users\david\appdata\local\{14A1FE34-9DE1-48F9-99FC-6C27A09B72AD}
2012-06-28 20:34:33 -------- d-----w- c:\users\david\appdata\local\{FEB86126-BEC5-4812-A5B8-C5EEF4342F5D}
2012-06-28 20:34:24 -------- d-----w- c:\users\david\appdata\local\{1F7741D3-CEA4-4E15-BC02-EBC86AF02F31}
2012-06-28 20:34:14 -------- d-----w- c:\users\david\appdata\local\{D4CC8B67-C31E-4A2D-9F73-64DE3980CF23}
2012-06-28 20:34:05 -------- d-----w- c:\users\david\appdata\local\{7C60068D-029D-4D5E-9228-9A7D8E92287D}
2012-06-28 20:33:55 -------- d-----w- c:\users\david\appdata\local\{03425E44-88E2-4F73-8E19-55634331D9EF}
2012-06-28 20:33:45 -------- d-----w- c:\users\david\appdata\local\{0B72BFE6-1BEA-47BA-813D-51C38865AF39}
.
==================== Find3M ====================
.
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 17:25:24.32 ===============

I have attached the DDS and GMER logs as requested.

Finally, I don't know if I still have the original Windows disk. It may be somewhere, but I've no idea where.

Hope that all makes sense.

Attached Files


Edited by BD1, 28 July 2012 - 12:08 PM.


#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 29 July 2012 - 11:26 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, BD1

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

I'd like to take a look at Combofix log. C:\Combofix.txt

---------------------------------------------------------------------------------------------------

Hello,

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
Combofix log
aswMBR log
MBR.dat (attachment)
TDSS Killer log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 BD1

BD1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 29 July 2012 - 01:56 PM

Thank you for getting back to me.

I don't know how to get the Combofix log you asked for; sorry.

Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 19:39:41
-----------------------------
19:39:41.783 OS Version: Windows 6.0.6002 Service Pack 2
19:39:41.783 Number of processors: 4 586 0x170A
19:39:41.784 ComputerName: HOME-PC UserName: David
19:39:44.706 Initialize success
19:40:06.594 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000050
19:40:06.597 Disk 0 Vendor: WDC_WD64 05.0 Size: 610480MB BusType: 3
19:40:06.792 Disk 0 MBR read successfully
19:40:06.841 Disk 0 MBR scan
19:40:06.843 Disk 0 unknown MBR code
19:40:06.926 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 595080 MB offset 2048
19:40:06.929 Disk 0 Partition - 00 0F Extended LBA 15398 MB offset 1218725888
19:40:07.088 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 15397 MB offset 1218727936
19:40:07.214 Disk 0 scanning sectors +1250260992
19:40:07.861 Disk 0 scanning C:\Windows\system32\drivers
19:41:44.720 Service scanning
19:41:56.509 Modules scanning
19:43:33.480 Disk 0 trace - called modules:
19:43:33.590 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
19:43:33.591 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86780ac8]
19:43:33.591 3 CLASSPNP.SYS[837b48b3] -> nt!IofCallDriver -> [0x865b4700]
19:43:33.591 5 acpi.sys[8069a6bc] -> nt!IofCallDriver -> \Device\00000050[0x861b5590]
19:43:33.591 Scan finished successfully
19:44:29.751 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
19:44:29.757 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"


I have attached the MBR dat file.

Here is the TDSS log:

