Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.hapilli IE re-direct.


  • This topic is locked This topic is locked
23 replies to this topic

#1 ICL

ICL

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 August 2012 - 11:16 AM

Hello Bleeping Computer forum wizards!

Unfortunately my office machine has been infected with a browser re-direct that MBAM listed as "trojan.hapilli". While a quick MBAM scan claimed to have found and deleted the file, the machine is still experiencing the same symptoms! A second, full MBAM scan yielded no results. This is very frustrating seeing as our lodge relies on a browser-based reservation system. Below and attached are all requested logs, as well as the first and second MBAM logs. Our group truly appreciates your help!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by office at 11:57:10 on 2012-08-05
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1791.398 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uSearch Bar = Preserve
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\office\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Local AppWizard-Generated Applications] RUNDLL32.EXE "c:\users\office\appdata\local\local appwizard-generated applications\czlxbwgp.dll",GetImporterInterface
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: microsoft.com\office
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1D3AD2AF-7CE8-4CBF-BB14-9CC91E843DF8} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AAD4C204-8619-4909-903E-F52160C918A9} : DhcpNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\office\appdata\roaming\mozilla\firefox\profiles\az41i5r8.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\users\office\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 171064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2012-6-26 1184312]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-5 40776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== Created Last 30 ================
.
2012-08-05 16:31:56 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b5789993-67e4-4049-8612-66a366155f94}\offreg.dll
2012-08-05 15:36:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-05 09:02:59 6891424 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b5789993-67e4-4049-8612-66a366155f94}\mpengine.dll
2012-08-04 15:18:53 6891424 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-03 21:57:30 -------- d-----w- c:\users\office\appdata\local\Local AppWizard-Generated Applications
2012-07-27 23:55:26 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-07-27 23:55:26 309352 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2012-07-27 23:55:26 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-07-21 06:44:27 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-07-21 06:44:27 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-07-21 06:44:27 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-07-21 06:44:27 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-07-21 06:44:26 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-21 06:21:55 758784 ----a-w- c:\windows\system32\cohelper.dll
2012-07-21 06:20:33 -------- d-----w- C:\NVIDIA
2012-07-21 04:39:17 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-07-21 04:38:18 -------- d-----w- c:\program files\CPUID
2012-07-21 04:32:22 73064 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-07-21 04:32:20 89960 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-07-21 04:12:41 -------- d-----w- c:\users\office\appdata\roaming\AVG2012
2012-07-21 04:03:36 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-21 04:03:36 -------- d-----w- c:\programdata\AVG2012
2012-07-21 04:02:59 -------- d-----w- c:\program files\AVG
2012-07-21 03:52:58 -------- d-----w- c:\programdata\MFAData
2012-07-21 03:51:51 -------- d-----w- c:\users\office\appdata\roaming\Malwarebytes
2012-07-21 03:51:23 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 03:51:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 03:51:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 03:44:01 -------- d-----w- c:\programdata\TightVNC
2012-07-21 03:44:01 -------- d-----w- c:\program files\TightVNC
2012-07-12 10:03:16 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 10:06:59 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 10:06:57 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 10:06:57 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 10:06:57 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 10:06:56 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 10:06:56 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-09 18:35:26 -------- d-----w- c:\users\office\appdata\roaming\Netgear Live Parental Controls
2012-07-09 18:35:21 -------- d-----w- c:\program files\NETGEAR Live Parental Controls Management Utility
.
==================== Find3M ====================
.
2012-08-02 21:01:17 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 21:01:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-28 16:06:48 60304 ----a-w- c:\users\office\g2mdlhlpx.exe
2012-06-25 23:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 11:58:12.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 08 August 2012 - 02:39 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ICL

ICL
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 10 August 2012 - 08:18 PM

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java™ 6 Update 20
Java version out of Date!
Adobe Flash Player 11.3.300.270
Adobe Reader X (10.1.3)
Mozilla Firefox (9.0.1)
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````




ComboFix 12-08-09.01 - office 08/10/2012 16:43:28.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1791.466 [GMT -7:00]
Running from: c:\users\office\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\LOG3910.tmp
C:\LOG3B3C.tmp
C:\LOG48B7.tmp
C:\LOG624B.tmp
C:\LOG96BD.tmp
C:\LOGEE85.tmp
c:\users\office\g2mdlhlpx.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 23:49 . 2012-08-10 23:49 -------- d-----w- c:\users\office\AppData\Local\temp
2012-08-10 23:49 . 2012-08-10 23:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 23:36 . 2012-08-10 23:36 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28863500-1F99-4709-9BD1-7AE69A9C96F3}\offreg.dll
2012-08-10 23:36 . 2012-08-10 23:36 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28863500-1F99-4709-9BD1-7AE69A9C96F3}\MpKsl0830a27b.sys
2012-08-10 15:47 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28863500-1F99-4709-9BD1-7AE69A9C96F3}\mpengine.dll
2012-08-10 08:38 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-03 21:57 . 2012-08-10 23:22 -------- d-----w- c:\users\office\AppData\Local\Local AppWizard-Generated Applications
2012-07-27 23:55 . 2010-12-30 07:01 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-07-27 23:55 . 2010-12-30 07:01 309352 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2012-07-27 23:55 . 2010-12-30 07:01 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-07-21 06:44 . 2012-02-10 03:00 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-07-21 06:44 . 2012-02-10 03:00 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-07-21 06:44 . 2012-02-10 03:00 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-07-21 06:44 . 2012-02-10 03:00 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-07-21 06:44 . 2012-02-10 03:00 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-21 06:36 . 2012-07-21 06:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-07-21 06:21 . 2010-03-05 01:04 758784 ----a-w- c:\windows\system32\cohelper.dll
2012-07-21 06:20 . 2012-07-21 06:20 -------- d-----w- C:\NVIDIA
2012-07-21 04:39 . 2012-07-21 04:39 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-07-21 04:38 . 2012-07-21 04:38 -------- d-----w- c:\program files\CPUID
2012-07-21 04:32 . 2011-09-23 00:18 73064 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-07-21 04:32 . 2011-09-23 00:18 89960 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-07-21 04:12 . 2012-07-21 04:12 -------- d-----w- c:\users\office\AppData\Roaming\AVG2012
2012-07-21 04:03 . 2012-08-10 23:25 -------- d-----w- c:\programdata\AVG2012
2012-07-21 04:03 . 2012-08-10 15:34 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-21 04:02 . 2012-07-21 04:02 -------- d-----w- c:\program files\AVG
2012-07-21 03:52 . 2012-08-10 15:34 -------- d-----w- c:\programdata\MFAData
2012-07-21 03:51 . 2012-07-21 03:51 -------- d-----w- c:\users\office\AppData\Roaming\Malwarebytes
2012-07-21 03:51 . 2012-07-21 03:51 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 03:51 . 2012-07-21 03:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 03:51 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 03:44 . 2012-07-21 03:44 -------- d-----w- c:\program files\TightVNC
2012-07-21 03:44 . 2012-07-21 03:44 -------- d-----w- c:\programdata\TightVNC
2012-07-12 10:03 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 21:01 . 2012-04-12 14:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 21:01 . 2011-05-28 17:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-05 16:47 . 2012-07-11 10:06 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 10:06 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 10:06 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 16:26 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 16:26 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 16:26 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 16:26 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 16:26 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 16:26 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 16:26 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 16:26 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-21 16:26 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 00:04 . 2012-07-11 10:06 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 10:06 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-02-12 18:31 . 2011-03-27 14:41 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2012-06-27 1184312]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-2-4 1155432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL0830A27B
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:01]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443676034-1561210261-3150399437-1000Core.job
- c:\users\office\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 23:08]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443676034-1561210261-3150399437-1000UA.job
- c:\users\office\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 23:08]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
Trusted Zone: microsoft.com\office
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\office\AppData\Roaming\Mozilla\Firefox\Profiles\az41i5r8.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-10 16:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-10 16:50:50
ComboFix-quarantined-files.txt 2012-08-10 23:50
.
Pre-Run: 52,078,194,688 bytes free
Post-Run: 53,193,338,880 bytes free
.
- - End Of File - - 8FAEB53605A715FFFB060667A360560C


After 20 or so quick searches it looks like my ills are cured! That is, unless you notice something in these logs that is suspicious. Let me know if you have any follow up advice. Thank you so so so much!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 10 August 2012 - 08:53 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 14 August 2012 - 12:21 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 ICL

ICL
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 14 August 2012 - 07:27 PM

I apologize Gringo, I did not see that you had replied to my post until today. I wasn't as vigilant as perhaps I should have been, simply because we haven't experienced the issue again so far. I'm not working until Friday, so I will respond to your post with logs from those tools then. Sorry again for the delay.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 14 August 2012 - 07:43 PM

I hope to see you then so we can finish this up and then we will be certain that you are clean




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ICL

ICL
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 17 August 2012 - 06:24 PM

