Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scans found a Win32.Sirefef.r Virus.


  • This topic is locked This topic is locked
16 replies to this topic

#1 That One Ninja

That One Ninja

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 05 August 2012 - 06:12 PM

Hello,

I factory reset my firefox and forgot to reinstall the java updates so as I was using it, Vipre tells me that a bad file was blocked. I did a scan with Vipre and it shows Win32.Sirefef.r as a virus. Vipre fails to remove it and it's already not letting me update malewarebytes. So far Vipre has been blocking it from allowing anything else to open but I'll definitely need some help for this.

Running Windows 7 x64 if that helps.

Thanks!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 PM

Posted 08 August 2012 - 08:09 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 That One Ninja

That One Ninja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 09 August 2012 - 12:57 PM

Hey there! When I scanned it with vipre a few days ago, it was a high threat, when I scan it today it puts it as a low threat. Though, it still messes with things like all the icons on my desktop were rearranged and when I go through folders, the settings I had before are changed. Firefox seems to use default settings even though I changed it.

The log scans I did went smoothly. Here they are attached along posted.

*Check up*

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
GFI Software VIPRE
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Java™ 6 Update 20
Java™ 6 Update 33
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````





*DDS*

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Joe at 12:48:43 on 2012-08-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2626 [GMT -5:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Morgan\m3jpegV3\MMTray.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge]
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [MMTray] "C:\Program Files (x86)\Morgan\m3jpegV3\MMTray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{98B95123-74E3-4DA1-A625-CF81E4D29717} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CE6D119D-0897-4AD2-B14B-ABDB35B20325}\660716D27657563747 : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{CE6D119D-0897-4AD2-B14B-ABDB35B20325}\8456D6D656474723030353 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CE6D119D-0897-4AD2-B14B-ABDB35B20325}\C696E6B6379737 : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [MMTray] "C:\Program Files (x86)\Morgan\m3jpegV3\MMTray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\rrtnnnkd.default-1343624593791\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Joe\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2012-1-25 101112]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]
R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-5-2 3289680]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-5-2 173920]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 66632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-7 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-22 2348352]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-3-26 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-7 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-9-26 4924336]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 SbHips;SbHips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2074-05-18 22:44:52 607296 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-08-02 03:56:23 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-23 06:19:04 -------- d-----w- C:\Program Files\iTunes
2012-07-23 06:19:04 -------- d-----w- C:\Program Files\iPod
2012-07-23 06:19:04 -------- d-----w- C:\Program Files (x86)\iTunes
2012-07-20 00:18:36 -------- d-----w- C:\Users\Joe\AppData\Local\FalloutNV
2012-07-13 05:50:32 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 05:50:32 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 17:46:59 839152 ----a-w- C:\Windows\System32\deployJava1.dll
2012-07-12 17:46:58 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-07-10 21:04:26 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 20:58:59 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-07-10 20:58:59 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-07-10 20:58:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-07-10 20:58:57 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-07-10 20:58:57 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-07-10 20:58:56 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
.
==================== Find3M ====================
.
2012-08-02 03:56:15 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 12:49:31.69 ===============

Attached Files


Edited by That One Ninja, 09 August 2012 - 01:00 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 PM

Posted 09 August 2012 - 01:14 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 That One Ninja

That One Ninja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 09 August 2012 - 10:29 PM

Ran ComboFix. Went smoothly. After I rebooted my computer, I ran a vipre scan and it doesn't find anything now. So far so good I think. Computer and internet seems to back to normal. Here's the log:



ComboFix 12-08-09.01 - Joe 08/09/2012 22:03:40.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2838 [GMT -5:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joe\AppData\Roaming\Uninstal.exe
c:\windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\@
c:\windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\00000001.@
c:\windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000000.@
c:\windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\800000cb.@
D:\install.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy5_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2074-05-18 22:44 . 2008-03-21 19:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-08-05 04:50 . 2012-08-05 04:50 268784 ----a-w- c:\windows\system32\javaws.exe
2012-08-05 04:50 . 2012-08-05 04:50 189424 ----a-w- c:\windows\system32\javaw.exe
2012-08-05 04:50 . 2012-08-05 04:50 188912 ----a-w- c:\windows\system32\java.exe
2012-08-05 04:50 . 2012-08-05 04:50 -------- d-----w- c:\program files\Java
2012-08-02 03:56 . 2012-08-02 03:56 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-02 03:54 . 2012-08-02 03:54 -------- d-----w- c:\programdata\McAfee
2012-07-23 06:19 . 2012-07-23 06:19 -------- d-----w- c:\program files\iTunes
2012-07-23 06:19 . 2012-07-23 06:19 -------- d-----w- c:\program files (x86)\iTunes
2012-07-23 06:19 . 2012-07-23 06:19 -------- d-----w- c:\program files\iPod
2012-07-20 00:18 . 2012-07-20 00:18 -------- d-----w- c:\users\Joe\AppData\Local\FalloutNV
2012-07-13 05:50 . 2012-08-02 03:46 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 05:50 . 2012-08-02 03:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 17:46 . 2012-08-05 04:50 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-12 17:46 . 2012-08-05 04:50 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 03:56 . 2010-05-14 23:58 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-10 21:00 . 2010-03-27 02:49 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-10 21:04 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-10 20:57 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 20:57 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 20:57 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 20:57 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 20:57 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 20:57 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 20:57 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-24 16:06 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 16:06 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 16:06 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 16:06 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 16:06 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 16:06 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 16:06 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-24 16:05 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-24 16:05 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-10 20:58 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-10 20:58 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-10 20:58 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-10 20:59 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-10 20:59 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-10 20:59 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-10 20:59 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-10 20:59 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-10 20:59 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-10 20:58 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-10 20:59 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-10 20:59 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-10 20:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-10 20:59 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-10 20:58 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-10 20:59 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-10 20:59 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-10 20:59 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-10 20:59 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-10 20:57 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-10 20:57 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-10 20:57 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-10 20:57 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-10 20:57 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-10 20:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-10 20:57 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 20:57 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-10 20:57 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-15 06:41 . 2012-06-05 20:03 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{191EE887-FD3D-475D-B361-2C4E14AC1796}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MMTray"="c:\program files (x86)\Morgan\m3jpegV3\MMTray.exe" [2001-11-09 53248]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SBAMTray"="c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe" [2012-05-02 3050848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-27 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4924336]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys [2012-04-14 61184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-21 834544]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-04-14 258304]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-26 57976]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
S2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-05-02 3289680]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-05-02 173920]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 69736]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-16 6952960]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2012-04-14 85248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 06:17]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 06:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\rrtnnnkd.default-1343624593791\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-CDisplayEx_is1 - g:\animez\New Folder\folder\pic\Comic\CDisplayEx\unins000.exe
AddRemove-Minecraft 1.2.0_02 - c:\users\Joe\AppData\Roaming\Uninstal.exe
AddRemove-PunkBusterSvc - c:\windows\system32\Pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2151100789-1728219138-4233174390-1000\Software\SecuROM\License information*]
"datasecu"=hex:72,1e,71,08,bf,71,21,f3,76,14,ed,b9,5e,d1,65,ab,31,3b,23,96,55,
a2,f6,80,c7,85,6f,1b,02,b0,de,27,c0,14,b9,00,34,9a,be,42,a3,66,ce,9c,bf,38,\
"rkeysecu"=hex:8f,9d,cf,56,d7,c4,9f,57,ca,4d,1b,df,80,84,af,bb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-08-09 22:18:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 03:18
.
Pre-Run: 21,385,326,592 bytes free
Post-Run: 21,284,401,152 bytes free
.
- - End Of File - - 315F05072CACF05ABBB32EB900DBA5BA

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 PM

Posted 10 August 2012 - 12:19 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 That One Ninja

That One Ninja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 10 August 2012 - 05:27 PM

Both scans went smoothly. Nothing else bad has popped up to my knowledge since ComboFix removed it. So far so good!