19:45:56.0927 2652 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:45:57.0393 2652 ============================================================
19:45:57.0393 2652 Current date / time: 2012/07/29 19:45:57.0393
19:45:57.0393 2652 SystemInfo:
19:45:57.0393 2652
19:45:57.0394 2652 OS Version: 6.0.6002 ServicePack: 2.0
19:45:57.0394 2652 Product type: Workstation
19:45:57.0394 2652 ComputerName: HOME-PC
19:45:57.0394 2652 UserName: David
19:45:57.0394 2652 Windows directory: C:\Windows
19:45:57.0394 2652 System windows directory: C:\Windows
19:45:57.0394 2652 Processor architecture: Intel x86
19:45:57.0394 2652 Number of processors: 4
19:45:57.0394 2652 Page size: 0x1000
19:45:57.0394 2652 Boot type: Safe boot with network
19:45:57.0394 2652 ============================================================
19:45:57.0689 2652 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:45:57.0741 2652 ============================================================
19:45:57.0741 2652 \Device\Harddisk0\DR0:
19:45:57.0742 2652 MBR partitions:
19:45:57.0742 2652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x48A44000
19:45:57.0761 2652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x48A45000, BlocksNum 0x1E12800
19:45:57.0761 2652 ============================================================
19:45:57.0802 2652 C: <-> \Device\Harddisk0\DR0\Partition0
19:45:57.0829 2652 D: <-> \Device\Harddisk0\DR0\Partition1
19:45:57.0829 2652 ============================================================
19:45:57.0829 2652 Initialize success
19:45:57.0829 2652 ============================================================
19:46:00.0059 0424 ============================================================
19:46:00.0059 0424 Scan started
19:46:00.0059 0424 Mode: Manual;
19:46:00.0059 0424 ============================================================
19:46:00.0531 0424 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:46:00.0532 0424 ACPI - ok
19:46:00.0676 0424 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:46:00.0677 0424 AdobeARMservice - ok
19:46:00.0712 0424 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:46:00.0716 0424 adp94xx - ok
19:46:00.0740 0424 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:46:00.0743 0424 adpahci - ok
19:46:00.0782 0424 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:46:00.0783 0424 adpu160m - ok
19:46:00.0807 0424 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:46:00.0809 0424 adpu320 - ok
19:46:00.0855 0424 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:46:00.0856 0424 AeLookupSvc - ok
19:46:00.0889 0424 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:46:00.0891 0424 AFD - ok
19:46:00.0937 0424 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:46:00.0938 0424 aic78xx - ok
19:46:00.0952 0424 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:46:00.0953 0424 ALG - ok
19:46:00.0983 0424 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:46:00.0983 0424 aliide - ok
19:46:00.0999 0424 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:46:01.0000 0424 amdagp - ok
19:46:01.0010 0424 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:46:01.0010 0424 amdide - ok
19:46:01.0022 0424 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:46:01.0022 0424 AmdK7 - ok
19:46:01.0044 0424 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:46:01.0045 0424 AmdK8 - ok
19:46:01.0061 0424 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:46:01.0062 0424 Appinfo - ok
19:46:01.0106 0424 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:46:01.0107 0424 arc - ok
19:46:01.0122 0424 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:46:01.0123 0424 arcsas - ok
19:46:01.0134 0424 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:46:01.0134 0424 AsyncMac - ok
19:46:01.0166 0424 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:46:01.0166 0424 atapi - ok
19:46:01.0205 0424 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:46:01.0218 0424 AudioEndpointBuilder - ok
19:46:01.0223 0424 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:46:01.0225 0424 Audiosrv - ok
19:46:01.0244 0424 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:46:01.0244 0424 Beep - ok
19:46:01.0288 0424 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:46:01.0301 0424 BFE - ok
19:46:01.0365 0424 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
19:46:01.0382 0424 BITS - ok
19:46:01.0404 0424 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:46:01.0404 0424 blbdrive - ok
19:46:01.0445 0424 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:46:01.0446 0424 bowser - ok
19:46:01.0473 0424 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:46:01.0473 0424 BrFiltLo - ok
19:46:01.0490 0424 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:46:01.0490 0424 BrFiltUp - ok
19:46:01.0514 0424 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:46:01.0516 0424 Browser - ok
19:46:01.0522 0424 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:46:01.0523 0424 Brserid - ok
19:46:01.0549 0424 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:46:01.0549 0424 BrSerWdm - ok
19:46:01.0565 0424 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:46:01.0566 0424 BrUsbMdm - ok
19:46:01.0584 0424 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:46:01.0584 0424 BrUsbSer - ok
19:46:01.0601 0424 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:46:01.0601 0424 BTHMODEM - ok
19:46:01.0626 0424 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:46:01.0626 0424 cdfs - ok
19:46:01.0658 0424 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:46:01.0659 0424 cdrom - ok
19:46:01.0677 0424 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:46:01.0679 0424 CertPropSvc - ok
19:46:01.0693 0424 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:46:01.0694 0424 circlass - ok
19:46:01.0735 0424 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:46:01.0737 0424 CLFS - ok
19:46:01.0772 0424 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:46:01.0774 0424 clr_optimization_v2.0.50727_32 - ok
19:46:01.0833 0424 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:46:01.0836 0424 clr_optimization_v4.0.30319_32 - ok
19:46:01.0853 0424 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:46:01.0854 0424 cmdide - ok
19:46:01.0876 0424 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
19:46:01.0876 0424 Compbatt - ok
19:46:01.0880 0424 COMSysApp - ok
19:46:01.0922 0424 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:46:01.0923 0424 crcdisk - ok
19:46:01.0946 0424 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:46:01.0947 0424 Crusoe - ok
19:46:01.0994 0424 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
19:46:01.0996 0424 CryptSvc - ok
19:46:02.0052 0424 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:46:02.0071 0424 DcomLaunch - ok
19:46:02.0124 0424 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:46:02.0124 0424 DfsC - ok
19:46:02.0249 0424 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:46:02.0310 0424 DFSR - ok
19:46:02.0399 0424 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:46:02.0404 0424 Dhcp - ok
19:46:02.0449 0424 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:46:02.0450 0424 disk - ok
19:46:02.0491 0424 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:46:02.0493 0424 Dnscache - ok
19:46:02.0516 0424 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:46:02.0523 0424 dot3svc - ok
19:46:02.0546 0424 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:46:02.0548 0424 DPS - ok
19:46:02.0572 0424 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:46:02.0572 0424 drmkaud - ok
19:46:02.0636 0424 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:46:02.0643 0424 DXGKrnl - ok
19:46:02.0671 0424 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:46:02.0672 0424 E1G60 - ok