Hello Gringo, here are the logs you requested.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-17 14:28:59
-----------------------------
14:28:59.804 OS Version: Windows 6.0.6002 Service Pack 2
14:28:59.804 Number of processors: 2 586 0x170A
14:28:59.805 ComputerName: OFFICE-PC UserName: office
14:29:00.796 Initialize success
14:29:15.462 AVAST engine download error: 0
14:29:28.979 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
14:29:28.982 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 11
14:29:29.000 Disk 0 MBR read successfully
14:29:29.003 Disk 0 MBR scan
14:29:29.006 Disk 0 Windows VISTA default MBR code
14:29:29.033 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
14:29:29.046 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 111349 MB offset 41945088
14:29:29.075 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20787 MB offset 270004448
14:29:29.081 Disk 0 scanning sectors +312578048
14:29:29.147 Disk 0 scanning C:\Windows\system32\drivers
14:29:34.377 Service scanning
14:29:39.369 Service MpKsl87859122 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{73557940-BF5E-4FE8-A6E7-C22CC5D74E6A}\MpKsl87859122.sys **LOCKED** 32
14:29:46.666 Modules scanning
14:29:50.832 Disk 0 trace - called modules:
14:29:50.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
14:29:50.866 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855f6ac8]
14:29:50.874 3 CLASSPNP.SYS[877ad8b3] -> nt!IofCallDriver -> [0x84c9ea80]
14:29:50.881 5 acpi.sys[8069d6bc] -> nt!IofCallDriver -> \Device\0000005e[0x8484b750]
14:29:50.889 Scan finished successfully
14:30:32.327 Disk 0 MBR has been saved successfully to "C:\Users\office\Desktop\anti malware tools\MBR.dat"
14:30:32.342 The log file has been saved successfully to "C:\Users\office\Desktop\anti malware tools\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-17 14:43:55
-----------------------------
14:43:55.658 OS Version: Windows 6.0.6002 Service Pack 2
14:43:55.658 Number of processors: 2 586 0x170A
14:43:55.659 ComputerName: OFFICE-PC UserName: office
14:43:56.173 Initialize success
14:45:18.943 AVAST engine defs: 12081701
14:46:48.889 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
14:46:48.892 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 11
14:46:48.925 Disk 0 MBR read successfully
14:46:48.929 Disk 0 MBR scan
14:46:49.146 Disk 0 Windows VISTA default MBR code
14:46:49.191 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
14:46:49.221 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 111349 MB offset 41945088
14:46:49.259 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20787 MB offset 270004448
14:46:49.300 Disk 0 scanning sectors +312578048
14:46:49.432 Disk 0 scanning C:\Windows\system32\drivers
14:47:20.554 Service scanning
14:47:33.470 Service MpKsl87859122 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{73557940-BF5E-4FE8-A6E7-C22CC5D74E6A}\MpKsl87859122.sys **LOCKED** 32
14:47:55.356 Modules scanning
14:48:14.061 Disk 0 trace - called modules:
14:48:14.103 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
14:48:14.111 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855f6ac8]
14:48:14.120 3 CLASSPNP.SYS[877ad8b3] -> nt!IofCallDriver -> [0x84c9ea80]
14:48:14.128 5 acpi.sys[8069d6bc] -> nt!IofCallDriver -> \Device\0000005e[0x8484b750]
14:48:15.000 AVAST engine scan C:\Windows
14:48:23.080 AVAST engine scan C:\Windows\system32
14:54:06.002 AVAST engine scan C:\Windows\system32\drivers
14:54:25.334 AVAST engine scan C:\Users\office
15:05:09.573 AVAST engine scan C:\ProgramData
15:07:51.327 Scan finished successfully
16:21:42.238 Disk 0 MBR has been saved successfully to "C:\Users\office\Desktop\anti malware tools\MBR.dat"
16:21:42.325 The log file has been saved successfully to "C:\Users\office\Desktop\anti malware tools\aswMBR.txt"