TDSS


16:30:21.0808 6676 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:30:22.0327 6676 ============================================================
16:30:22.0327 6676 Current date / time: 2012/08/10 16:30:22.0327
16:30:22.0327 6676 SystemInfo:
16:30:22.0327 6676
16:30:22.0327 6676 OS Version: 6.1.7601 ServicePack: 1.0
16:30:22.0327 6676 Product type: Workstation
16:30:22.0327 6676 ComputerName: JOE-PC
16:30:22.0327 6676 UserName: Joe
16:30:22.0327 6676 Windows directory: C:\Windows
16:30:22.0327 6676 System windows directory: C:\Windows
16:30:22.0327 6676 Running under WOW64
16:30:22.0327 6676 Processor architecture: Intel x64
16:30:22.0327 6676 Number of processors: 2
16:30:22.0327 6676 Page size: 0x1000
16:30:22.0327 6676 Boot type: Normal boot
16:30:22.0327 6676 ============================================================
16:30:23.0549 6676 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:30:23.0559 6676 ============================================================
16:30:23.0559 6676 \Device\Harddisk0\DR0:
16:30:23.0560 6676 MBR partitions:
16:30:23.0560 6676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0x12A14C00
16:30:23.0576 6676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141859B9, BlocksNum 0x112A7D08
16:30:23.0576 6676 ============================================================
16:30:23.0612 6676 C: <-> \Device\Harddisk0\DR0\Partition0
16:30:23.0649 6676 D: <-> \Device\Harddisk0\DR0\Partition1
16:30:23.0649 6676 ============================================================
16:30:23.0649 6676 Initialize success
16:30:23.0649 6676 ============================================================
16:32:51.0519 7744 ============================================================
16:32:51.0519 7744 Scan started
16:32:51.0519 7744 Mode: Manual;
16:32:51.0519 7744 ============================================================
16:32:52.0480 7744 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:32:52.0481 7744 1394ohci - ok
16:32:52.0517 7744 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:32:52.0518 7744 ACPI - ok
16:32:52.0533 7744 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:32:52.0534 7744 AcpiPmi - ok
16:32:52.0591 7744 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
16:32:52.0592 7744 adfs - ok
16:32:52.0712 7744 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
16:32:52.0715 7744 Adobe Version Cue CS4 - ok
16:32:52.0796 7744 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:32:52.0797 7744 AdobeARMservice - ok
16:32:52.0872 7744 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:32:52.0876 7744 adp94xx - ok
16:32:52.0912 7744 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:32:52.0916 7744 adpahci - ok
16:32:53.0100 7744 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:32:53.0117 7744 adpu320 - ok
16:32:53.0163 7744 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:32:53.0163 7744 AeLookupSvc - ok
16:32:53.0230 7744 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:32:53.0234 7744 AFD - ok
16:32:53.0272 7744 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:32:53.0273 7744 agp440 - ok
16:32:53.0287 7744 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:32:53.0289 7744 ALG - ok
16:32:53.0304 7744 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:32:53.0305 7744 aliide - ok
16:32:53.0314 7744 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:32:53.0315 7744 amdide - ok
16:32:53.0330 7744 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:32:53.0331 7744 AmdK8 - ok
16:32:53.0345 7744 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:32:53.0347 7744 AmdPPM - ok
16:32:53.0381 7744 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:32:53.0384 7744 amdsata - ok
16:32:53.0402 7744 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:32:53.0404 7744 amdsbs - ok
16:32:53.0417 7744 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:32:53.0418 7744 amdxata - ok
16:32:53.0463 7744 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:32:53.0466 7744 AppID - ok
16:32:53.0509 7744 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:32:53.0511 7744 AppIDSvc - ok
16:32:53.0557 7744 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:32:53.0557 7744 Appinfo - ok
16:32:53.0653 7744 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:32:53.0654 7744 Apple Mobile Device - ok
16:32:53.0712 7744 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:32:53.0713 7744 arc - ok
16:32:53.0723 7744 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:32:53.0724 7744 arcsas - ok
16:32:53.0813 7744 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:32:53.0831 7744 aspnet_state - ok
16:32:53.0852 7744 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:32:53.0853 7744 AsyncMac - ok
16:32:53.0873 7744 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:32:53.0873 7744 atapi - ok
16:32:53.0945 7744 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:32:53.0948 7744 AudioEndpointBuilder - ok
16:32:53.0955 7744 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:32:53.0958 7744 AudioSrv - ok
16:32:54.0012 7744 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:32:54.0013 7744 AxInstSV - ok
16:32:54.0058 7744 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:32:54.0063 7744 b06bdrv - ok
16:32:54.0098 7744 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:32:54.0102 7744 b57nd60a - ok
16:32:54.0145 7744 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:32:54.0146 7744 BDESVC - ok
16:32:54.0168 7744 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:32:54.0169 7744 Beep - ok
16:32:54.0239 7744 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:32:54.0242 7744 BFE - ok
16:32:54.0266 7744 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:32:54.0267 7744 blbdrive - ok
16:32:54.0393 7744 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:32:54.0397 7744 Bonjour Service - ok
16:32:54.0433 7744 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:32:54.0434 7744 bowser - ok
16:32:54.0480 7744 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:32:54.0482 7744 BrFiltLo - ok
16:32:54.0491 7744 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:32:54.0493 7744 BrFiltUp - ok
16:32:54.0526 7744 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:32:54.0527 7744 BridgeMP - ok
16:32:54.0562 7744 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:32:54.0563 7744 Browser - ok
16:32:54.0586 7744 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:32:54.0590 7744 Brserid - ok
16:32:54.0612 7744 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:32:54.0613 7744 BrSerWdm - ok
16:32:54.0618 7744 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:32:54.0620 7744 BrUsbMdm - ok
16:32:54.0631 7744 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:32:54.0632 7744 BrUsbSer - ok
16:32:54.0689 7744 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:32:54.0690 7744 BthEnum - ok
16:32:54.0706 7744 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:32:54.0708 7744 BTHMODEM - ok
16:32:54.0741 7744 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:32:54.0744 7744 BthPan - ok
16:32:54.0778 7744 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:32:54.0785 7744 BTHPORT - ok
16:32:54.0825 7744 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:32:54.0826 7744 bthserv - ok
16:32:54.0841 7744 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:32:54.0842 7744 BTHUSB - ok
16:32:54.0862 7744 catchme - ok
16:32:54.0888 7744 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:32:54.0890 7744 cdfs - ok
16:32:54.0932 7744 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:32:54.0934 7744 cdrom - ok
16:32:54.0980 7744 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:32:54.0981 7744 CertPropSvc - ok
16:32:55.0011 7744 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:32:55.0012 7744 circlass - ok
16:32:55.0041 7744 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:32:55.0043 7744 CLFS - ok
16:32:55.0097 7744 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:32:55.0100 7744 clr_optimization_v2.0.50727_32 - ok
16:32:55.0161 7744 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:32:55.0163 7744 clr_optimization_v2.0.50727_64 - ok
16:32:55.0237 7744 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:32:55.0251 7744 clr_optimization_v4.0.30319_32 - ok
16:32:55.0295 7744 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:32:55.0296 7744 clr_optimization_v4.0.30319_64 - ok
16:32:55.0316 7744 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:32:55.0317 7744 CmBatt - ok
16:32:55.0354 7744 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:32:55.0355 7744 cmdide - ok
16:32:55.0401 7744 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
16:32:55.0405 7744 CNG - ok
16:32:55.0458 7744 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:32:55.0459 7744 Compbatt - ok
16:32:55.0478 7744 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:32:55.0480 7744 CompositeBus - ok
16:32:55.0500 7744 COMSysApp - ok
16:32:55.0515 7744 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:32:55.0516 7744 crcdisk - ok
16:32:55.0537 7744 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:32:55.0538 7744 CryptSvc - ok
16:32:55.0595 7744 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:32:55.0612 7744 DcomLaunch - ok
16:32:55.0664 7744 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:32:55.0665 7744 defragsvc - ok
16:32:55.0712 7744 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:32:55.0713 7744 DfsC - ok