19:46:02.0686 0424 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:46:02.0688 0424 EapHost - ok
19:46:02.0705 0424 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:46:02.0706 0424 Ecache - ok
19:46:02.0754 0424 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:46:02.0768 0424 ehRecvr - ok
19:46:02.0778 0424 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:46:02.0780 0424 ehSched - ok
19:46:02.0812 0424 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:46:02.0813 0424 ehstart - ok
19:46:02.0845 0424 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:46:02.0848 0424 elxstor - ok
19:46:02.0895 0424 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:46:02.0914 0424 EMDMgmt - ok
19:46:02.0939 0424 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:46:02.0940 0424 ErrDev - ok
19:46:03.0003 0424 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:46:03.0018 0424 EventSystem - ok
19:46:03.0045 0424 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:46:03.0046 0424 exfat - ok
19:46:03.0072 0424 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:46:03.0073 0424 fastfat - ok
19:46:03.0087 0424 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:46:03.0088 0424 fdc - ok
19:46:03.0092 0424 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:46:03.0094 0424 fdPHost - ok
19:46:03.0110 0424 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:46:03.0112 0424 FDResPub - ok
19:46:03.0119 0424 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:46:03.0120 0424 FileInfo - ok
19:46:03.0141 0424 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:46:03.0142 0424 Filetrace - ok
19:46:03.0160 0424 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:46:03.0161 0424 flpydisk - ok
19:46:03.0187 0424 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:46:03.0188 0424 FltMgr - ok
19:46:03.0273 0424 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:46:03.0289 0424 FontCache - ok
19:46:03.0336 0424 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:46:03.0337 0424 FontCache3.0.0.0 - ok
19:46:03.0358 0424 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:46:03.0358 0424 Fs_Rec - ok
19:46:03.0378 0424 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:46:03.0378 0424 gagp30kx - ok
19:46:03.0433 0424 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:46:03.0452 0424 gpsvc - ok
19:46:03.0514 0424 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
19:46:03.0516 0424 HdAudAddService - ok
19:46:03.0594 0424 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:46:03.0598 0424 HDAudBus - ok
19:46:03.0645 0424 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:46:03.0646 0424 HidBth - ok
19:46:03.0670 0424 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:46:03.0671 0424 HidIr - ok
19:46:03.0686 0424 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
19:46:03.0687 0424 hidserv - ok
19:46:03.0711 0424 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:46:03.0712 0424 HidUsb - ok
19:46:03.0725 0424 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:46:03.0727 0424 hkmsvc - ok
19:46:03.0768 0424 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:46:03.0769 0424 HpCISSs - ok
19:46:03.0817 0424 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:46:03.0821 0424 HTTP - ok
19:46:03.0846 0424 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:46:03.0846 0424 i2omp - ok
19:46:03.0869 0424 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:46:03.0869 0424 i8042prt - ok
19:46:03.0892 0424 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:46:03.0894 0424 iaStorV - ok
19:46:03.0957 0424 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:46:03.0970 0424 idsvc - ok
19:46:03.0991 0424 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:46:03.0991 0424 iirsp - ok
19:46:04.0033 0424 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:46:04.0044 0424 IKEEXT - ok
19:46:04.0183 0424 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\Windows\system32\drivers\RTKVHDA.sys
19:46:04.0218 0424 IntcAzAudAddService - ok
19:46:04.0304 0424 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:46:04.0304 0424 intelide - ok
19:46:04.0319 0424 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:46:04.0320 0424 intelppm - ok
19:46:04.0349 0424 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:46:04.0352 0424 IPBusEnum - ok
19:46:04.0372 0424 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:46:04.0373 0424 IpFilterDriver - ok
19:46:04.0394 0424 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:46:04.0397 0424 iphlpsvc - ok
19:46:04.0402 0424 IpInIp - ok
19:46:04.0420 0424 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:46:04.0421 0424 IPMIDRV - ok
19:46:04.0439 0424 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:46:04.0440 0424 IPNAT - ok
19:46:04.0465 0424 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:46:04.0466 0424 IRENUM - ok
19:46:04.0485 0424 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:46:04.0485 0424 isapnp - ok
19:46:04.0523 0424 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:46:04.0524 0424 iScsiPrt - ok
19:46:04.0544 0424 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:46:04.0544 0424 iteatapi - ok
19:46:04.0555 0424 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:46:04.0556 0424 iteraid - ok
19:46:04.0577 0424 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:46:04.0577 0424 kbdclass - ok
19:46:04.0596 0424 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:46:04.0597 0424 kbdhid - ok
19:46:04.0613 0424 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:46:04.0615 0424 KeyIso - ok
19:46:04.0669 0424 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
19:46:04.0672 0424 KSecDD - ok
19:46:04.0720 0424 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:46:04.0733 0424 KtmRm - ok
19:46:04.0777 0424 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
19:46:04.0780 0424 LanmanServer - ok
19:46:04.0804 0424 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:46:04.0811 0424 LanmanWorkstation - ok
19:46:04.0834 0424 lcygsvdd - ok
19:46:04.0868 0424 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:46:04.0868 0424 lltdio - ok
19:46:04.0897 0424 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:46:04.0903 0424 lltdsvc - ok
19:46:04.0917 0424 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:46:04.0918 0424 lmhosts - ok
19:46:04.0938 0424 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:46:04.0938 0424 LSI_FC - ok
19:46:04.0957 0424 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:46:04.0958 0424 LSI_SAS - ok
19:46:04.0974 0424 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:46:04.0975 0424 LSI_SCSI - ok
19:46:04.0995 0424 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:46:04.0996 0424 luafv - ok
19:46:05.0010 0424 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:46:05.0012 0424 Mcx2Svc - ok
19:46:05.0025 0424 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:46:05.0026 0424 megasas - ok
19:46:05.0058 0424 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:46:05.0062 0424 MegaSR - ok
19:46:05.0084 0424 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:46:05.0085 0424 MMCSS - ok
19:46:05.0106 0424 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:46:05.0107 0424 Modem - ok
19:46:05.0130 0424 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:46:05.0130 0424 monitor - ok
19:46:05.0148 0424 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:46:05.0148 0424 mouclass - ok
19:46:05.0156 0424 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:46:05.0157 0424 mouhid - ok
19:46:05.0164 0424 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:46:05.0164 0424 MountMgr - ok
19:46:05.0201 0424 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