14:23:52.0160 3608 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
14:23:52.0252 3608 ============================================================
14:23:52.0252 3608 Current date / time: 2012/08/17 14:23:52.0252
14:23:52.0253 3608 SystemInfo:
14:23:52.0253 3608
14:23:52.0253 3608 OS Version: 6.0.6002 ServicePack: 2.0
14:23:52.0253 3608 Product type: Workstation
14:23:52.0253 3608 ComputerName: OFFICE-PC
14:23:52.0253 3608 UserName: office
14:23:52.0253 3608 Windows directory: C:\Windows
14:23:52.0253 3608 System windows directory: C:\Windows
14:23:52.0253 3608 Processor architecture: Intel x86
14:23:52.0253 3608 Number of processors: 2
14:23:52.0253 3608 Page size: 0x1000
14:23:52.0253 3608 Boot type: Normal boot
14:23:52.0253 3608 ============================================================
14:23:55.0711 3608 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:23:55.0753 3608 Drive \Device\Harddisk2\DR2 - Size: 0x7A0D1A00 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:23:55.0778 3608 Drive \Device\Harddisk5\DR5 - Size: 0x7A7F800 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:23:55.0781 3608 ============================================================
14:23:55.0781 3608 \Device\Harddisk0\DR0:
14:23:55.0819 3608 MBR partitions:
14:23:55.0819 3608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0xD97AA26
14:23:55.0819 3608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1017F0E0, BlocksNum 0x2899F20
14:23:55.0819 3608 \Device\Harddisk2\DR2:
14:23:55.0820 3608 MBR partitions:
14:23:55.0820 3608 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x3CF74B
14:23:55.0820 3608 \Device\Harddisk5\DR5:
14:23:55.0823 3608 MBR partitions:
14:23:55.0823 3608 ============================================================
14:23:56.0049 3608 D: <-> \Device\Harddisk0\DR0\Partition2
14:23:56.0146 3608 C: <-> \Device\Harddisk0\DR0\Partition1
14:23:56.0146 3608 ============================================================
14:23:56.0147 3608 Initialize success
14:23:56.0147 3608 ============================================================
14:23:58.0860 1588 ============================================================
14:23:58.0860 1588 Scan started
14:23:58.0860 1588 Mode: Manual;
14:23:58.0860 1588 ============================================================
14:24:05.0442 1588 ================ Scan services =============================
14:24:06.0275 1588 [ 82b296ae1892fe3dbee00c9cf92f8ac7 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:24:06.0279 1588 ACPI - ok
14:24:06.0420 1588 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:24:06.0422 1588 AdobeARMservice - ok
14:24:06.0474 1588 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:24:06.0624 1588 AdobeFlashPlayerUpdateSvc - ok
14:24:06.0825 1588 [ 04f0fcac69c7c71a3ac4eb97fafc8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:24:06.0831 1588 adp94xx - ok
14:24:06.0921 1588 [ 60505e0041f7751bdbb80f88bf45c2ce ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:24:06.0926 1588 adpahci - ok
14:24:06.0945 1588 [ 8a42779b02aec986eab64ecfc98f8bd7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:24:06.0947 1588 adpu160m - ok
14:24:06.0966 1588 [ 241c9e37f8ce45ef51c3de27515ca4e5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:24:06.0969 1588 adpu320 - ok
14:24:07.0020 1588 [ 9d1fda9e086ba64e3c93c9de32461bcf ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:24:07.0022 1588 AeLookupSvc - ok
14:24:07.0149 1588 [ 3911b972b55fea0478476b2e777b29fa ] AFD C:\Windows\system32\drivers\afd.sys
14:24:07.0154 1588 AFD - ok
14:24:07.0219 1588 [ 13f9e33747e6b41a3ff305c37db0d360 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:24:07.0221 1588 agp440 - ok
14:24:07.0267 1588 [ ae1fdf7bf7bb6c6a70f67699d880592a ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:24:07.0271 1588 aic78xx - ok
14:24:07.0292 1588 [ a1545b731579895d8cc44fc0481c1192 ] ALG C:\Windows\System32\alg.exe
14:24:07.0294 1588 ALG - ok
14:24:07.0313 1588 [ 9eaef5fc9b8e351afa7e78a6fae91f91 ] aliide C:\Windows\system32\drivers\aliide.sys
14:24:07.0314 1588 aliide - ok
14:24:07.0333 1588 [ c47344bc706e5f0b9dce369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:24:07.0334 1588 amdagp - ok
14:24:07.0351 1588 [ 9b78a39a4c173fdbc1321e0dd659b34c ] amdide C:\Windows\system32\drivers\amdide.sys
14:24:07.0353 1588 amdide - ok
14:24:07.0374 1588 [ 18f29b49ad23ecee3d2a826c725c8d48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:24:07.0376 1588 AmdK7 - ok
14:24:07.0391 1588 [ 93ae7f7dd54ab986a6f1a1b37be7442d ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:24:07.0393 1588 AmdK8 - ok
14:24:07.0453 1588 [ c6d704c7f0434dc791aac37cac4b6e14 ] Appinfo C:\Windows\System32\appinfo.dll
14:24:07.0455 1588 Appinfo - ok
14:24:07.0564 1588 [ 0fe769cae5855b53c90e23f85e7e89ff ] AppMgmt C:\Windows\System32\appmgmts.dll
14:24:07.0566 1588 AppMgmt - ok
14:24:07.0638 1588 [ 5d2888182fb46632511acee92fdad522 ] arc C:\Windows\system32\drivers\arc.sys
14:24:07.0652 1588 arc - ok
14:24:07.0730 1588 [ 5e2a321bd7c8b3624e41fdec3e244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:24:07.0731 1588 arcsas - ok
14:24:08.0011 1588 [ 776acefa0ca9df0faa51a5fb2f435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:24:08.0036 1588 aspnet_state - ok
14:24:08.0070 1588 [ 53b202abee6455406254444303e87be1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:24:08.0072 1588 AsyncMac - ok
14:24:08.0106 1588 [ 1f05b78ab91c9075565a9d8a4b880bc4 ] atapi C:\Windows\system32\drivers\atapi.sys
14:24:08.0107 1588 atapi - ok
14:24:08.0185 1588 [ 68e2a1a0407a66cf50da0300852424ab ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:24:08.0190 1588 AudioEndpointBuilder - ok
14:24:08.0220 1588 [ 68e2a1a0407a66cf50da0300852424ab ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:24:08.0222 1588 Audiosrv - ok
14:24:08.0977 1588 [ d67719bcfde5798f5c30d14efed3bcaf ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
14:24:09.0066 1588 AVGIDSAgent - ok
14:24:09.0107 1588 [ 1074f787080068c71303b61fae7e7ca4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
14:24:09.0110 1588 AVGIDSDriver - ok
14:24:09.0151 1588 [ 61a7e0b02f82cff3db2445bbe50b3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
14:24:09.0153 1588 AVGIDSFilter - ok
14:24:09.0185 1588 [ d63d83659eedf60b3a3e620281a888e5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
14:24:09.0186 1588 AVGIDSHX - ok
14:24:09.0200 1588 [ baf975b72062f53d327788e99d64197e ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
14:24:09.0201 1588 AVGIDSShim - ok
14:24:09.0262 1588 [ dda6a2a18841e4c9172bb85958b8d948 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
14:24:09.0265 1588 Avgldx86 - ok
14:24:09.0284 1588 [ ccdd61545aaea265977e4b1efdc74e8c ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
14:24:09.0285 1588 Avgmfx86 - ok
14:24:09.0382 1588 [ 1fd90b28d2c3100bf4500199c8ad6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
14:24:09.0384 1588 Avgrkx86 - ok
14:24:09.0444 1588 [ 1263f2554ace925c237a40b4c568d815 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
14:24:09.0449 1588 Avgtdix - ok
14:24:09.0549 1588 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
14:24:09.0551 1588 avgwd - ok
14:24:09.0638 1588 [ 67e506b75bd5326a3ec7b70bd014dfb6 ] Beep C:\Windows\system32\drivers\Beep.sys
14:24:09.0639 1588 Beep - ok
14:24:09.0773 1588 [ c789af0f724fda5852fb9a7d3a432381 ] BFE C:\Windows\System32\bfe.dll
14:24:09.0778 1588 BFE - ok
14:24:09.0891 1588 [ 93952506c6d67330367f7e7934b6a02f ] BITS C:\Windows\system32\qmgr.dll
14:24:09.0902 1588 BITS - ok
14:24:09.0938 1588 [ d4df28447741fd3d953526e33a617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:24:09.0940 1588 blbdrive - ok
14:24:09.0981 1588 [ 35f376253f687bde63976ccb3f2108ca ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:24:09.0983 1588 bowser - ok
14:24:10.0028 1588 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:24:10.0030 1588 BrFiltLo - ok
14:24:10.0055 1588 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:24:10.0056 1588 BrFiltUp - ok
14:24:10.0097 1588 [ a3629a0c4226f9e9c72faaeebc3ad33c ] Browser C:\Windows\System32\browser.dll
14:24:10.0099 1588 Browser - ok
14:24:10.0121 1588 [ b304e75cff293029eddf094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
14:24:10.0123 1588 Brserid - ok
14:24:10.0144 1588 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:24:10.0146 1588 BrSerWdm - ok
14:24:10.0169 1588 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:24:10.0171 1588 BrUsbMdm - ok