16:32:55.0737 7744 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:32:55.0740 7744 Dhcp - ok
16:32:55.0756 7744 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:32:55.0757 7744 discache - ok
16:32:55.0792 7744 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:32:55.0794 7744 Disk - ok
16:32:55.0815 7744 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:32:55.0816 7744 Dnscache - ok
16:32:55.0871 7744 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:32:55.0874 7744 dot3svc - ok
16:32:55.0913 7744 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:32:55.0914 7744 DPS - ok
16:32:55.0958 7744 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:32:55.0960 7744 drmkaud - ok
16:32:56.0029 7744 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:32:56.0038 7744 DXGKrnl - ok
16:32:56.0086 7744 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:32:56.0088 7744 EapHost - ok
16:32:56.0223 7744 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:32:56.0284 7744 ebdrv - ok
16:32:56.0360 7744 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:32:56.0361 7744 EFS - ok
16:32:56.0426 7744 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:32:56.0433 7744 ehRecvr - ok
16:32:56.0478 7744 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:32:56.0480 7744 ehSched - ok
16:32:56.0550 7744 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:32:56.0555 7744 elxstor - ok
16:32:56.0576 7744 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:32:56.0577 7744 ErrDev - ok
16:32:56.0634 7744 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:32:56.0636 7744 EventSystem - ok
16:32:56.0666 7744 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:32:56.0668 7744 exfat - ok
16:32:56.0687 7744 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:32:56.0690 7744 fastfat - ok
16:32:56.0769 7744 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:32:56.0772 7744 Fax - ok
16:32:56.0798 7744 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:32:56.0798 7744 fdc - ok
16:32:56.0820 7744 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:32:56.0821 7744 fdPHost - ok
16:32:56.0829 7744 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:32:56.0830 7744 FDResPub - ok
16:32:56.0840 7744 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:32:56.0841 7744 FileInfo - ok
16:32:56.0856 7744 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:32:56.0858 7744 Filetrace - ok
16:32:56.0974 7744 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:32:56.0981 7744 FLEXnet Licensing Service - ok
16:32:57.0057 7744 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
16:32:57.0067 7744 FLEXnet Licensing Service 64 - ok
16:32:57.0179 7744 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
16:32:57.0181 7744 FlipShare Service - ok
16:32:57.0281 7744 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
16:32:57.0286 7744 FlipShareServer - ok
16:32:57.0379 7744 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:32:57.0380 7744 flpydisk - ok
16:32:57.0439 7744 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:32:57.0442 7744 FltMgr - ok
16:32:57.0499 7744 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:32:57.0504 7744 FontCache - ok
16:32:57.0592 7744 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:32:57.0594 7744 FontCache3.0.0.0 - ok
16:32:57.0613 7744 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:32:57.0614 7744 FsDepends - ok
16:32:57.0657 7744 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:32:57.0659 7744 Fs_Rec - ok
16:32:57.0722 7744 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:32:57.0724 7744 fvevol - ok
16:32:57.0751 7744 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:32:57.0752 7744 gagp30kx - ok
16:32:57.0801 7744 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:32:57.0802 7744 GEARAspiWDM - ok
16:32:57.0873 7744 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:32:57.0877 7744 gpsvc - ok
16:32:57.0955 7744 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:32:57.0956 7744 gupdate - ok
16:32:57.0987 7744 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:32:57.0988 7744 gupdatem - ok
16:32:58.0004 7744 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:32:58.0005 7744 hcw85cir - ok
16:32:58.0048 7744 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:32:58.0051 7744 HdAudAddService - ok
16:32:58.0081 7744 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:32:58.0081 7744 HDAudBus - ok
16:32:58.0170 7744 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:32:58.0203 7744 HidBatt - ok
16:32:58.0300 7744 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:32:58.0302 7744 HidBth - ok
16:32:58.0334 7744 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:32:58.0335 7744 HidIr - ok
16:32:58.0368 7744 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:32:58.0369 7744 hidserv - ok
16:32:58.0401 7744 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:32:58.0402 7744 HidUsb - ok
16:32:58.0437 7744 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:32:58.0438 7744 hkmsvc - ok
16:32:58.0480 7744 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:32:58.0483 7744 HomeGroupListener - ok
16:32:58.0517 7744 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:32:58.0518 7744 HomeGroupProvider - ok
16:32:58.0542 7744 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:32:58.0543 7744 HpSAMD - ok
16:32:58.0606 7744 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:32:58.0613 7744 HTTP - ok
16:32:58.0654 7744 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:32:58.0654 7744 hwpolicy - ok
16:32:58.0666 7744 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:32:58.0667 7744 i8042prt - ok
16:32:58.0702 7744 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:32:58.0706 7744 iaStorV - ok
16:32:58.0806 7744 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:32:58.0808 7744 IDriverT - ok
16:32:58.0907 7744 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:32:58.0914 7744 idsvc - ok
16:32:59.0004 7744 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:32:59.0005 7744 iirsp - ok
16:32:59.0079 7744 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:32:59.0083 7744 IKEEXT - ok
16:32:59.0111 7744 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:32:59.0113 7744 intelide - ok
16:32:59.0138 7744 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:32:59.0139 7744 intelppm - ok
16:32:59.0186 7744 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:32:59.0188 7744 IPBusEnum - ok
16:32:59.0221 7744 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:32:59.0223 7744 IpFilterDriver - ok
16:32:59.0283 7744 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:32:59.0286 7744 iphlpsvc - ok
16:32:59.0298 7744 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:32:59.0299 7744 IPMIDRV - ok
16:32:59.0318 7744 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:32:59.0320 7744 IPNAT - ok
16:32:59.0425 7744 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
16:32:59.0429 7744 iPod Service - ok
16:32:59.0461 7744 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:32:59.0463 7744 IRENUM - ok
16:32:59.0475 7744 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:32:59.0476 7744 isapnp - ok
16:32:59.0497 7744 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:32:59.0500 7744 iScsiPrt - ok
16:32:59.0536 7744 itecir (8d990a44b4f2b68e2c56a3724ec3eb84) C:\Windows\system32\DRIVERS\itecir.sys
16:32:59.0538 7744 itecir - ok
16:32:59.0559 7744 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:32:59.0560 7744 kbdclass - ok
16:32:59.0572 7744 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:32:59.0573 7744 kbdhid - ok
16:32:59.0610 7744 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:32:59.0611 7744 KeyIso - ok
16:32:59.0628 7744 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
16:32:59.0629 7744 KSecDD - ok
16:32:59.0653 7744 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
16:32:59.0655 7744 KSecPkg - ok
16:32:59.0693 7744 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:32:59.0695 7744 ksthunk - ok
16:32:59.0741 7744 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:32:59.0745 7744 KtmRm - ok
16:32:59.0806 7744 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:32:59.0808 7744 LanmanServer - ok
16:32:59.0853 7744 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:32:59.0856 7744 LanmanWorkstation - ok
16:32:59.0888 7744 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:32:59.0889 7744 lltdio - ok
16:32:59.0931 7744 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:32:59.0935 7744 lltdsvc - ok
16:32:59.0947 7744 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:32:59.0949 7744 lmhosts - ok
16:32:59.0970 7744 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:32:59.0971 7744 LSI_FC - ok
16:32:59.0985 7744 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:32:59.0988 7744 LSI_SAS - ok
16:33:00.0004 7744 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:33:00.0006 7744 LSI_SAS2 - ok
16:33:00.0026 7744 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:33:00.0029 7744 LSI_SCSI - ok
16:33:00.0055 7744 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:33:00.0057 7744 luafv - ok
16:33:00.0091 7744 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:33:00.0093 7744 Mcx2Svc - ok
16:33:00.0111 7744 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:33:00.0113 7744 megasas - ok
16:33:00.0139 7744 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:33:00.0142 7744 MegaSR - ok
16:33:00.0223 7744 mi-raysat_3dsmax2010_32 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