19:46:05.0204 0424 MpFilter - ok
19:46:05.0225 0424 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:46:05.0226 0424 mpio - ok
19:46:05.0247 0424 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:46:05.0248 0424 mpsdrv - ok
19:46:05.0294 0424 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:46:05.0305 0424 MpsSvc - ok
19:46:05.0322 0424 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:46:05.0322 0424 Mraid35x - ok
19:46:05.0359 0424 MREMP50 - ok
19:46:05.0365 0424 MREMPR5 - ok
19:46:05.0370 0424 MRENDIS5 - ok
19:46:05.0392 0424 MRESP50 - ok
19:46:05.0418 0424 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:46:05.0419 0424 MRxDAV - ok
19:46:05.0474 0424 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:46:05.0474 0424 mrxsmb - ok
19:46:05.0527 0424 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:46:05.0528 0424 mrxsmb10 - ok
19:46:05.0559 0424 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:46:05.0560 0424 mrxsmb20 - ok
19:46:05.0587 0424 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
19:46:05.0587 0424 msahci - ok
19:46:05.0602 0424 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:46:05.0603 0424 msdsm - ok
19:46:05.0625 0424 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:46:05.0627 0424 MSDTC - ok
19:46:05.0649 0424 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:46:05.0650 0424 Msfs - ok
19:46:05.0658 0424 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:46:05.0658 0424 msisadrv - ok
19:46:05.0677 0424 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:46:05.0679 0424 MSiSCSI - ok
19:46:05.0684 0424 msiserver - ok
19:46:05.0704 0424 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:46:05.0705 0424 MSKSSRV - ok
19:46:05.0785 0424 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:46:05.0786 0424 MsMpSvc - ok
19:46:05.0801 0424 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:46:05.0801 0424 MSPCLOCK - ok
19:46:05.0819 0424 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:46:05.0819 0424 MSPQM - ok
19:46:05.0842 0424 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:46:05.0843 0424 MsRPC - ok
19:46:05.0859 0424 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:46:05.0860 0424 mssmbios - ok
19:46:05.0874 0424 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:46:05.0874 0424 MSTEE - ok
19:46:05.0886 0424 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:46:05.0887 0424 Mup - ok
19:46:05.0925 0424 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:46:05.0939 0424 napagent - ok
19:46:05.0958 0424 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:46:05.0959 0424 NativeWifiP - ok
19:46:05.0991 0424 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:46:05.0994 0424 NDIS - ok
19:46:06.0001 0424 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:46:06.0002 0424 NdisTapi - ok
19:46:06.0023 0424 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:46:06.0023 0424 Ndisuio - ok
19:46:06.0036 0424 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:46:06.0037 0424 NdisWan - ok
19:46:06.0051 0424 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:46:06.0052 0424 NDProxy - ok
19:46:06.0070 0424 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:46:06.0071 0424 NetBIOS - ok
19:46:06.0103 0424 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:46:06.0104 0424 netbt - ok
19:46:06.0137 0424 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:46:06.0138 0424 Netlogon - ok
19:46:06.0176 0424 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:46:06.0191 0424 Netman - ok
19:46:06.0210 0424 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:46:06.0225 0424 netprofm - ok
19:46:06.0266 0424 netr28u (df938648626332e830a9bd153110aa75) C:\Windows\system32\DRIVERS\netr28u.sys
19:46:06.0270 0424 netr28u - ok
19:46:06.0327 0424 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:46:06.0329 0424 NetTcpPortSharing - ok
19:46:06.0342 0424 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:46:06.0343 0424 nfrd960 - ok
19:46:06.0370 0424 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:46:06.0371 0424 NisDrv - ok
19:46:06.0473 0424 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
19:46:06.0478 0424 NisSrv - ok
19:46:06.0516 0424 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:46:06.0522 0424 NlaSvc - ok
19:46:06.0532 0424 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:46:06.0533 0424 Npfs - ok
19:46:06.0550 0424 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:46:06.0552 0424 nsi - ok
19:46:06.0564 0424 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:46:06.0564 0424 nsiproxy - ok
19:46:06.0628 0424 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:46:06.0635 0424 Ntfs - ok
19:46:06.0651 0424 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:46:06.0652 0424 ntrigdigi - ok
19:46:06.0666 0424 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:46:06.0666 0424 Null - ok
19:46:06.0741 0424 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
19:46:06.0748 0424 NVENETFD - ok
19:46:06.0768 0424 NVHDA (a82534d453425f5fee4b6a583fdcf3eb) C:\Windows\system32\drivers\nvhda32v.sys
19:46:06.0769 0424 NVHDA - ok
19:46:07.0301 0424 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:46:07.0454 0424 nvlddmkm - ok
19:46:07.0549 0424 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:46:07.0550 0424 nvraid - ok
19:46:07.0580 0424 nvsmu (af1bd777af00e96c45c77192d7453369) C:\Windows\system32\DRIVERS\nvsmu.sys
19:46:07.0581 0424 nvsmu - ok
19:46:07.0601 0424 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:46:07.0602 0424 nvstor - ok
19:46:07.0620 0424 nvstor32 (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys
19:46:07.0621 0424 nvstor32 - ok
19:46:07.0646 0424 nvsvc (c1303870d5f9ead4beb68559aab7a87b) C:\Windows\system32\nvvsvc.exe
19:46:07.0649 0424 nvsvc - ok
19:46:07.0654 0424 NwlnkFlt - ok
19:46:07.0660 0424 NwlnkFwd - ok
19:46:07.0755 0424 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:46:07.0766 0424 odserv - ok
19:46:07.0792 0424 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:46:07.0792 0424 ohci1394 - ok
19:46:07.0812 0424 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:46:07.0815 0424 ose - ok
19:46:07.0864 0424 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:46:07.0881 0424 p2pimsvc - ok
19:46:07.0890 0424 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:46:07.0894 0424 p2psvc - ok
19:46:07.0920 0424 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:46:07.0920 0424 Parport - ok
19:46:07.0959 0424 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:46:07.0960 0424 partmgr - ok
19:46:07.0973 0424 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:46:07.0973 0424 Parvdm - ok
19:46:08.0002 0424 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:46:08.0004 0424 PcaSvc - ok
19:46:08.0027 0424 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:46:08.0028 0424 pci - ok
19:46:08.0045 0424 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:46:08.0046 0424 pciide - ok
19:46:08.0066 0424 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:46:08.0067 0424 pcmcia - ok
19:46:08.0129 0424 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:46:08.0138 0424 PEAUTH - ok
19:46:08.0231 0424 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:46:08.0262 0424 pla - ok
19:46:08.0353 0424 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:46:08.0369 0424 PlugPlay - ok
19:46:08.0420 0424 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:46:08.0425 0424 PNRPAutoReg - ok
19:46:08.0433 0424 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:46:08.0438 0424 PNRPsvc - ok
19:46:08.0477 0424 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:46:08.0489 0424 PolicyAgent - ok