14:24:10.0194 1588 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:24:10.0196 1588 BrUsbSer - ok
14:24:10.0215 1588 [ ad07c1ec6665b8b35741ab91200c6b68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:24:10.0217 1588 BTHMODEM - ok
14:24:10.0314 1588 [ 248dfa5762dde38dfddbbd44149e9d7a ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
14:24:10.0316 1588 BVRPMPR5 - ok
14:24:11.0189 1588 [ e581146b4e24601d3b3c60e960de4e3b ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
14:24:11.0259 1588 CarboniteService - ok
14:24:11.0414 1588 catchme - ok
14:24:11.0452 1588 [ 7add03e75beb9e6dd102c3081d29840a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:24:11.0454 1588 cdfs - ok
14:24:11.0510 1588 [ 6b4bffb9becd728097024276430db314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:24:11.0511 1588 cdrom - ok
14:24:11.0554 1588 [ 312ec3e37a0a1f2006534913e37b4423 ] CertPropSvc C:\Windows\System32\certprop.dll
14:24:11.0555 1588 CertPropSvc - ok
14:24:11.0569 1588 [ e5d4133f37219dbcfe102bc61072589d ] circlass C:\Windows\system32\drivers\circlass.sys
14:24:11.0570 1588 circlass - ok
14:24:11.0614 1588 [ d7659d3b5b92c31e84e53c1431f35132 ] CLFS C:\Windows\system32\CLFS.sys
14:24:11.0618 1588 CLFS - ok
14:24:11.0733 1588 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:24:11.0735 1588 clr_optimization_v2.0.50727_32 - ok
14:24:11.0806 1588 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:24:11.0865 1588 clr_optimization_v4.0.30319_32 - ok
14:24:11.0905 1588 [ 0ca25e686a4928484e9fdabd168ab629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:24:11.0907 1588 cmdide - ok
14:24:11.0935 1588 [ 6afef0b60fa25de07c0968983ee4f60a ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:24:11.0937 1588 Compbatt - ok
14:24:11.0944 1588 COMSysApp - ok
14:24:11.0967 1588 cpuz135 - ok
14:24:12.0025 1588 [ 741e9dff4f42d2d8477d0fc1dc0df871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:24:12.0027 1588 crcdisk - ok
14:24:12.0053 1588 [ 1f07becdca750766a96cda811ba86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
14:24:12.0054 1588 Crusoe - ok
14:24:12.0149 1588 [ 75c6a297e364014840b48eccd7525e30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:24:12.0153 1588 CryptSvc - ok
14:24:12.0214 1588 [ 9bdb2e89be8d0ef37b1f25c3d3fc192c ] CSC C:\Windows\system32\drivers\csc.sys
14:24:12.0220 1588 CSC - ok
14:24:12.0332 1588 [ 0a2095f92f6ae4fe6484d911b0c21e95 ] CscService C:\Windows\System32\cscsvc.dll
14:24:12.0338 1588 CscService - ok
14:24:12.0460 1588 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:24:12.0469 1588 DcomLaunch - ok
14:24:12.0524 1588 [ 622c41a07ca7e6dd91770f50d532cb6c ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:24:12.0526 1588 DfsC - ok
14:24:12.0909 1588 [ 2cc3dcfb533a1035b13dcab6160ab38b ] DFSR C:\Windows\system32\DFSR.exe
14:24:12.0935 1588 DFSR - ok
14:24:13.0061 1588 [ 9028559c132146fb75eb7acf384b086a ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:24:13.0065 1588 Dhcp - ok
14:24:13.0093 1588 [ 5d4aefc3386920236a548271f8f1af6a ] disk C:\Windows\system32\drivers\disk.sys
14:24:13.0095 1588 disk - ok
14:24:13.0157 1588 [ 57d762f6f5974af0da2be88a3349baaa ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:24:13.0159 1588 Dnscache - ok
14:24:13.0212 1588 [ 324fd74686b1ef5e7c19a8af49e748f6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:24:13.0215 1588 dot3svc - ok
14:24:13.0322 1588 [ 4f59c172c094e1a1d46463a8dc061cbd ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:24:13.0325 1588 Dot4 - ok
14:24:13.0348 1588 [ 80bf3ba09f6f2523c8f6b7cc6dbf7bd5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:24:13.0349 1588 Dot4Print - ok
14:24:13.0367 1588 [ c55004ca6b419b6695970dfe849b122f ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:24:13.0369 1588 dot4usb - ok
14:24:13.0454 1588 [ a622e888f8aa2f6b49e9bc466f0e5def ] DPS C:\Windows\system32\dps.dll
14:24:13.0456 1588 DPS - ok
14:24:13.0531 1588 [ 97fef831ab90bee128c9af390e243f80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:24:13.0533 1588 drmkaud - ok
14:24:13.0680 1588 [ c68ac676b0ef30cfbb1080adce49eb1f ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:24:13.0689 1588 DXGKrnl - ok
14:24:13.0736 1588 [ 5425f74ac0c1dbd96a1e04f17d63f94c ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:24:13.0738 1588 E1G60 - ok
14:24:13.0819 1588 [ c0b95e40d85cd807d614e264248a45b9 ] EapHost C:\Windows\System32\eapsvc.dll
14:24:13.0821 1588 EapHost - ok
14:24:13.0874 1588 [ 7f64ea048dcfac7acf8b4d7b4e6fe371 ] Ecache C:\Windows\system32\drivers\ecache.sys
14:24:13.0877 1588 Ecache - ok
14:24:13.0971 1588 [ 23b62471681a124889978f6295b3f4c6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:24:13.0976 1588 elxstor - ok
14:24:14.0099 1588 [ 4e6b23dfc917ea39306b529b773950f4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:24:14.0107 1588 EMDMgmt - ok
14:24:14.0125 1588 [ 3db974f3935483555d7148663f726c61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:24:14.0126 1588 ErrDev - ok
14:24:14.0247 1588 [ 67058c46504bc12d821f38cf99b7b28f ] EventSystem C:\Windows\system32\es.dll
14:24:14.0251 1588 EventSystem - ok
14:24:14.0298 1588 [ 22b408651f9123527bcee54b4f6c5cae ] exfat C:\Windows\system32\drivers\exfat.sys
14:24:14.0301 1588 exfat - ok
14:24:14.0364 1588 [ 1e9b9a70d332103c52995e957dc09ef8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:24:14.0367 1588 fastfat - ok
14:24:14.0475 1588 [ dfba0f60fa301e5b1bfb1403a93ee23e ] Fax C:\Windows\system32\fxssvc.exe
14:24:14.0482 1588 Fax - ok
14:24:14.0571 1588 [ afe1e8b9782a0dd7fb46bbd88e43f89a ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:24:14.0572 1588 fdc - ok
14:24:14.0596 1588 [ 6629b5f0e98151f4afdd87567ea32ba3 ] fdPHost C:\Windows\system32\fdPHost.dll
14:24:14.0597 1588 fdPHost - ok
14:24:14.0629 1588 [ 89ed56dce8e47af40892778a5bd31fd2 ] FDResPub C:\Windows\system32\fdrespub.dll
14:24:14.0630 1588 FDResPub - ok
14:24:14.0683 1588 [ a8c0139a884861e3aae9cfe73b208a9f ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:24:14.0685 1588 FileInfo - ok
14:24:14.0701 1588 [ 0ae429a696aecbc5970e3cf2c62635ae ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:24:14.0702 1588 Filetrace - ok
14:24:14.0724 1588 [ 85b7cf99d532820495d68d747fda9ebd ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:24:14.0726 1588 flpydisk - ok
14:24:14.0781 1588 [ 01334f9ea68e6877c4ef05d3ea8abb05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:24:14.0784 1588 FltMgr - ok
14:24:14.0956 1588 [ 8ce364388c8eca59b14b539179276d44 ] FontCache C:\Windows\system32\FntCache.dll
14:24:14.0968 1588 FontCache - ok
14:24:15.0178 1588 [ c7fbdd1ed42f82bfa35167a5c9803ea3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:24:15.0183 1588 FontCache3.0.0.0 - ok
14:24:15.0372 1588 [ 7dff82acdab23414abc2a95fef8982f8 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
14:24:15.0377 1588 ForceWare Intelligent Application Manager (IAM) - ok
14:24:15.0411 1588 [ b972a66758577e0bfd1de0f91aaa27b5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:24:15.0412 1588 Fs_Rec - ok
14:24:15.0440 1588 [ 34582a6e6573d54a07ece5fe24a126b5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:24:15.0442 1588 gagp30kx - ok
14:24:15.0566 1588 [ cd5d0aeee35dfd4e986a5aa1500a6e66 ] gpsvc C:\Windows\System32\gpsvc.dll
14:24:15.0574 1588 gpsvc - ok
14:24:15.0661 1588 [ c1b577b2169900f4cf7190c39f085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:24:15.0664 1588 gusvc - ok
14:24:15.0706 1588 [ 3f90e001369a07243763bd5a523d8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:24:15.0710 1588 HdAudAddService - ok
14:24:15.0800 1588 [ 062452b7ffd68c8c042a6261fe8dff4a ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:24:15.0908 1588 HDAudBus - ok
14:24:15.0937 1588 [ 1338520e78d90154ed6be8f84de5fceb ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:24:15.0953 1588 HidBth - ok
14:24:15.0987 1588 [ ff3160c3a2445128c5a6d9b076da519e ] HidIr C:\Windows\system32\drivers\hidir.sys
14:24:15.0989 1588 HidIr - ok
14:24:16.0030 1588 [ 84067081f3318162797385e11a8f0582 ] hidserv C:\Windows\System32\hidserv.dll
14:24:16.0031 1588 hidserv - ok
14:24:16.0074 1588 [ cca4b519b17e23a00b826c55716809cc ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:24:16.0088 1588 HidUsb - ok
14:24:16.0120 1588 [ d8ad255b37da92434c26e4876db7d418 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:24:16.0122 1588 hkmsvc - ok
14:24:16.0149 1588 [ 16ee7b23a009e00d835cdb79574a91a6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:24:16.0151 1588 HpCISSs - ok
14:24:16.0291 1588 [ ce0fcec4d4d860f36d972759b11eaf0f ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:24:16.0294 1588 hpqcxs08 - ok