16:33:00.0224 7744 mi-raysat_3dsmax2010_32 - ok
16:33:00.0301 7744 mi-raysat_3dsmax2010_64 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
16:33:00.0303 7744 mi-raysat_3dsmax2010_64 - ok
16:33:00.0336 7744 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:33:00.0338 7744 MMCSS - ok
16:33:00.0355 7744 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:33:00.0356 7744 Modem - ok
16:33:00.0404 7744 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:33:00.0404 7744 monitor - ok
16:33:00.0435 7744 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:33:00.0436 7744 mouclass - ok
16:33:00.0458 7744 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:33:00.0459 7744 mouhid - ok
16:33:00.0496 7744 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:33:00.0498 7744 mountmgr - ok
16:33:00.0571 7744 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:33:00.0573 7744 MozillaMaintenance - ok
16:33:00.0597 7744 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:33:00.0600 7744 mpio - ok
16:33:00.0615 7744 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:33:00.0616 7744 mpsdrv - ok
16:33:00.0699 7744 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:33:00.0707 7744 MpsSvc - ok
16:33:00.0742 7744 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:33:00.0744 7744 MRxDAV - ok
16:33:00.0780 7744 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:33:00.0782 7744 mrxsmb - ok
16:33:00.0841 7744 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:33:00.0844 7744 mrxsmb10 - ok
16:33:00.0861 7744 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:33:00.0863 7744 mrxsmb20 - ok
16:33:00.0877 7744 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:33:00.0878 7744 msahci - ok
16:33:00.0897 7744 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:33:00.0899 7744 msdsm - ok
16:33:00.0944 7744 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:33:00.0946 7744 MSDTC - ok
16:33:00.0986 7744 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:33:00.0987 7744 Msfs - ok
16:33:01.0007 7744 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:33:01.0008 7744 mshidkmdf - ok
16:33:01.0017 7744 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:33:01.0018 7744 msisadrv - ok
16:33:01.0057 7744 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:33:01.0059 7744 MSiSCSI - ok
16:33:01.0062 7744 msiserver - ok
16:33:01.0085 7744 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:33:01.0086 7744 MSKSSRV - ok
16:33:01.0097 7744 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:33:01.0098 7744 MSPCLOCK - ok
16:33:01.0105 7744 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:33:01.0105 7744 MSPQM - ok
16:33:01.0147 7744 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:33:01.0151 7744 MsRPC - ok
16:33:01.0166 7744 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:33:01.0167 7744 mssmbios - ok
16:33:01.0280 7744 MSSQL$SQLEXPRESS - ok
16:33:01.0379 7744 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
16:33:01.0380 7744 MSSQLServerADHelper100 - ok
16:33:01.0384 7744 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:33:01.0385 7744 MSTEE - ok
16:33:01.0734 7744 msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
16:33:01.0826 7744 msvsmon90 - ok
16:33:01.0896 7744 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:33:01.0897 7744 MTConfig - ok
16:33:01.0944 7744 MTsensor (a523d9f6aeb152c4480d754df7fa9f7f) C:\Windows\system32\DRIVERS\ATK64AMD.sys
16:33:01.0945 7744 MTsensor - ok
16:33:01.0958 7744 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:33:01.0959 7744 Mup - ok
16:33:02.0006 7744 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:33:02.0011 7744 napagent - ok
16:33:02.0049 7744 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:33:02.0052 7744 NativeWifiP - ok
16:33:02.0112 7744 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:33:02.0116 7744 NDIS - ok
16:33:02.0134 7744 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:33:02.0135 7744 NdisCap - ok
16:33:02.0151 7744 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:33:02.0153 7744 NdisTapi - ok
16:33:02.0189 7744 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:33:02.0190 7744 Ndisuio - ok
16:33:02.0238 7744 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:33:02.0241 7744 NdisWan - ok
16:33:02.0284 7744 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:33:02.0285 7744 NDProxy - ok
16:33:02.0302 7744 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:33:02.0304 7744 NetBIOS - ok
16:33:02.0346 7744 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:33:02.0349 7744 NetBT - ok
16:33:02.0367 7744 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:33:02.0368 7744 Netlogon - ok
16:33:02.0425 7744 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:33:02.0429 7744 Netman - ok
16:33:02.0522 7744 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:33:02.0524 7744 NetMsmqActivator - ok
16:33:02.0527 7744 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:33:02.0528 7744 NetPipeActivator - ok
16:33:02.0560 7744 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:33:02.0565 7744 netprofm - ok
16:33:02.0568 7744 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:33:02.0569 7744 NetTcpActivator - ok
16:33:02.0571 7744 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:33:02.0572 7744 NetTcpPortSharing - ok
16:33:02.0881 7744 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
16:33:02.0992 7744 NETw5s64 - ok
16:33:03.0274 7744 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
16:33:03.0376 7744 netw5v64 - ok
16:33:03.0489 7744 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:33:03.0491 7744 nfrd960 - ok
16:33:03.0550 7744 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:33:03.0553 7744 NlaSvc - ok
16:33:03.0565 7744 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:33:03.0566 7744 Npfs - ok
16:33:03.0596 7744 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:33:03.0597 7744 nsi - ok
16:33:03.0605 7744 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:33:03.0606 7744 nsiproxy - ok
16:33:03.0684 7744 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:33:03.0717 7744 Ntfs - ok
16:33:03.0798 7744 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:33:03.0799 7744 Null - ok
16:33:04.0306 7744 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:33:04.0526 7744 nvlddmkm - ok
16:33:04.0632 7744 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:33:04.0634 7744 nvraid - ok
16:33:04.0664 7744 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:33:04.0667 7744 nvstor - ok
16:33:04.0730 7744 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
16:33:04.0738 7744 nvsvc - ok
16:33:04.0905 7744 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:33:04.0949 7744 nvUpdatusService - ok
16:33:05.0047 7744 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:33:05.0050 7744 nv_agp - ok
16:33:05.0135 7744 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:33:05.0139 7744 odserv - ok
16:33:05.0150 7744 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:33:05.0152 7744 ohci1394 - ok
16:33:05.0215 7744 ose (067db5b067722997fcafe1858163d411) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:33:05.0217 7744 ose - ok
16:33:05.0476 7744 osppsvc (458169ba54ccf47d178dcb40d8158a7d) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:33:05.0576 7744 osppsvc - ok
16:33:05.0695 7744 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:33:05.0697 7744 p2pimsvc - ok
16:33:05.0758 7744 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:33:05.0761 7744 p2psvc - ok
16:33:05.0815 7744 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:33:05.0816 7744 Parport - ok
16:33:05.0854 7744 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:33:05.0855 7744 partmgr - ok
16:33:05.0873 7744 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:33:05.0875 7744 PcaSvc - ok
16:33:05.0903 7744 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:33:05.0905 7744 pci - ok
16:33:05.0920 7744 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:33:05.0921 7744 pciide - ok
16:33:05.0941 7744 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:33:05.0944 7744 pcmcia - ok
16:33:05.0952 7744 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:33:05.0954 7744 pcw - ok
16:33:05.0990 7744 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:33:05.0995 7744 PEAUTH - ok
16:33:06.0079 7744 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:33:06.0081 7744 PerfHost - ok
16:33:06.0203 7744 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:33:06.0233 7744 pla - ok
16:33:06.0278 7744 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:33:06.0281 7744 PlugPlay - ok
16:33:06.0301 7744 PnkBstrA - ok
16:33:06.0351 7744 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:33:06.0353 7744 PNRPAutoReg - ok
16:33:06.0378 7744 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:33:06.0380 7744 PNRPsvc - ok
16:33:06.0409 7744 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:33:06.0414 7744 PolicyAgent - ok
16:33:06.0454 7744 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:33:06.0456 7744 Power - ok
16:33:06.0525 7744 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:33:06.0527 7744 PptpMiniport - ok
16:33:06.0566 7744 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:33:06.0567 7744 Processor - ok
16:33:06.0596 7744 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:33:06.0600 7744 ProfSvc - ok
16:33:06.0615 7744 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:33:06.0616 7744 ProtectedStorage - ok