19:46:08.0558 0424 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:46:08.0559 0424 PptpMiniport - ok
19:46:08.0587 0424 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:46:08.0587 0424 Processor - ok
19:46:08.0619 0424 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:46:08.0622 0424 ProfSvc - ok
19:46:08.0647 0424 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:46:08.0648 0424 ProtectedStorage - ok
19:46:08.0669 0424 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:46:08.0670 0424 PSched - ok
19:46:08.0722 0424 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
19:46:08.0723 0424 PSI_SVC_2 - ok
19:46:08.0761 0424 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
19:46:08.0762 0424 PxHelp20 - ok
19:46:08.0839 0424 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:46:08.0852 0424 ql2300 - ok
19:46:08.0876 0424 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:46:08.0877 0424 ql40xx - ok
19:46:08.0911 0424 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:46:08.0926 0424 QWAVE - ok
19:46:08.0936 0424 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:46:08.0937 0424 QWAVEdrv - ok
19:46:08.0946 0424 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:46:08.0947 0424 RasAcd - ok
19:46:08.0960 0424 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:46:08.0963 0424 RasAuto - ok
19:46:08.0977 0424 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:46:08.0978 0424 Rasl2tp - ok
19:46:09.0005 0424 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:46:09.0020 0424 RasMan - ok
19:46:09.0030 0424 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:46:09.0031 0424 RasPppoe - ok
19:46:09.0037 0424 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:46:09.0038 0424 RasSstp - ok
19:46:09.0066 0424 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:46:09.0068 0424 rdbss - ok
19:46:09.0089 0424 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:46:09.0090 0424 RDPCDD - ok
19:46:09.0122 0424 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:46:09.0124 0424 rdpdr - ok
19:46:09.0133 0424 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:46:09.0133 0424 RDPENCDD - ok
19:46:09.0179 0424 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
19:46:09.0180 0424 RDPWD - ok
19:46:09.0212 0424 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:46:09.0214 0424 RemoteAccess - ok
19:46:09.0237 0424 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:46:09.0240 0424 RemoteRegistry - ok
19:46:09.0258 0424 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:46:09.0260 0424 RpcLocator - ok
19:46:09.0296 0424 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:46:09.0301 0424 RpcSs - ok
19:46:09.0315 0424 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:46:09.0316 0424 rspndr - ok
19:46:09.0335 0424 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:46:09.0337 0424 SamSs - ok
19:46:09.0357 0424 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:46:09.0357 0424 sbp2port - ok
19:46:09.0376 0424 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:46:09.0378 0424 SCardSvr - ok
19:46:09.0438 0424 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:46:09.0456 0424 Schedule - ok
19:46:09.0499 0424 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:46:09.0499 0424 SCPolicySvc - ok
19:46:09.0528 0424 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:46:09.0531 0424 SDRSVC - ok
19:46:09.0592 0424 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:46:09.0607 0424 SeaPort - ok
19:46:09.0620 0424 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:46:09.0620 0424 secdrv - ok
19:46:09.0643 0424 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:46:09.0645 0424 seclogon - ok
19:46:09.0654 0424 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
19:46:09.0657 0424 SENS - ok
19:46:09.0680 0424 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
19:46:09.0680 0424 Serenum - ok
19:46:09.0703 0424 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
19:46:09.0704 0424 Serial - ok
19:46:09.0724 0424 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:46:09.0725 0424 sermouse - ok
19:46:09.0754 0424 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:46:09.0757 0424 SessionEnv - ok
19:46:09.0776 0424 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:46:09.0776 0424 sffdisk - ok
19:46:09.0792 0424 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:46:09.0793 0424 sffp_mmc - ok
19:46:09.0810 0424 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:46:09.0810 0424 sffp_sd - ok
19:46:09.0823 0424 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:46:09.0823 0424 sfloppy - ok
19:46:09.0858 0424 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:46:09.0872 0424 SharedAccess - ok
19:46:09.0921 0424 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:46:09.0937 0424 ShellHWDetection - ok
19:46:09.0956 0424 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:46:09.0957 0424 sisagp - ok
19:46:09.0965 0424 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:46:09.0965 0424 SiSRaid2 - ok
19:46:09.0976 0424 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:46:09.0977 0424 SiSRaid4 - ok
19:46:10.0158 0424 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:46:10.0222 0424 slsvc - ok
19:46:10.0307 0424 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:46:10.0310 0424 SLUINotify - ok
19:46:10.0335 0424 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:46:10.0336 0424 Smb - ok
19:46:10.0373 0424 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:46:10.0375 0424 SNMPTRAP - ok
19:46:10.0383 0424 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:46:10.0384 0424 spldr - ok
19:46:10.0419 0424 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:46:10.0422 0424 Spooler - ok
19:46:10.0467 0424 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:46:10.0470 0424 srv - ok
19:46:10.0500 0424 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:46:10.0501 0424 srv2 - ok
19:46:10.0556 0424 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:46:10.0557 0424 srvnet - ok
19:46:10.0575 0424 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:46:10.0582 0424 SSDPSRV - ok
19:46:10.0600 0424 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:46:10.0603 0424 SstpSvc - ok
19:46:10.0648 0424 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:46:10.0659 0424 stisvc - ok
19:46:10.0675 0424 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:46:10.0676 0424 swenum - ok
19:46:10.0709 0424 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:46:10.0723 0424 swprv - ok
19:46:10.0740 0424 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:46:10.0741 0424 Symc8xx - ok
19:46:10.0760 0424 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:46:10.0761 0424 Sym_hi - ok
19:46:10.0775 0424 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:46:10.0775 0424 Sym_u3 - ok
19:46:10.0811 0424 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:46:10.0830 0424 SysMain - ok
19:46:10.0846 0424 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:46:10.0848 0424 TabletInputService - ok
19:46:10.0878 0424 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:46:10.0894 0424 TapiSrv - ok
19:46:10.0905 0424 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:46:10.0907 0424 TBS - ok
19:46:10.0991 0424 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
19:46:10.0997 0424 Tcpip - ok
19:46:11.0009 0424 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
19:46:11.0014 0424 Tcpip6 - ok
19:46:11.0046 0424 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
19:46:11.0047 0424 tcpipreg - ok
19:46:11.0060 0424 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:46:11.0060 0424 TDPIPE - ok
19:46:11.0083 0424 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:46:11.0083 0424 TDTCP - ok