14:24:16.0338 1588 [ 7da3211ac63edd90b8eca1ca1abfd43b ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:24:16.0341 1588 hpqddsvc - ok
14:24:16.0439 1588 [ 14229263aa19c704e0d6d2e7404a8455 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
14:24:16.0447 1588 HPSLPSVC - ok
14:24:16.0558 1588 [ f870aa3e254628ebeafe754108d664de ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:24:16.0563 1588 HTTP - ok
14:24:16.0620 1588 [ c6b032d69650985468160fc9937cf5b4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:24:16.0622 1588 i2omp - ok
14:24:16.0678 1588 [ 22d56c8184586b7a1f6fa60be5f5a2bd ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:24:16.0680 1588 i8042prt - ok
14:24:16.0746 1588 [ 54155ea1b0df185878e0fc9ec3ac3a14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:24:16.0749 1588 iaStorV - ok
14:24:17.0004 1588 [ 98477b08e61945f974ed9fdc4cb6bdab ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:24:17.0017 1588 idsvc - ok
14:24:17.0039 1588 [ 2d077bf86e843f901d8db709c95b49a5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:24:17.0040 1588 iirsp - ok
14:24:17.0125 1588 [ 9908d8a397b76cd8d31d0d383c5773c9 ] IKEEXT C:\Windows\System32\ikeext.dll
14:24:17.0131 1588 IKEEXT - ok
14:24:17.0207 1588 [ 83aa759f3189e6370c30de5dc5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
14:24:17.0208 1588 intelide - ok
14:24:17.0258 1588 [ 224191001e78c89dfa78924c3ea595ff ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:24:17.0258 1588 intelppm - ok
14:24:17.0316 1588 [ 9ac218c6e6105477484c6fdbe7d409a4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:24:17.0318 1588 IPBusEnum - ok
14:24:17.0343 1588 [ 62c265c38769b864cb25b4bcf62df6c3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:24:17.0344 1588 IpFilterDriver - ok
14:24:17.0397 1588 [ 1998bd97f950680bb55f55a7244679c2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:24:17.0401 1588 iphlpsvc - ok
14:24:17.0406 1588 IpInIp - ok
14:24:17.0427 1588 [ b25aaf203552b7b3491139d582b39ad1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:24:17.0429 1588 IPMIDRV - ok
14:24:17.0449 1588 [ 8793643a67b42cec66490b2a0cf92d68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:24:17.0452 1588 IPNAT - ok
14:24:17.0470 1588 [ 109c0dfb82c3632fbd11949b73aeeac9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:24:17.0472 1588 IRENUM - ok
14:24:17.0504 1588 [ 6c70698a3e5c4376c6ab5c7c17fb0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:24:17.0505 1588 isapnp - ok
14:24:17.0575 1588 [ 232fa340531d940aac623b121a595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:24:17.0577 1588 iScsiPrt - ok
14:24:17.0599 1588 [ bced60d16156e428f8df8cf27b0df150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:24:17.0600 1588 iteatapi - ok
14:24:17.0692 1588 [ 06fa654504a498c30adca8bec4e87e7e ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:24:17.0694 1588 iteraid - ok
14:24:17.0706 1588 [ 37605e0a8cf00cbba538e753e4344c6e ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:24:17.0707 1588 kbdclass - ok
14:24:17.0731 1588 [ ede59ec70e25c24581add1fbec7325f7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:24:17.0732 1588 kbdhid - ok
14:24:17.0779 1588 [ a3e186b4b935905b829219502557314e ] KeyIso C:\Windows\system32\lsass.exe
14:24:17.0781 1588 KeyIso - ok
14:24:17.0873 1588 [ 566c5fd480fdbce3ba5cf9fbcffaea9a ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
14:24:17.0917 1588 KMWDFILTER - ok
14:24:18.0020 1588 [ 4a1445efa932a3baf5bdb02d7131ee20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:24:18.0027 1588 KSecDD - ok
14:24:18.0272 1588 [ 8078f8f8f7a79e2e6b494523a828c585 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:24:18.0277 1588 KtmRm - ok
14:24:18.0310 1588 [ 1bf5eebfd518dd7298434d8c862f825d ] LanmanServer C:\Windows\System32\srvsvc.dll
14:24:18.0314 1588 LanmanServer - ok
14:24:18.0348 1588 [ 1db69705b695b987082c8baec0c6b34f ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:24:18.0352 1588 LanmanWorkstation - ok
14:24:18.0376 1588 [ d1c5883087a0c3f1344d9d55a44901f6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:24:18.0378 1588 lltdio - ok
14:24:18.0441 1588 [ 2d5a428872f1442631d0959a34abff63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:24:18.0445 1588 lltdsvc - ok
14:24:18.0469 1588 [ 35d40113e4a5b961b6ce5c5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:24:18.0471 1588 lmhosts - ok
14:24:18.0525 1588 [ c7e15e82879bf3235b559563d4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:24:18.0527 1588 LSI_FC - ok
14:24:18.0540 1588 [ ee01ebae8c9bf0fa072e0ff68718920a ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:24:18.0542 1588 LSI_SAS - ok
14:24:18.0571 1588 [ 912a04696e9ca30146a62afa1463dd5c ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:24:18.0573 1588 LSI_SCSI - ok
14:24:18.0593 1588 [ 8f5c7426567798e62a3b3614965d62cc ] luafv C:\Windows\system32\drivers\luafv.sys
14:24:18.0595 1588 luafv - ok
14:24:18.0735 1588 [ 11f714f85530a2bd134074dc30e99fca ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
14:24:18.0740 1588 MDM - ok
14:24:18.0805 1588 [ 0001ce609d66632fa17b84705f658879 ] megasas C:\Windows\system32\drivers\megasas.sys
14:24:18.0807 1588 megasas - ok
14:24:18.0976 1588 [ c252f32cd9a49dbfc25ecf26ebd51a99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:24:18.0981 1588 MegaSR - ok
14:24:19.0022 1588 [ 1076ffcffaae8385fd62dfcb25ac4708 ] MMCSS C:\Windows\system32\mmcss.dll
14:24:19.0024 1588 MMCSS - ok
14:24:19.0047 1588 [ e13b5ea0f51ba5b1512ec671393d09ba ] Modem C:\Windows\system32\drivers\modem.sys
14:24:19.0049 1588 Modem - ok
14:24:19.0088 1588 [ 0a9bb33b56e294f686abb7c1e4e2d8a8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:24:19.0089 1588 monitor - ok
14:24:19.0131 1588 [ 5bf6a1326a335c5298477754a506d263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:24:19.0133 1588 mouclass - ok
14:24:19.0153 1588 [ 93b8d4869e12cfbe663915502900876f ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:24:19.0155 1588 mouhid - ok
14:24:19.0177 1588 [ bdafc88aa6b92f7842416ea6a48e1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:24:19.0178 1588 MountMgr - ok
14:24:19.0290 1588 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:24:19.0292 1588 MpFilter - ok
14:24:19.0375 1588 [ 511d011289755dd9f9a7579fb0b064e6 ] mpio C:\Windows\system32\drivers\mpio.sys
14:24:19.0377 1588 mpio - ok
14:24:19.0398 1588 [ 22241feba9b2defa669c8cb0a8dd7d2e ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:24:19.0401 1588 mpsdrv - ok
14:24:19.0482 1588 [ 5de62c6e9108f14f6794060a9bdecaec ] MpsSvc C:\Windows\system32\mpssvc.dll
14:24:19.0488 1588 MpsSvc - ok
14:24:19.0535 1588 [ 4fbbb70d30fd20ec51f80061703b001e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:24:19.0633 1588 Mraid35x - ok
14:24:19.0683 1588 [ 82cea0395524aacfeb58ba1448e8325c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:24:19.0686 1588 MRxDAV - ok
14:24:19.0735 1588 [ 1e94971c4b446ab2290deb71d01cf0c2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:24:19.0738 1588 mrxsmb - ok
14:24:19.0808 1588 [ 4fccb34d793b116423209c0f8b7a3b03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:24:19.0812 1588 mrxsmb10 - ok
14:24:19.0827 1588 [ c3cb1b40ad4a0124d617a1199b0b9d7c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:24:19.0829 1588 mrxsmb20 - ok
14:24:19.0862 1588 [ 28023e86f17001f7cd9b15a5bc9ae07d ] msahci C:\Windows\system32\drivers\msahci.sys
14:24:19.0863 1588 msahci - ok
14:24:19.0885 1588 [ 4468b0f385a86ecddaf8d3ca662ec0e7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:24:19.0888 1588 msdsm - ok
14:24:19.0924 1588 [ fd7520cc3a80c5fc8c48852bb24c6ded ] MSDTC C:\Windows\System32\msdtc.exe
14:24:19.0927 1588 MSDTC - ok
14:24:19.0951 1588 [ a9927f4a46b816c92f461acb90cf8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:24:19.0953 1588 Msfs - ok
14:24:19.0994 1588 [ 0f400e306f385c56317357d6dea56f62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:24:19.0995 1588 msisadrv - ok
14:24:20.0035 1588 [ 85466c0757a23d9a9aecdc0755203cb2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:24:20.0038 1588 MSiSCSI - ok
14:24:20.0044 1588 msiserver - ok
14:24:20.0105 1588 [ d8c63d34d9c9e56c059e24ec7185cc07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:24:20.0106 1588 MSKSSRV - ok
14:24:20.0197 1588 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:24:20.0197 1588 MsMpSvc - ok
14:24:20.0259 1588 [ 1d373c90d62ddb641d50e55b9e78d65e ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:24:20.0260 1588 MSPCLOCK - ok