16:33:06.0656 7744 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:33:06.0659 7744 Psched - ok
16:33:06.0742 7744 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:33:06.0770 7744 ql2300 - ok
16:33:06.0879 7744 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:33:06.0880 7744 ql40xx - ok
16:33:06.0923 7744 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:33:06.0926 7744 QWAVE - ok
16:33:06.0941 7744 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:33:06.0943 7744 QWAVEdrv - ok
16:33:06.0955 7744 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:33:06.0956 7744 RasAcd - ok
16:33:07.0008 7744 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:33:07.0009 7744 RasAgileVpn - ok
16:33:07.0022 7744 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:33:07.0024 7744 RasAuto - ok
16:33:07.0064 7744 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:33:07.0066 7744 Rasl2tp - ok
16:33:07.0111 7744 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:33:07.0114 7744 RasMan - ok
16:33:07.0125 7744 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:33:07.0126 7744 RasPppoe - ok
16:33:07.0138 7744 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:33:07.0140 7744 RasSstp - ok
16:33:07.0193 7744 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:33:07.0196 7744 rdbss - ok
16:33:07.0210 7744 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:33:07.0211 7744 rdpbus - ok
16:33:07.0239 7744 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:33:07.0241 7744 RDPCDD - ok
16:33:07.0252 7744 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:33:07.0253 7744 RDPENCDD - ok
16:33:07.0264 7744 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:33:07.0265 7744 RDPREFMP - ok
16:33:07.0300 7744 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:33:07.0302 7744 RDPWD - ok
16:33:07.0342 7744 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:33:07.0345 7744 rdyboost - ok
16:33:07.0385 7744 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:33:07.0387 7744 RemoteAccess - ok
16:33:07.0443 7744 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:33:07.0446 7744 RemoteRegistry - ok
16:33:07.0491 7744 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:33:07.0493 7744 RFCOMM - ok
16:33:07.0537 7744 rismxdp (2a43f9e6dbde12bc0c104785c3b3f5df) C:\Windows\system32\DRIVERS\rixdpx64.sys
16:33:07.0538 7744 rismxdp - ok
16:33:07.0547 7744 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:33:07.0549 7744 RpcEptMapper - ok
16:33:07.0579 7744 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:33:07.0581 7744 RpcLocator - ok
16:33:07.0633 7744 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:33:07.0636 7744 RpcSs - ok
16:33:07.0671 7744 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:33:07.0672 7744 rspndr - ok
16:33:07.0711 7744 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:33:07.0715 7744 RTL8167 - ok
16:33:07.0732 7744 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:33:07.0733 7744 SamSs - ok
16:33:07.0793 7744 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
16:33:07.0794 7744 SASDIFSV - ok
16:33:07.0807 7744 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
16:33:07.0807 7744 SASENUM - ok
16:33:07.0823 7744 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS
16:33:07.0824 7744 SASKUTIL - ok
16:33:07.0993 7744 SBAMSvc (18530d2f605f1ec48ca20a7b184ccbcc) C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
16:33:08.0007 7744 SBAMSvc - ok
16:33:08.0138 7744 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys
16:33:08.0139 7744 sbapifs - ok
16:33:08.0187 7744 SbFw (c0acd574f740c5781031fd533c2494f5) C:\Windows\system32\drivers\SbFw.sys
16:33:08.0190 7744 SbFw - ok
16:33:08.0237 7744 SBFWIMCL (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\sbfwim.sys
16:33:08.0238 7744 SBFWIMCL - ok
16:33:08.0264 7744 SBFWIMCLMP (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\SBFWIM.sys
16:33:08.0264 7744 SBFWIMCLMP - ok
16:33:08.0283 7744 SbHips (f2c38f62e9c540f40c2a5f6172d9d07b) C:\Windows\system32\drivers\sbhips.sys
16:33:08.0284 7744 SbHips - ok
16:33:08.0316 7744 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:33:08.0317 7744 sbp2port - ok
16:33:08.0399 7744 SBPIMSvc (2815772894855506e94008cc0e602738) C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
16:33:08.0400 7744 SBPIMSvc - ok
16:33:08.0424 7744 SBRE (aae41efbad69b78513875c2eb3de7008) C:\Windows\system32\drivers\SBREdrv.sys
16:33:08.0425 7744 SBRE - ok
16:33:08.0463 7744 sbwtis (f9aa83a88eabe22b29d8f293c21aaa4d) C:\Windows\system32\DRIVERS\sbwtis.sys
16:33:08.0465 7744 sbwtis - ok
16:33:08.0504 7744 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:33:08.0507 7744 SCardSvr - ok
16:33:08.0543 7744 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:33:08.0544 7744 scfilter - ok
16:33:08.0717 7744 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:33:08.0749 7744 Schedule - ok
16:33:08.0785 7744 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:33:08.0785 7744 SCPolicySvc - ok
16:33:08.0827 7744 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
16:33:08.0829 7744 sdbus - ok
16:33:08.0865 7744 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:33:08.0868 7744 SDRSVC - ok
16:33:08.0908 7744 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:33:08.0909 7744 secdrv - ok
16:33:08.0943 7744 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:33:08.0944 7744 seclogon - ok
16:33:08.0954 7744 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:33:08.0956 7744 SENS - ok
16:33:08.0967 7744 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:33:08.0969 7744 SensrSvc - ok
16:33:08.0981 7744 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:33:08.0982 7744 Serenum - ok
16:33:09.0010 7744 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:33:09.0011 7744 Serial - ok
16:33:09.0039 7744 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:33:09.0041 7744 sermouse - ok
16:33:09.0088 7744 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:33:09.0090 7744 SessionEnv - ok
16:33:09.0105 7744 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:33:09.0106 7744 sffdisk - ok
16:33:09.0119 7744 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:33:09.0120 7744 sffp_mmc - ok
16:33:09.0134 7744 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:33:09.0135 7744 sffp_sd - ok
16:33:09.0147 7744 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:33:09.0149 7744 sfloppy - ok
16:33:09.0213 7744 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:33:09.0217 7744 SharedAccess - ok
16:33:09.0261 7744 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:33:09.0265 7744 ShellHWDetection - ok
16:33:09.0288 7744 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:33:09.0289 7744 SiSRaid2 - ok
16:33:09.0303 7744 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:33:09.0306 7744 SiSRaid4 - ok
16:33:09.0316 7744 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:33:09.0318 7744 Smb - ok
16:33:09.0376 7744 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:33:09.0377 7744 SNMPTRAP - ok
16:33:09.0385 7744 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:33:09.0386 7744 spldr - ok
16:33:09.0421 7744 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:33:09.0425 7744 Spooler - ok
16:33:09.0590 7744 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:33:09.0606 7744 sppsvc - ok
16:33:09.0677 7744 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:33:09.0679 7744 sppuinotify - ok
16:33:09.0768 7744 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
16:33:09.0779 7744 sptd - ok
16:33:09.0910 7744 SQLAgent$SQLEXPRESS (a687b5b326afcfcf182c4931d1ff9771) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
16:33:09.0914 7744 SQLAgent$SQLEXPRESS - ok
16:33:09.0998 7744 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:33:10.0002 7744 SQLBrowser - ok
16:33:10.0050 7744 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:33:10.0052 7744 SQLWriter - ok
16:33:10.0185 7744 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:33:10.0190 7744 srv - ok
16:33:10.0214 7744 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:33:10.0218 7744 srv2 - ok
16:33:10.0234 7744 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:33:10.0236 7744 srvnet - ok
16:33:10.0295 7744 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:33:10.0298 7744 SSDPSRV - ok
16:33:10.0311 7744 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:33:10.0313 7744 SstpSvc - ok
16:33:10.0399 7744 Steam Client Service - ok
16:33:10.0495 7744 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:33:10.0497 7744 Stereo Service - ok
16:33:10.0530 7744 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:33:10.0531 7744 stexstor - ok
16:33:10.0596 7744 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:33:10.0600 7744 stisvc - ok
16:33:10.0614 7744 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:33:10.0615 7744 swenum - ok
16:33:10.0701 7744 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:33:10.0707 7744 SwitchBoard - ok
16:33:10.0763 7744 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:33:10.0769 7744 swprv - ok
16:33:10.0860 7744 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:33:10.0868 7744 SysMain - ok
16:33:10.0966 7744 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:33:10.0968 7744 TabletInputService - ok
16:33:10.0993 7744 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:33:10.0995 7744 TapiSrv - ok
16:33:11.0010 7744 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:33:11.0013 7744 TBS - ok