19:46:11.0112 0424 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:46:11.0112 0424 tdx - ok
19:46:11.0134 0424 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:46:11.0135 0424 TermDD - ok
19:46:11.0182 0424 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:46:11.0186 0424 TermService - ok
19:46:11.0232 0424 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:46:11.0235 0424 Themes - ok
19:46:11.0261 0424 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:46:11.0263 0424 THREADORDER - ok
19:46:11.0279 0424 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:46:11.0282 0424 TrkWks - ok
19:46:11.0313 0424 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:46:11.0314 0424 TrustedInstaller - ok
19:46:11.0331 0424 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:46:11.0332 0424 tssecsrv - ok
19:46:11.0347 0424 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:46:11.0347 0424 tunmp - ok
19:46:11.0365 0424 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:46:11.0366 0424 tunnel - ok
19:46:11.0396 0424 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:46:11.0398 0424 udfs - ok
19:46:11.0428 0424 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:46:11.0431 0424 UI0Detect - ok
19:46:11.0455 0424 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:46:11.0456 0424 uliagpkx - ok
19:46:11.0481 0424 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:46:11.0483 0424 uliahci - ok
19:46:11.0519 0424 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:46:11.0520 0424 UlSata - ok
19:46:11.0539 0424 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:46:11.0540 0424 ulsata2 - ok
19:46:11.0560 0424 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:46:11.0560 0424 umbus - ok
19:46:11.0584 0424 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:46:11.0598 0424 upnphost - ok
19:46:11.0635 0424 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:46:11.0635 0424 usbccgp - ok
19:46:11.0653 0424 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:46:11.0654 0424 usbcir - ok
19:46:11.0682 0424 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:46:11.0683 0424 usbehci - ok
19:46:11.0703 0424 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:46:11.0704 0424 usbhub - ok
19:46:11.0709 0424 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
19:46:11.0710 0424 usbohci - ok
19:46:11.0733 0424 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:46:11.0733 0424 usbprint - ok
19:46:11.0749 0424 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:46:11.0750 0424 USBSTOR - ok
19:46:11.0769 0424 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:46:11.0769 0424 usbuhci - ok
19:46:11.0774 0424 uugtflk - ok
19:46:11.0799 0424 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:46:11.0802 0424 UxSms - ok
19:46:11.0835 0424 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:46:11.0847 0424 vds - ok
19:46:11.0880 0424 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:46:11.0881 0424 vga - ok
19:46:11.0886 0424 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:46:11.0887 0424 VgaSave - ok
19:46:11.0902 0424 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:46:11.0903 0424 viaagp - ok
19:46:11.0915 0424 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:46:11.0915 0424 ViaC7 - ok
19:46:11.0931 0424 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:46:11.0932 0424 viaide - ok
19:46:11.0941 0424 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:46:11.0942 0424 volmgr - ok
19:46:11.0971 0424 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:46:11.0973 0424 volmgrx - ok
19:46:11.0985 0424 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:46:11.0987 0424 volsnap - ok
19:46:12.0018 0424 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:46:12.0019 0424 vsmraid - ok
19:46:12.0093 0424 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:46:12.0111 0424 VSS - ok
19:46:12.0147 0424 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:46:12.0161 0424 W32Time - ok
19:46:12.0196 0424 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:46:12.0197 0424 WacomPen - ok
19:46:12.0215 0424 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:46:12.0215 0424 Wanarp - ok
19:46:12.0219 0424 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:46:12.0220 0424 Wanarpv6 - ok
19:46:12.0249 0424 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:46:12.0261 0424 wcncsvc - ok
19:46:12.0274 0424 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:46:12.0277 0424 WcsPlugInService - ok
19:46:12.0292 0424 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:46:12.0293 0424 Wd - ok
19:46:12.0328 0424 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:46:12.0332 0424 Wdf01000 - ok
19:46:12.0351 0424 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:46:12.0353 0424 WdiServiceHost - ok
19:46:12.0357 0424 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:46:12.0360 0424 WdiSystemHost - ok
19:46:12.0399 0424 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:46:12.0416 0424 WebClient - ok
19:46:12.0462 0424 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:46:12.0468 0424 Wecsvc - ok
19:46:12.0503 0424 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:46:12.0506 0424 wercplsupport - ok
19:46:12.0537 0424 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:46:12.0541 0424 WerSvc - ok
19:46:12.0584 0424 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:46:12.0598 0424 WinDefend - ok
19:46:12.0605 0424 WinHttpAutoProxySvc - ok
19:46:12.0657 0424 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:46:12.0659 0424 Winmgmt - ok
19:46:12.0760 0424 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:46:12.0789 0424 WinRM - ok
19:46:12.0841 0424 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:46:12.0861 0424 Wlansvc - ok
19:46:12.0989 0424 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:46:13.0015 0424 wlidsvc - ok
19:46:13.0112 0424 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:46:13.0113 0424 WmiAcpi - ok
19:46:13.0170 0424 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:46:13.0172 0424 wmiApSrv - ok
19:46:13.0244 0424 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:46:13.0257 0424 WMPNetworkSvc - ok
19:46:13.0274 0424 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:46:13.0278 0424 WPCSvc - ok
19:46:13.0304 0424 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:46:13.0307 0424 WPDBusEnum - ok
19:46:13.0420 0424 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:46:13.0437 0424 WPFFontCache_v0400 - ok
19:46:13.0502 0424 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:46:13.0502 0424 ws2ifsl - ok
19:46:13.0523 0424 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
19:46:13.0525 0424 wscsvc - ok
19:46:13.0529 0424 WSearch - ok
19:46:13.0678 0424 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
19:46:13.0731 0424 wuauserv - ok
19:46:13.0825 0424 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:46:13.0826 0424 WUDFRd - ok
19:46:13.0861 0424 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:46:13.0864 0424 wudfsvc - ok
19:46:13.0889 0424 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
19:46:14.0056 0424 \Device\Harddisk0\DR0 - ok
19:46:14.0059 0424 Boot (0x1200) (b761342c6f1284070e8370f90f9f0830) \Device\Harddisk0\DR0\Partition0
19:46:14.0061 0424 \Device\Harddisk0\DR0\Partition0 - ok
19:46:14.0107 0424 Boot (0x1200) (a55020df986d246020d18b9faf95a326) \Device\Harddisk0\DR0\Partition1
19:46:14.0108 0424 \Device\Harddisk0\DR0\Partition1 - ok
19:46:14.0108 0424 ============================================================
19:46:14.0108 0424 Scan finished
19:46:14.0108 0424 ============================================================
19:46:14.0130 1828 Detected object count: 0
19:46:14.0130 1828 Actual detected object count: 0