14:24:20.0302 1588 [ b572da05bf4e098d4bba3a4734fb505b ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:24:20.0304 1588 MSPQM - ok
14:24:20.0338 1588 [ b49456d70555de905c311bcda6ec6adb ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:24:20.0341 1588 MsRPC - ok
14:24:20.0363 1588 [ e384487cb84be41d09711c30ca79646c ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:24:20.0364 1588 mssmbios - ok
14:24:20.0470 1588 MSSQL$SQLEXPRESS - ok
14:24:20.0556 1588 [ f1761c8fb2b25a32c6d63e36bb88c3ae ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
14:24:20.0557 1588 MSSQLServerADHelper100 - ok
14:24:20.0614 1588 [ 7199c1eec1e4993caf96b8c0a26bd58a ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:24:20.0616 1588 MSTEE - ok
14:24:20.0645 1588 [ 6a57b5733d4cb702c8ea4542e836b96c ] Mup C:\Windows\system32\Drivers\mup.sys
14:24:20.0647 1588 Mup - ok
14:24:20.0719 1588 [ e4eaf0c5c1b41b5c83386cf212ca9584 ] napagent C:\Windows\system32\qagentRT.dll
14:24:20.0725 1588 napagent - ok
14:24:20.0770 1588 [ 85c44fdff9cf7e72a40dcb7ec06a4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:24:20.0772 1588 NativeWifiP - ok
14:24:20.0877 1588 [ 1357274d1883f68300aeadd15d7bbb42 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:24:20.0884 1588 NDIS - ok
14:24:20.0913 1588 [ 0e186e90404980569fb449ba7519ae61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:24:20.0915 1588 NdisTapi - ok
14:24:20.0950 1588 [ d6973aa34c4d5d76c0430b181c3cd389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:24:20.0952 1588 Ndisuio - ok
14:24:21.0035 1588 [ 818f648618ae34f729fdb47ec68345c3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:24:21.0039 1588 NdisWan - ok
14:24:21.0097 1588 [ 71dab552b41936358f3b541ae5997fb3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:24:21.0113 1588 NDProxy - ok
14:24:21.0198 1588 [ 2969d26eee289be7422aa46fc55f4e38 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:24:21.0200 1588 Net Driver HPZ12 - ok
14:24:21.0286 1588 [ bcd093a5a6777cf626434568dc7dba78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:24:21.0288 1588 NetBIOS - ok
14:24:21.0368 1588 [ ecd64230a59cbd93c85f1cd1cab9f3f6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:24:21.0371 1588 netbt - ok
14:24:21.0396 1588 [ a3e186b4b935905b829219502557314e ] Netlogon C:\Windows\system32\lsass.exe
14:24:21.0398 1588 Netlogon - ok
14:24:21.0437 1588 [ c8052711daecc48b982434c5116ca401 ] Netman C:\Windows\System32\netman.dll
14:24:21.0442 1588 Netman - ok
14:24:21.0595 1588 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:24:21.0598 1588 NetMsmqActivator - ok
14:24:21.0609 1588 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:24:21.0610 1588 NetPipeActivator - ok
14:24:21.0667 1588 [ 2ef3bbe22e5a5acd1428ee387a0d0172 ] netprofm C:\Windows\System32\netprofm.dll
14:24:21.0671 1588 netprofm - ok
14:24:21.0682 1588 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:24:21.0683 1588 NetTcpActivator - ok
14:24:21.0694 1588 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:24:21.0695 1588 NetTcpPortSharing - ok
14:24:21.0728 1588 [ 2e7fb731d4790a1bc6270accefacb36e ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:24:21.0730 1588 nfrd960 - ok
14:24:21.0775 1588 [ b52f26bade7d7e4a79706e3fd91834cd ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:24:21.0777 1588 NisDrv - ok
14:24:21.0906 1588 [ 290c0d4c4889398797f8df3be00b9698 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
14:24:21.0910 1588 NisSrv - ok
14:24:21.0968 1588 [ 2997b15415f9bbe05b5a4c1c85e0c6a2 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:24:21.0971 1588 NlaSvc - ok
14:24:22.0006 1588 [ d36f239d7cce1931598e8fb90a0dbc26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:24:22.0008 1588 Npfs - ok
14:24:22.0078 1588 [ 8bb86f0c7eea2bded6fe095d0b4ca9bd ] nsi C:\Windows\system32\nsisvc.dll
14:24:22.0080 1588 nsi - ok
14:24:22.0111 1588 [ 609773e344a97410ce4ebf74a8914fcf ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:24:22.0113 1588 nsiproxy - ok
14:24:22.0201 1588 [ 198ff60a42802c319fba58fdb13eee49 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
14:24:22.0204 1588 nSvcIp - ok
14:24:22.0400 1588 [ 6a4a98cee84cf9e99564510dda4baa47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:24:22.0415 1588 Ntfs - ok
14:24:22.0445 1588 [ e875c093aec0c978a90f30c9e0dfbb72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:24:22.0446 1588 ntrigdigi - ok
14:24:22.0463 1588 [ c5dbbcda07d780bda9b685df333bb41e ] Null C:\Windows\system32\drivers\Null.sys
14:24:22.0465 1588 Null - ok
14:24:22.0601 1588 [ 84427c3b7488bd05d89d86163401b3ec ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:24:22.0605 1588 NVENETFD - ok
14:24:24.0079 1588 [ f452e6ad3eda2852f44be492e283c40f ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:24:24.0299 1588 nvlddmkm - ok
14:24:24.0418 1588 [ 84427c3b7488bd05d89d86163401b3ec ] NVNET C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:24:24.0422 1588 NVNET - ok
14:24:24.0462 1588 [ 2edf9e7751554b42cbb60116de727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:24:24.0465 1588 nvraid - ok
14:24:24.0487 1588 [ abed0c09758d1d97db0042dbb2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:24:24.0489 1588 nvstor - ok
14:24:24.0577 1588 [ 97778c3cb3af6b2243648d0dcd4d8916 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
14:24:24.0579 1588 nvstor32 - ok
14:24:24.0704 1588 [ 70145ade9efe2ce296dd5fc761b4969b ] nvsvc C:\Windows\system32\nvvsvc.exe
14:24:24.0714 1588 nvsvc - ok
14:24:24.0732 1588 [ 18bbdf913916b71bd54575bdb6eeac0b ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:24:24.0734 1588 nv_agp - ok
14:24:24.0740 1588 NwlnkFlt - ok
14:24:24.0747 1588 NwlnkFwd - ok
14:24:24.0797 1588 [ 6f310e890d46e246e0e261a63d9b36b4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:24:24.0798 1588 ohci1394 - ok
14:24:24.0860 1588 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:24:24.0862 1588 ose - ok
14:24:24.0965 1588 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:24:24.0976 1588 p2pimsvc - ok
14:24:25.0083 1588 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2psvc C:\Windows\system32\p2psvc.dll
14:24:25.0088 1588 p2psvc - ok
14:24:25.0132 1588 [ 0fa9b5055484649d63c303fe404e5f4d ] Parport C:\Windows\system32\drivers\parport.sys
14:24:25.0134 1588 Parport - ok
14:24:25.0185 1588 [ b9c2b89f08670e159f7181891e449cd9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:24:25.0187 1588 partmgr - ok
14:24:25.0207 1588 [ 4f9a6a8a31413180d0fcb279ad5d8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:24:25.0209 1588 Parvdm - ok
14:24:25.0239 1588 [ c6276ad11f4bb49b58aa1ed88537f14a ] PcaSvc C:\Windows\System32\pcasvc.dll
14:24:25.0241 1588 PcaSvc - ok
14:24:25.0285 1588 [ 941dc1d19e7e8620f40bbc206981efdb ] pci C:\Windows\system32\drivers\pci.sys
14:24:25.0288 1588 pci - ok
14:24:25.0331 1588 [ 1636d43f10416aeb483bc6001097b26c ] pciide C:\Windows\system32\drivers\pciide.sys
14:24:25.0333 1588 pciide - ok
14:24:25.0365 1588 [ e6f3fb1b86aa519e7698ad05e58b04e5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:24:25.0367 1588 pcmcia - ok
14:24:25.0544 1588 [ 6349f6ed9c623b44b52ea3c63c831a92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:24:25.0557 1588 PEAUTH - ok
14:24:25.0853 1588 [ b1689df169143f57053f795390c99db3 ] pla C:\Windows\system32\pla.dll
14:24:25.0874 1588 pla - ok
14:24:25.0919 1588 [ c5e7f8a996ec0a82d508fd9064a5569e ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:24:25.0924 1588 PlugPlay - ok
14:24:25.0980 1588 [ bafc9706bdf425a02b66468ab2605c59 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:24:25.0982 1588 Pml Driver HPZ12 - ok
14:24:26.0081 1588 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:24:26.0086 1588 PNRPAutoReg - ok
14:24:26.0112 1588 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:24:26.0119 1588 PNRPsvc - ok
14:24:26.0190 1588 [ d0494460421a03cd5225cca0059aa146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:24:26.0197 1588 PolicyAgent - ok
14:24:26.0240 1588 [ ecfffaec0c1ecd8dbc77f39070ea1db1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:24:26.0242 1588 PptpMiniport - ok
14:24:26.0262 1588 [ 2027293619dd0f047c584cf2e7df4ffd ] Processor C:\Windows\system32\drivers\processr.sys
14:24:26.0264 1588 Processor - ok
14:24:26.0293 1588 [ 0508faa222d28835310b7bfca7a77346 ] ProfSvc C:\Windows\system32\profsvc.dll
14:24:26.0297 1588 ProfSvc - ok
14:24:26.0313 1588 [ a3e186b4b935905b829219502557314e ] ProtectedStorage C:\Windows\system32\lsass.exe
14:24:26.0315 1588 ProtectedStorage - ok