16:33:11.0142 7744 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:33:11.0177 7744 Tcpip - ok
16:33:11.0325 7744 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:33:11.0333 7744 TCPIP6 - ok
16:33:11.0438 7744 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:33:11.0439 7744 tcpipreg - ok
16:33:11.0489 7744 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:33:11.0490 7744 TDPIPE - ok
16:33:11.0524 7744 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:33:11.0525 7744 TDTCP - ok
16:33:11.0566 7744 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:33:11.0568 7744 tdx - ok
16:33:11.0603 7744 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:33:11.0604 7744 TermDD - ok
16:33:11.0666 7744 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:33:11.0670 7744 TermService - ok
16:33:11.0705 7744 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:33:11.0706 7744 Themes - ok
16:33:11.0740 7744 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:33:11.0742 7744 THREADORDER - ok
16:33:11.0760 7744 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:33:11.0763 7744 TrkWks - ok
16:33:11.0814 7744 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:33:11.0815 7744 TrustedInstaller - ok
16:33:11.0844 7744 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:33:11.0845 7744 tssecsrv - ok
16:33:11.0890 7744 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:33:11.0891 7744 TsUsbFlt - ok
16:33:11.0938 7744 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:33:11.0940 7744 tunnel - ok
16:33:11.0979 7744 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:33:11.0980 7744 uagp35 - ok
16:33:12.0029 7744 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:33:12.0032 7744 udfs - ok
16:33:12.0048 7744 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:33:12.0050 7744 UI0Detect - ok
16:33:12.0068 7744 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:33:12.0070 7744 uliagpkx - ok
16:33:12.0094 7744 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:33:12.0096 7744 umbus - ok
16:33:12.0116 7744 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:33:12.0117 7744 UmPass - ok
16:33:12.0147 7744 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:33:12.0150 7744 upnphost - ok
16:33:12.0181 7744 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:33:12.0183 7744 USBAAPL64 - ok
16:33:12.0204 7744 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:33:12.0206 7744 usbccgp - ok
16:33:12.0222 7744 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:33:12.0224 7744 usbcir - ok
16:33:12.0237 7744 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:33:12.0238 7744 usbehci - ok
16:33:12.0270 7744 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:33:12.0272 7744 usbhub - ok
16:33:12.0287 7744 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:33:12.0288 7744 usbohci - ok
16:33:12.0293 7744 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:33:12.0294 7744 usbprint - ok
16:33:12.0323 7744 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:33:12.0324 7744 USBSTOR - ok
16:33:12.0335 7744 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:33:12.0336 7744 usbuhci - ok
16:33:12.0376 7744 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:33:12.0379 7744 usbvideo - ok
16:33:12.0415 7744 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:33:12.0417 7744 UxSms - ok
16:33:12.0438 7744 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:33:12.0439 7744 VaultSvc - ok
16:33:12.0465 7744 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:33:12.0466 7744 vdrvroot - ok
16:33:12.0522 7744 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:33:12.0528 7744 vds - ok
16:33:12.0535 7744 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:33:12.0537 7744 vga - ok
16:33:12.0548 7744 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:33:12.0549 7744 VgaSave - ok
16:33:12.0567 7744 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:33:12.0569 7744 vhdmp - ok
16:33:12.0580 7744 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:33:12.0582 7744 viaide - ok
16:33:12.0596 7744 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:33:12.0597 7744 volmgr - ok
16:33:12.0648 7744 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:33:12.0652 7744 volmgrx - ok
16:33:12.0675 7744 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:33:12.0678 7744 volsnap - ok
16:33:12.0707 7744 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:33:12.0709 7744 vsmraid - ok
16:33:12.0807 7744 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:33:12.0841 7744 VSS - ok
16:33:12.0920 7744 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:33:12.0921 7744 vwifibus - ok
16:33:12.0931 7744 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:33:12.0933 7744 VWiFiFlt - ok
16:33:12.0967 7744 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:33:12.0967 7744 vwifimp - ok
16:33:13.0019 7744 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:33:13.0022 7744 W32Time - ok
16:33:13.0040 7744 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:33:13.0041 7744 WacomPen - ok
16:33:13.0096 7744 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:33:13.0097 7744 WANARP - ok
16:33:13.0100 7744 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:33:13.0100 7744 Wanarpv6 - ok
16:33:13.0185 7744 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:33:13.0209 7744 WatAdminSvc - ok
16:33:13.0295 7744 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:33:13.0324 7744 wbengine - ok
16:33:13.0422 7744 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:33:13.0426 7744 WbioSrvc - ok
16:33:13.0469 7744 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:33:13.0474 7744 wcncsvc - ok
16:33:13.0492 7744 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:33:13.0495 7744 WcsPlugInService - ok
16:33:13.0549 7744 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:33:13.0550 7744 Wd - ok
16:33:13.0584 7744 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:33:13.0590 7744 Wdf01000 - ok
16:33:13.0608 7744 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:33:13.0610 7744 WdiServiceHost - ok
16:33:13.0612 7744 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:33:13.0614 7744 WdiSystemHost - ok
16:33:13.0658 7744 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:33:13.0662 7744 WebClient - ok
16:33:13.0685 7744 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:33:13.0689 7744 Wecsvc - ok
16:33:13.0706 7744 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:33:13.0708 7744 wercplsupport - ok
16:33:13.0733 7744 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:33:13.0734 7744 WerSvc - ok
16:33:13.0771 7744 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:33:13.0772 7744 WfpLwf - ok
16:33:13.0791 7744 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:33:13.0792 7744 WIMMount - ok
16:33:13.0832 7744 WinDefend - ok
16:33:13.0837 7744 WinHttpAutoProxySvc - ok
16:33:13.0909 7744 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:33:13.0911 7744 Winmgmt - ok
16:33:14.0023 7744 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:33:14.0066 7744 WinRM - ok
16:33:14.0174 7744 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:33:14.0176 7744 WinUsb - ok
16:33:14.0249 7744 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:33:14.0258 7744 Wlansvc - ok
16:33:14.0413 7744 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:33:14.0423 7744 wlidsvc - ok
16:33:14.0500 7744 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:33:14.0501 7744 WmiAcpi - ok
16:33:14.0556 7744 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:33:14.0558 7744 wmiApSrv - ok
16:33:14.0586 7744 WMPNetworkSvc - ok
16:33:14.0623 7744 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:33:14.0626 7744 WPCSvc - ok
16:33:14.0660 7744 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:33:14.0662 7744 WPDBusEnum - ok
16:33:14.0693 7744 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:33:14.0694 7744 ws2ifsl - ok
16:33:14.0729 7744 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:33:14.0731 7744 wscsvc - ok
16:33:14.0734 7744 WSearch - ok
16:33:14.0838 7744 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:33:14.0850 7744 wuauserv - ok
16:33:14.0948 7744 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:33:14.0950 7744 WudfPf - ok
16:33:14.0979 7744 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:33:14.0981 7744 WUDFRd - ok
16:33:15.0016 7744 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:33:15.0018 7744 wudfsvc - ok
16:33:15.0034 7744 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:33:15.0038 7744 WwanSvc - ok
16:33:15.0108 7744 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
16:33:15.0119 7744 xnacc - ok
16:33:15.0210 7744 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
16:33:15.0213 7744 xusb21 - ok
16:33:15.0248 7744 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:33:15.0460 7744 \Device\Harddisk0\DR0 - ok
16:33:15.0463 7744 Boot (0x1200) (335aeca23625eaba7d5f836aa1664ae2) \Device\Harddisk0\DR0\Partition0
16:33:15.0467 7744 \Device\Harddisk0\DR0\Partition0 - ok
16:33:15.0500 7744 Boot (0x1200) (d93eeea21143e440adcc92a72911e88e) \Device\Harddisk0\DR0\Partition1
16:33:15.0503 7744 \Device\Harddisk0\DR0\Partition1 - ok
16:33:15.0503 7744 ============================================================
16:33:15.0503 7744 Scan finished
16:33:15.0503 7744 ============================================================
16:33:15.0510 3848 Detected object count: 0
16:33:15.0510 3848 Actual detected object count: 0


aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 16:35:13
-----------------------------
16:35:13.837 OS Version: Windows x64 6.1.7601 Service Pack 1
16:35:13.837 Number of processors: 2 586 0x1706
16:35:13.838 ComputerName: JOE-PC UserName: Joe
16:35:16.813 Initialize success
16:36:16.082 AVAST engine defs: 12081001
16:36:26.816 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:36:26.817 Disk 0 Vendor: ST9320421AS SD14 Size: 305245MB BusType: 11
16:36:26.891 Disk 0 MBR read successfully
16:36:26.893 Disk 0 MBR scan
16:36:26.896 Disk 0 Windows 7 default MBR code
16:36:26.898 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 12001 MB offset 63
16:36:26.913 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 24579450
16:36:26.917 Disk 0 Partition - 00 0F Extended LBA 140623 MB offset 337140090
16:36:26.942 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 140623 MB offset 337140153
16:36:26.974 Disk 0 scanning C:\Windows\system32\drivers
16:36:37.069 Service scanning
16:37:00.947 Modules scanning
16:37:00.948 Disk 0 trace - called modules:
16:37:01.028 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:37:01.032 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c15740]
16:37:01.035 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa800468e1e0]
16:37:01.039 5 ACPI.sys[fffff88000d807a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046a0060]
16:37:02.457 AVAST engine scan C:\Windows
16:37:04.516 AVAST engine scan C:\Windows\system32
16:40:01.406 AVAST engine scan C:\Windows\system32\drivers
16:40:13.121 AVAST engine scan C:\Users\Joe
16:58:28.753 AVAST engine scan C:\ProgramData
17:06:24.617 Scan finished successfully
17:09:59.680 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\Security\MBR.dat"
17:09:59.684 The log file has been saved successfully to "C:\Users\Joe\Desktop\Security\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 PM