Please let me know how to obtain the Combofix log and I will sort that out.

Thank you.

Attached Files

  • Attached File  MBR.zip   500bytes   0 downloads


#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 29 July 2012 - 10:19 PM

It's in C:\Combofix.txt
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 BD1

BD1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 30 July 2012 - 02:44 AM

I'm sorry but I've searched the C drive (and everywhere else) and I still can't find this log. I used combofix from a memory stick and think I deleted it afterwards. Sorry not to be more helpful.

#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 30 July 2012 - 03:29 AM

It's ok. Let's run it again.

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 BD1

BD1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 30 July 2012 - 05:48 AM

Thank you: I thought I might have to run Combofix again, but I prefer to wait and follow your instructions. Here is the log:


ComboFix 12-07-30.01 - David 30/07/2012 11:39:05.3.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.2223 [GMT 1:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 10:44 . 2012-07-30 10:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-23 09:33 . 2012-07-23 09:33 -------- d-----w- c:\users\David\AppData\Roaming\hellomoto
2012-07-23 08:00 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-21 11:42 . 2012-07-21 11:42 -------- d-----w- c:\windows\en
2012-07-21 11:37 . 2012-07-21 11:37 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\42a0bb501cd673501\DSETUP.dll
2012-07-21 11:37 . 2012-07-21 11:37 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\42a0bb501cd673501\DXSETUP.exe
2012-07-21 11:37 . 2012-07-21 11:37 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\42a0bb501cd673501\dsetup32.dll
2012-07-12 02:04 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 05:13 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 05:13 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 05:13 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 05:13 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 05:13 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 05:13 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-08 09:14 . 2012-07-08 09:14 -------- d-----w- c:\programdata\meopywyfzxdkqdo
2012-07-03 21:59 . 2012-02-10 09:12 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7AF2F6B-38CD-4961-9D9E-CACED5B9BF86}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 19:09 . 2012-06-29 18:15 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-06-02 22:19 . 2012-06-21 06:31 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:31 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:30 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:30 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 06:31 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 06:31 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 06:30 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 06:30 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-21 06:30 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 14:03 . 2012-06-14 06:38 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-11-07 67456]
"WcnEapAuthProxy"="c:\users\David\AppData\Local\Microsoft\Windows\439\WcnEapAuthProxy.exe" [2012-07-23 49152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-01-22 149280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ubisoft register.lnk - c:\program files\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-4-15 610120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\FileCure Default.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2012-07-30 c:\windows\Tasks\FileCure Startup.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2349686714-3683228733-4219953717-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25 14:51]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2349686714-3683228733-4219953717-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25 14:51]
.
2012-07-22 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-01-28 21:19]
.
2012-07-19 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-01-28 21:19]
.
2012-07-30 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-15 08:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4
Trusted Zone: ancestry.co.uk
TCP: DhcpNameServer = 192.168.0.1
DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxp://dashboardd.exam2score.com/ePenUKDashboard/Reserved.ReportViewerWebControl.axd?ReportSession=05by0j45qyjunjjwoazy5fma&ControlID=637f5a73326f4b8b9975723b09d9a753&Culture=2057&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {CCA21D49-582E-4F37-9CE4-5B446D2A150C} - hxxp://downloads.exam2score.com/ePenClientSpec.ocx
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-30 11:44
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-07-30 11:45:47
ComboFix-quarantined-files.txt 2012-07-30 10:45
.
Pre-Run: 332,827,574,272 bytes free
Post-Run: 332,833,525,760 bytes free
.
- - End Of File - - 9CFF1504205433926446CCC4C1D39E5F

#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 30 July 2012 - 07:22 AM

Hello,

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

File::
c:\users\David\AppData\Local\Microsoft\Windows\439\WcnEapAuthProxy.exe

DirLook::
c:\users\David\AppData\Local\Microsoft\Windows\439
c:\programdata\meopywyfzxdkqdo

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WcnEapAuthProxy"=-


In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Posted Image
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 BD1

BD1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 30 July 2012 - 08:12 AM

Thank you. Here is the most recent ComboFix log:

ComboFix 12-07-30.01 - David 30/07/2012 13:32:44.3.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.2184 [GMT 1:00]
Running from: c:\users\David\Desktop\ComboFix.exe
Command switches used :: c:\users\David\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\David\AppData\Local\Microsoft\Windows\439\WcnEapAuthProxy.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David\AppData\Local\Microsoft\Windows\439\WcnEapAuthProxy.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 12:36 . 2012-07-30 12:36 -------- d-----w- c:\users\David\AppData\Local\temp
2012-07-30 12:36 . 2012-07-30 12:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-30 12:36 . 2012-07-30 12:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-30 08:06 . 2012-07-30 08:06 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BA6CB8E-FA8C-4062-ACBF-6F5933885DFF}\offreg.dll
2012-07-29 09:07 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BA6CB8E-FA8C-4062-ACBF-6F5933885DFF}\mpengine.dll
2012-07-23 09:33 . 2012-07-23 09:33 -------- d-----w- c:\users\David\AppData\Roaming\hellomoto
2012-07-23 08:00 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-21 11:42 . 2012-07-21 11:42 -------- d-----w- c:\windows\en
2012-07-21 11:37 . 2012-07-21 11:37 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\42a0bb501cd673501\DSETUP.dll
2012-07-21 11:37 . 2012-07-21 11:37 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\42a0bb501cd673501\DXSETUP.exe
2012-07-21 11:37 . 2012-07-21 11:37 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\42a0bb501cd673501\dsetup32.dll
2012-07-12 02:04 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 05:13 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 05:13 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 05:13 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 05:13 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 05:13 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 05:13 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-08 09:14 . 2012-07-08 09:14 -------- d-----w- c:\programdata\meopywyfzxdkqdo
2012-07-03 21:59 . 2012-02-10 09:12 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7AF2F6B-38CD-4961-9D9E-CACED5B9BF86}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 19:09 . 2012-06-29 18:15 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-06-02 22:19 . 2012-06-21 06:31 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:31 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:30 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:30 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 06:31 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 06:31 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 06:30 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 06:30 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-21 06:30 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 14:03 . 2012-06-14 06:38 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\meopywyfzxdkqdo ----
.
2012-07-08 09:14 . 2012-07-08 09:14 5106 ----a-w- c:\programdata\meopywyfzxdkqdo\uk-image.png
2012-07-08 09:14 . 2012-07-08 09:14 2670 ----a-w- c:\programdata\meopywyfzxdkqdo\uk-flag.png
2012-07-08 09:14 . 2012-07-08 09:14 1166 ----a-w- c:\programdata\meopywyfzxdkqdo\tabs.png
2012-07-08 09:14 . 2012-07-08 09:14 11343 ----a-w- c:\programdata\meopywyfzxdkqdo\style.css
2012-07-08 09:14 . 2012-07-08 09:14 6446 ----a-w- c:\programdata\meopywyfzxdkqdo\steps-en.png
2012-07-08 09:14 . 2012-07-08 09:14 2520 ----a-w- c:\programdata\meopywyfzxdkqdo\pay23.png
2012-07-08 09:14 . 2012-07-08 09:14 2470 ----a-w- c:\programdata\meopywyfzxdkqdo\pay21.png
2012-07-08 09:14 . 2012-07-08 09:14 2348 ----a-w- c:\programdata\meopywyfzxdkqdo\pay20.png
2012-07-08 09:14 . 2012-07-08 09:14 3344 ----a-w- c:\programdata\meopywyfzxdkqdo\McAfee.png
2012-07-08 09:14 . 2012-07-08 09:14 106325 ----a-w- c:\programdata\meopywyfzxdkqdo\main.html
2012-07-08 09:14 . 2012-07-08 09:14 1077 ----a-w- c:\programdata\meopywyfzxdkqdo\jquery.main.js
2012-07-08 09:14 . 2012-07-08 09:14 63 ----a-w- c:\programdata\meopywyfzxdkqdo\ie6-7.css
2012-07-08 09:14 . 2012-07-08 09:14 1053 ----a-w- c:\programdata\meopywyfzxdkqdo\corners4.png
2012-07-08 09:14 . 2012-07-08 09:14 1050 ----a-w- c:\programdata\meopywyfzxdkqdo\corners3.png
2012-07-08 09:14 . 2012-07-08 09:14 1070 ----a-w- c:\programdata\meopywyfzxdkqdo\corners2.png
2012-07-08 09:14 . 2012-07-08 09:14 1063 ----a-w- c:\programdata\meopywyfzxdkqdo\corners1.png
2012-07-08 09:14 . 2012-07-08 09:14 1183 ----a-w- c:\programdata\meopywyfzxdkqdo\corners-btn.png
2012-07-08 09:14 . 2012-07-08 09:14 1284 ----a-w- c:\programdata\meopywyfzxdkqdo\btn-green.png
.
---- Directory of c:\users\David\AppData\Local\Microsoft\Windows\439 ----
.
2012-07-23 09:32 . 2012-07-23 09:33 20052 ----a-w- c:\users\David\AppData\Local\Microsoft\Windows\439\f25e977f
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-11-07 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-01-22 149280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ubisoft register.lnk - c:\program files\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-4-15 610120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\FileCure Default.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2012-07-30 c:\windows\Tasks\FileCure Startup.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2349686714-3683228733-4219953717-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25 14:51]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2349686714-3683228733-4219953717-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-25 14:51]
.
2012-07-22 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-01-28 21:19]
.
2012-07-19 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-01-28 21:19]
.
2012-07-30 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-15 08:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4
Trusted Zone: ancestry.co.uk
TCP: DhcpNameServer = 192.168.0.1
DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxp://dashboardd.exam2score.com/ePenUKDashboard/Reserved.ReportViewerWebControl.axd?ReportSession=05by0j45qyjunjjwoazy5fma&ControlID=637f5a73326f4b8b9975723b09d9a753&Culture=2057&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {CCA21D49-582E-4F37-9CE4-5B446D2A150C} - hxxp://downloads.exam2score.com/ePenClientSpec.ocx
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-30 13:36
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-07-30 13:37:31
ComboFix-quarantined-files.txt 2012-07-30 12:37
ComboFix2.txt 2012-07-30 10:45
.
Pre-Run: 332,807,884,800 bytes free
Post-Run: 332,826,824,704 bytes free
.
- - End Of File - - 5C22D23FCDA70EB485E037BE91E96F49

#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 30 July 2012 - 08:30 AM

Any improvements?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 BD1

BD1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 30 July 2012 - 08:51 AM

Seems fine now.

Thank you for all your help. A small 'thank you' is on it's way.

#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 30 July 2012 - 08:59 AM

Thank you for the donation. :)

We will wrap this up.

Follow these steps to uninstall Combofix
  • Click START then RUN
  • Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix /Uninstall
Posted Image

===================================================

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

--------------------------------------------------------------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.


Passwords
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.


SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:
To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an add-on available for both Firefox and IE.

  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
  • Download Host.zip and Save it to your Desktop.
  • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
  • Follow the prompts and click 'Finish'.
  • This will open the newly created hosts folder on your Desktop.
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  • Once updated you should see another prompt that the task was completed.
Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

Hopefully this should take care of your problems! Good luck.

Do you have any questions or problems to ask? Please do not hesitate to do so.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 03 August 2012 - 09:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users