14:24:26.0410 1588 [ 99514faa8df93d34b5589187db3aa0ba ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:24:26.0413 1588 PSched - ok
14:24:26.0651 1588 [ ee46f431b25c14778d2e89d6f10f1d65 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
14:24:26.0652 1588 QBCFMonitorService - ok
14:24:26.0714 1588 [ 6bee1814470dc12fa20c53dfc3c97ebb ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
14:24:26.0716 1588 QBFCService - ok
14:24:26.0995 1588 [ 0a6db55afb7820c99aa1f3a1d270f4f6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:24:27.0009 1588 ql2300 - ok
14:24:27.0031 1588 [ 81a7e5c076e59995d54bc1ed3a16e60b ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:24:27.0034 1588 ql40xx - ok
14:24:27.0132 1588 [ e9ecae663f47e6cb43962d18ab18890f ] QWAVE C:\Windows\system32\qwave.dll
14:24:27.0137 1588 QWAVE - ok
14:24:27.0162 1588 [ 9f5e0e1926014d17486901c88eca2db7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:24:27.0164 1588 QWAVEdrv - ok
14:24:27.0182 1588 [ 147d7f9c556d259924351feb0de606c3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:24:27.0184 1588 RasAcd - ok
14:24:27.0233 1588 [ f6a452eb4ceadbb51c9e0ee6b3ecef0f ] RasAuto C:\Windows\System32\rasauto.dll
14:24:27.0236 1588 RasAuto - ok
14:24:27.0262 1588 [ a214adbaf4cb47dd2728859ef31f26b0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:24:27.0264 1588 Rasl2tp - ok
14:24:27.0330 1588 [ 75d47445d70ca6f9f894b032fbc64fcf ] RasMan C:\Windows\System32\rasmans.dll
14:24:27.0335 1588 RasMan - ok
14:24:27.0365 1588 [ 509a98dd18af4375e1fc40bc175f1def ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:24:27.0366 1588 RasPppoe - ok
14:24:27.0383 1588 [ 2005f4a1e05fa09389ac85840f0a9e4d ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:24:27.0385 1588 RasSstp - ok
14:24:27.0437 1588 [ b14c9d5b9add2f84f70570bbbfaa7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:24:27.0441 1588 rdbss - ok
14:24:27.0472 1588 [ 89e59be9a564262a3fb6c4f4f1cd9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:24:27.0474 1588 RDPCDD - ok
14:24:27.0551 1588 [ 943b18305eae3935598a9b4a3d560b4c ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
14:24:27.0555 1588 rdpdr - ok
14:24:27.0567 1588 [ 9d91fe5286f748862ecffa05f8a0710c ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:24:27.0568 1588 RDPENCDD - ok
14:24:27.0657 1588 [ c127ebd5afab31524662c48dfceb773a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:24:27.0660 1588 RDPWD - ok
14:24:27.0712 1588 [ bcdd6b4804d06b1f7ebf29e53a57ece9 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:24:27.0715 1588 RemoteAccess - ok
14:24:27.0744 1588 [ 9e6894ea18daff37b63e1005f83ae4ab ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:24:27.0747 1588 RemoteRegistry - ok
14:24:27.0787 1588 [ 5123f83cbc4349d065534eeb6bbdc42b ] RpcLocator C:\Windows\system32\locator.exe
14:24:27.0789 1588 RpcLocator - ok
14:24:27.0841 1588 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] RpcSs C:\Windows\system32\rpcss.dll
14:24:27.0846 1588 RpcSs - ok
14:24:27.0950 1588 [ 6a7360e36cbd636972aeef0dd292a946 ] RsFx0105 C:\Windows\system32\DRIVERS\RsFx0105.sys
14:24:27.0954 1588 RsFx0105 - ok
14:24:27.0977 1588 [ 9c508f4074a39e8b4b31d27198146fad ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:24:27.0978 1588 rspndr - ok
14:24:28.0103 1588 [ fa43357fa184dab79edc6c0316603588 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
14:24:28.0107 1588 RTL8169 - ok
14:24:28.0121 1588 [ a3e186b4b935905b829219502557314e ] SamSs C:\Windows\system32\lsass.exe
14:24:28.0123 1588 SamSs - ok
14:24:28.0143 1588 [ 3ce8f073a557e172b330109436984e30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:24:28.0145 1588 sbp2port - ok
14:24:28.0179 1588 [ 77b7a11a0c3d78d3386398fbbea1b632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:24:28.0183 1588 SCardSvr - ok
14:24:28.0295 1588 [ 1a58069db21d05eb2ab58ee5753ebe8d ] Schedule C:\Windows\system32\schedsvc.dll
14:24:28.0305 1588 Schedule - ok
14:24:28.0321 1588 [ 312ec3e37a0a1f2006534913e37b4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:24:28.0322 1588 SCPolicySvc - ok
14:24:28.0355 1588 [ 716313d9f6b0529d03f726d5aaf6f191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:24:28.0358 1588 SDRSVC - ok
14:24:28.0400 1588 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:24:28.0401 1588 secdrv - ok
14:24:28.0419 1588 [ fd5199d4d8a521005e4b5ee7fe00fa9b ] seclogon C:\Windows\system32\seclogon.dll
14:24:28.0422 1588 seclogon - ok
14:24:28.0442 1588 [ a9bbab5759771e523f55563d6cbe140f ] SENS C:\Windows\system32\sens.dll
14:24:28.0445 1588 SENS - ok
14:24:28.0470 1588 [ ce9ec966638ef0b10b864ddedf62a099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:24:28.0471 1588 Serenum - ok
14:24:28.0529 1588 [ 6d663022db3e7058907784ae14b69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:24:28.0531 1588 Serial - ok
14:24:28.0546 1588 [ 8af3d28a879bf75db53a0ee7a4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:24:28.0547 1588 sermouse - ok
14:24:28.0577 1588 [ d2193326f729b163125610dbf3e17d57 ] SessionEnv C:\Windows\system32\sessenv.dll
14:24:28.0580 1588 SessionEnv - ok
14:24:28.0610 1588 [ 3efa810bdca87f6ecc24f9832243fe86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:24:28.0611 1588 sffdisk - ok
14:24:28.0631 1588 [ e95d451f7ea3e583aec75f3b3ee42dc5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:24:28.0633 1588 sffp_mmc - ok
14:24:28.0650 1588 [ 3d0ea348784b7ac9ea9bd9f317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:24:28.0651 1588 sffp_sd - ok
14:24:28.0674 1588 [ 46ed8e91793b2e6f848015445a0ac188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:24:28.0675 1588 sfloppy - ok
14:24:28.0734 1588 [ e1499bd0ff76b1b2fbbf1af339d91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:24:28.0739 1588 SharedAccess - ok
14:24:28.0787 1588 [ c7230fbee14437716701c15be02c27b8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:24:28.0792 1588 ShellHWDetection - ok
14:24:28.0825 1588 [ 1d76624a09a054f682d746b924e2dbc3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:24:28.0827 1588 sisagp - ok
14:24:28.0851 1588 [ 43cb7aa756c7db280d01da9b676cfde2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:24:28.0853 1588 SiSRaid2 - ok
14:24:28.0877 1588 [ a99c6c8b0baa970d8aa59ddc50b57f94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:24:28.0879 1588 SiSRaid4 - ok
14:24:29.0455 1588 [ 862bb4cbc05d80c5b45be430e5ef872f ] slsvc C:\Windows\system32\SLsvc.exe
14:24:29.0569 1588 slsvc - ok
14:24:29.0597 1588 [ 6edc422215cd78aa8a9cde6b30abbd35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:24:29.0600 1588 SLUINotify - ok
14:24:29.0637 1588 [ 7b75299a4d201d6a6533603d6914ab04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:24:29.0639 1588 Smb - ok
14:24:29.0690 1588 [ 2a146a055b4401c16ee62d18b8e2a032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:24:29.0692 1588 SNMPTRAP - ok
14:24:29.0731 1588 [ 7aebdeef071fe28b0eef2cdd69102bff ] spldr C:\Windows\system32\drivers\spldr.sys
14:24:29.0732 1588 spldr - ok
14:24:29.0791 1588 [ 8554097e5136c3bf9f69fe578a1b35f4 ] Spooler C:\Windows\System32\spoolsv.exe
14:24:29.0795 1588 Spooler - ok
14:24:29.0892 1588 [ a892134c28777978ecde8283dc57ac0f ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
14:24:29.0898 1588 SQLAgent$SQLEXPRESS - ok
14:24:30.0016 1588 [ 10d936dced9eacd1a1b3fcdda6d7a4eb ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:24:30.0020 1588 SQLBrowser - ok
14:24:30.0044 1588 [ 135cdccc167ef0c250125bbd3abe18d5 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:24:30.0046 1588 SQLWriter - ok
14:24:30.0116 1588 [ 41987f9fc0e61adf54f581e15029ad91 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:24:30.0121 1588 srv - ok
14:24:30.0187 1588 [ ff33aff99564b1aa534f58868cbe41ef ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:24:30.0190 1588 srv2 - ok
14:24:30.0236 1588 [ 7605c0e1d01a08f3ecd743f38b834a44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:24:30.0238 1588 srvnet - ok
14:24:30.0282 1588 [ 03d50b37234967433a5ea5ba72bc0b62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:24:30.0286 1588 SSDPSRV - ok
14:24:30.0354 1588 [ 6f1a32e7b7b30f004d9a20afadb14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:24:30.0358 1588 SstpSvc - ok
14:24:30.0440 1588 [ 5de7d67e49b88f5f07f3e53c4b92a352 ] stisvc C:\Windows\System32\wiaservc.dll
14:24:30.0448 1588 stisvc - ok
14:24:30.0475 1588 [ 7ba58ecf0c0a9a69d44b3dca62becf56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:24:30.0477 1588 swenum - ok