Posted 10 August 2012 - 08:57 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 That One Ninja

That One Ninja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 11 August 2012 - 12:04 AM

Here's the script ran on the ComboFix scanner. Again, ran smoothly. Haven't encountered any problems along with any interference or anything. Computer feels back like it used to before the virus.




ComboFix 12-08-09.01 - Joe 08/10/2012 23:30:27.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2491 [GMT -5:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
Command switches used :: c:\users\Joe\Desktop\CFScript.txt
AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2074-05-18 22:44 . 2008-03-21 19:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-08-11 04:39 . 2012-08-11 04:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-11 04:39 . 2012-08-11 04:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 03:52 . 2012-08-10 03:52 191280 ----a-w- c:\windows\system32\javaws.exe
2012-08-10 03:52 . 2012-08-10 03:52 172336 ----a-w- c:\windows\system32\javaw.exe
2012-08-10 03:52 . 2012-08-10 03:52 172336 ----a-w- c:\windows\system32\java.exe
2012-08-10 03:38 . 2012-08-10 04:00 -------- d-----w- c:\program files\Java
2012-08-02 03:56 . 2012-08-10 03:59 772592 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-02 03:54 . 2012-08-02 03:54 -------- d-----w- c:\programdata\McAfee
2012-07-23 06:19 . 2012-07-23 06:19 -------- d-----w- c:\program files\iTunes
2012-07-23 06:19 . 2012-07-23 06:19 -------- d-----w- c:\program files (x86)\iTunes
2012-07-23 06:19 . 2012-07-23 06:19 -------- d-----w- c:\program files\iPod
2012-07-20 00:18 . 2012-07-20 00:18 -------- d-----w- c:\users\Joe\AppData\Local\FalloutNV
2012-07-13 05:50 . 2012-08-02 03:46 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 05:50 . 2012-08-02 03:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 17:46 . 2012-08-10 03:38 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-12 17:46 . 2012-08-10 03:38 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 03:59 . 2010-05-14 23:58 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-10 21:00 . 2010-03-27 02:49 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-10 21:04 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-10 20:57 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 20:57 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 20:57 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 20:57 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 20:57 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 20:57 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 20:57 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-24 16:06 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 16:06 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 16:06 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 16:06 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 16:06 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 16:06 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 16:06 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-24 16:05 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-24 16:05 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-10 20:58 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-10 20:58 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-10 20:58 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-10 20:59 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-10 20:59 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-10 20:59 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-10 20:59 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-10 20:59 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-10 20:59 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-10 20:58 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-10 20:59 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-10 20:59 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-10 20:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-10 20:59 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-10 20:58 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-10 20:59 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-10 20:59 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-10 20:59 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-10 20:59 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-10 20:57 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-10 20:57 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-10 20:57 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-10 20:57 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-10 20:57 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-10 20:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-10 20:57 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 20:57 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-10 20:57 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-15 06:41 . 2012-06-05 20:03 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{191EE887-FD3D-475D-B361-2C4E14AC1796}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-10_03.12.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-27 03:02 . 2012-08-10 03:48 39922 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-10 22:13 46850 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-27 02:39 . 2012-08-10 22:13 17952 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2151100789-1728219138-4233174390-1000_UserData.bin
+ 2010-07-10 14:05 . 2012-08-10 03:22 4814 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-10 03:11 . 2012-08-10 03:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-10 22:11 . 2012-08-10 22:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-10 03:11 . 2012-08-10 03:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-10 22:11 . 2012-08-10 22:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-10 03:59 . 2012-08-10 03:59 227824 c:\windows\SysWOW64\javaws.exe
+ 2011-11-21 01:36 . 2012-08-10 03:59 174064 c:\windows\SysWOW64\javaw.exe
+ 2011-11-21 01:36 . 2012-08-10 03:59 174064 c:\windows\SysWOW64\java.exe
+ 2010-04-08 18:33 . 2012-08-10 21:24 701768 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 05:01 . 2012-08-10 03:11 424188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-10 22:10 424188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-10 03:58 . 2012-08-10 03:58 867328 c:\windows\Installer\52b70.msi
+ 2012-08-10 03:51 . 2012-08-10 03:51 908800 c:\windows\Installer\528e9.msi
- 2010-07-24 17:07 . 2012-08-02 03:47 7847484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2151100789-1728219138-4233174390-1000-12288.dat
+ 2010-07-24 17:07 . 2012-08-10 22:10 7847484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2151100789-1728219138-4233174390-1000-12288.dat
+ 2010-05-04 05:37 . 2012-08-10 22:10 15139860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2151100789-1728219138-4233174390-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MMTray"="c:\program files (x86)\Morgan\m3jpegV3\MMTray.exe" [2001-11-09 53248]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SBAMTray"="c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe" [2012-05-02 3050848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 136176]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-27 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4924336]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys [2012-04-14 61184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-21 834544]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-04-14 258304]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-26 57976]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-05-02 3289680]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-05-02 173920]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 69736]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-16 6952960]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2012-04-14 85248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 06:17]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 06:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\rrtnnnkd.default-1343624593791\
FF - prefs.js: browser.startup.homepage - www.gamefaqs.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2151100789-1728219138-4233174390-1000\Software\SecuROM\License information*]
"datasecu"=hex:72,1e,71,08,bf,71,21,f3,76,14,ed,b9,5e,d1,65,ab,31,3b,23,96,55,
a2,f6,80,c7,85,6f,1b,02,b0,de,27,c0,14,b9,00,34,9a,be,42,a3,66,ce,9c,bf,38,\
"rkeysecu"=hex:8f,9d,cf,56,d7,c4,9f,57,ca,4d,1b,df,80,84,af,bb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-10 23:41:51
ComboFix-quarantined-files.txt 2012-08-11 04:41
ComboFix2.txt 2012-08-10 03:18
.
Pre-Run: 20,283,330,560 bytes free
Post-Run: 20,098,674,688 bytes free
.
- - End Of File - - 3EF8AF71843B30351347B3BAA21E3F11

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 PM

Posted 11 August 2012 - 12:22 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 20
Java™ 6 Update 33
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 That One Ninja

That One Ninja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 11 August 2012 - 08:49 PM

My HikackThis posted this error before it scans:

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this fire, HijackThis may not be able to fix this.

If that happens, you need to edit the file yourself, To do this, click Start, Run and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Fine the line(s) HijackThis reports and delete them. Save the file as "hosts." (with quotes,) and reboot.



Other than that, the scans went smoothly and I now have Java 7. Computer still running well.



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.11.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joe :: JOE-PC [administrator]

8/11/2012 8:17:02 PM
mbam-log-2012-08-11 (20-20-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220644
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Joe\Downloads\VLC.exe (PUP.BundleOffers.IIQ) -> No action taken.

(end)


HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:46:13 PM, on 8/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Morgan\m3jpegV3\MMTray.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files (x86)\Morgan\m3jpegV3\MMTray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VIPRE Internet Security (SBAMSvc) - GFI Software - C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - GFI Software - C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12325 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 PM

Posted 11 August 2012 - 09:00 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [MMTray] "C:\Program Files (x86)\Morgan\m3jpegV3\MMTray.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 That One Ninja

That One Ninja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 12 August 2012 - 12:44 AM

The report from the scanner found 5 threats:


C:\Program Files (x86)\GFI Software\VIPRE\SBAMScanShellExt.dll Win32/KeyLogger.UltimateKeylogger.AD application
C:\Program Files (x86)\GFI Software\VIPRE\SBFE.DLL Win32/KeyLogger.UltimateKeylogger.AD application
C:\Qoobox\Quarantine\C\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000000.@.vir Win64/Sirefef.AL trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan
D:\Program Files (x86)\Steam\steamapps\common\DefenseGridTheAwakening\DefenseGrid.exe probably a variant of Win32/Statik application




It's odd that it thinks Defense Grid is a virus, because I don't think it really is one at all.

Edited by That One Ninja, 12 August 2012 - 12:49 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 PM

Posted 12 August 2012 - 12:52 AM

Greetings


Those are backup folders and false possitives and look good to me



Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 That One Ninja

That One Ninja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 12 August 2012 - 01:13 AM

Cool! Everything is back to normal!

Thank you for the help and everything! You're the best!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users