14:24:30.0536 1588 [ f21fd248040681cca1fb6c9a03aaa93d ] swprv C:\Windows\System32\swprv.dll
14:24:30.0542 1588 swprv - ok
14:24:30.0565 1588 [ 192aa3ac01df071b541094f251deed10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:24:30.0567 1588 Symc8xx - ok
14:24:30.0592 1588 [ 8c8eb8c76736ebaf3b13b633b2e64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:24:30.0594 1588 Sym_hi - ok
14:24:30.0616 1588 [ 8072af52b5fd103bbba387a1e49f62cb ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:24:30.0617 1588 Sym_u3 - ok
14:24:30.0722 1588 [ 9a51b04e9886aa4ee90093586b0ba88d ] SysMain C:\Windows\system32\sysmain.dll
14:24:30.0731 1588 SysMain - ok
14:24:30.0755 1588 [ 2dca225eae15f42c0933e998ee0231c3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:24:30.0759 1588 TabletInputService - ok
14:24:30.0807 1588 [ d7673e4b38ce21ee54c59eeeb65e2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:24:30.0812 1588 TapiSrv - ok
14:24:30.0829 1588 [ cb05822cd9cc6c688168e113c603dbe7 ] TBS C:\Windows\System32\tbssvc.dll
14:24:30.0832 1588 TBS - ok
14:24:31.0155 1588 [ ee7e10bed85c312c1d5d30c435bdda9f ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:24:31.0186 1588 Tcpip - ok
14:24:31.0286 1588 [ ee7e10bed85c312c1d5d30c435bdda9f ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:24:31.0291 1588 Tcpip6 - ok
14:24:31.0381 1588 [ 2c2d4cff5e09c73908f9b5af49a51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:24:31.0383 1588 tcpipreg - ok
14:24:31.0443 1588 [ 5dcf5e267be67a1ae926f2df77fbcc56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:24:31.0445 1588 TDPIPE - ok
14:24:31.0513 1588 [ 389c63e32b3cefed425b61ed92d3f021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:24:31.0515 1588 TDTCP - ok
14:24:31.0544 1588 [ 76b06eb8a01fc8624d699e7045303e54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:24:31.0546 1588 tdx - ok
14:24:31.0572 1588 [ 3cad38910468eab9a6479e2f01db43c7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:24:31.0574 1588 TermDD - ok
14:24:31.0675 1588 [ bb95da09bef6e7a131bff3ba5032090d ] TermService C:\Windows\System32\termsrv.dll
14:24:31.0683 1588 TermService - ok
14:24:31.0709 1588 [ c7230fbee14437716701c15be02c27b8 ] Themes C:\Windows\system32\shsvcs.dll
14:24:31.0712 1588 Themes - ok
14:24:31.0765 1588 [ 1076ffcffaae8385fd62dfcb25ac4708 ] THREADORDER C:\Windows\system32\mmcss.dll
14:24:31.0766 1588 THREADORDER - ok
14:24:31.0817 1588 [ ec74e77d0eb004bd3a809b5f8fb8c2ce ] TrkWks C:\Windows\System32\trkwks.dll
14:24:31.0863 1588 TrkWks - ok
14:24:31.0955 1588 [ 97d9d6a04e3ad9b6c626b9931db78dba ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:24:31.0981 1588 TrustedInstaller - ok
14:24:32.0020 1588 [ dcf0f056a2e4f52287264f5ab29cf206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:24:32.0022 1588 tssecsrv - ok
14:24:32.0108 1588 [ caecc0120ac49e3d2f758b9169872d38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:24:32.0110 1588 tunmp - ok
14:24:32.0154 1588 [ 300db877ac094feab0be7688c3454a9c ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:24:32.0156 1588 tunnel - ok
14:24:32.0437 1588 [ 3338b908f6383053d956229a1eb2f6a3 ] tvnserver C:\Program Files\TightVNC\tvnserver.exe
14:24:32.0449 1588 tvnserver - ok
14:24:32.0483 1588 [ 7d33c4db2ce363c8518d2dfcf533941f ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:24:32.0484 1588 uagp35 - ok
14:24:32.0530 1588 [ d9728af68c4c7693cb100b8441cbdec6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:24:32.0535 1588 udfs - ok
14:24:32.0576 1588 [ ecef404f62863755951e09c802c94ad5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:24:32.0579 1588 UI0Detect - ok
14:24:32.0597 1588 [ b0acfdc9e4af279e9116c03e014b2b27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:24:32.0599 1588 uliagpkx - ok
14:24:32.0627 1588 [ 9224bb254f591de4ca8d572a5f0d635c ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:24:32.0631 1588 uliahci - ok
14:24:32.0647 1588 [ 8514d0e5cd0534467c5fc61be94a569f ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:24:32.0649 1588 UlSata - ok
14:24:32.0667 1588 [ 38c3c6e62b157a6bc46594fada45c62b ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:24:32.0670 1588 ulsata2 - ok
14:24:32.0703 1588 [ 32cff9f809ae9aed85464492bf3e32d2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:24:32.0704 1588 umbus - ok
14:24:32.0760 1588 [ 8a66360f38f81e960e2367b428cbd5d9 ] UmRdpService C:\Windows\System32\umrdp.dll
14:24:32.0765 1588 UmRdpService - ok
14:24:32.0809 1588 [ 68308183f4ae0be7bf8ecd07cb297999 ] upnphost C:\Windows\System32\upnphost.dll
14:24:32.0815 1588 upnphost - ok
14:24:32.0861 1588 [ caf811ae4c147ffcd5b51750c7f09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:24:32.0863 1588 usbccgp - ok
14:24:32.0880 1588 [ e9476e6c486e76bc4898074768fb7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:24:32.0882 1588 usbcir - ok
14:24:32.0917 1588 [ 79e96c23a97ce7b8f14d310da2db0c9b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:24:32.0919 1588 usbehci - ok
14:24:32.0962 1588 [ 4673bbcb006af60e7abddbe7a130ba42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:24:32.0966 1588 usbhub - ok
14:24:32.0991 1588 [ ce697fee0d479290d89bec80dfe793b7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:24:32.0993 1588 usbohci - ok
14:24:33.0012 1588 [ e75c4b5269091d15a2e7dc0b6d35f2f5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:24:33.0014 1588 usbprint - ok
14:24:33.0062 1588 [ a508c9bd8724980512136b039bba65e9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:24:33.0063 1588 usbscan - ok
14:24:33.0112 1588 [ be3da31c191bc222d9ad503c5224f2ad ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:24:33.0142 1588 USBSTOR - ok
14:24:33.0183 1588 [ 814d653efc4d48be3b04a307eceff56f ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:24:33.0185 1588 usbuhci - ok
14:24:33.0218 1588 [ 1509e705f3ac1d474c92454a5c2dd81f ] UxSms C:\Windows\System32\uxsms.dll
14:24:33.0221 1588 UxSms - ok
14:24:33.0294 1588 [ cd88d1b7776dc17a119049742ec07eb4 ] vds C:\Windows\System32\vds.exe
14:24:33.0301 1588 vds - ok
14:24:33.0332 1588 [ 87b06e1f30b749a114f74622d013f8d4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:24:33.0333 1588 vga - ok
14:24:33.0349 1588 [ 2e93ac0a1d8c79d019db6c51f036636c ] VgaSave C:\Windows\System32\drivers\vga.sys
14:24:33.0350 1588 VgaSave - ok
14:24:33.0370 1588 [ 5d7159def58a800d5781ba3a879627bc ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:24:33.0372 1588 viaagp - ok
14:24:33.0401 1588 [ c4f3a691b5bad343e6249bd8c2d45dee ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:24:33.0403 1588 ViaC7 - ok
14:24:33.0424 1588 [ aadf5587a4063f52c2c3fed7887426fc ] viaide C:\Windows\system32\drivers\viaide.sys
14:24:33.0426 1588 viaide - ok
14:24:33.0457 1588 [ 69503668ac66c77c6cd7af86fbdf8c43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:24:33.0458 1588 volmgr - ok
14:24:33.0524 1588 [ 23e41b834759917bfd6b9a0d625d0c28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:24:33.0528 1588 volmgrx - ok
14:24:33.0572 1588 [ 147281c01fcb1df9252de2a10d5e7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:24:33.0575 1588 volsnap - ok
14:24:33.0633 1588 [ 587253e09325e6bf226b299774b728a9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:24:33.0637 1588 vsmraid - ok
14:24:33.0799 1588 [ db3d19f850c6eb32bdcb9bc0836acddb ] VSS C:\Windows\system32\vssvc.exe
14:24:33.0814 1588 VSS - ok
14:24:33.0871 1588 [ 96ea68b9eb310a69c25ebb0282b2b9de ] W32Time C:\Windows\system32\w32time.dll
14:24:33.0877 1588 W32Time - ok
14:24:33.0919 1588 [ 48dfee8f1af7c8235d4e626f0c4fe031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:24:33.0920 1588 WacomPen - ok
14:24:33.0932 1588 [ 55201897378cca7af8b5efd874374a26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:24:33.0935 1588 Wanarp - ok
14:24:33.0940 1588 [ 55201897378cca7af8b5efd874374a26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:24:33.0941 1588 Wanarpv6 - ok
14:24:34.0104 1588 [ 20b23332885dfb93fe0185362ee811e9 ] wbengine C:\Windows\system32\wbengine.exe
14:24:34.0119 1588 wbengine - ok
14:24:34.0195 1588 [ a3cd60fd826381b49f03832590e069af ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:24:34.0203 1588 wcncsvc - ok
14:24:34.0237 1588 [ 11bcb7afcdd7aadacb5746f544d3a9c7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:24:34.0240 1588 WcsPlugInService - ok
14:24:34.0270 1588 [ 78fe9542363f297b18c027b2d7e7c07f ] Wd C:\Windows\system32\drivers\wd.sys
14:24:34.0271 1588 Wd - ok
14:24:34.0345 1588 [ b6f0a7ad6d4bd325fbcd8bac96cd8d96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:24:34.0352 1588 Wdf01000 - ok
14:24:34.0377 1588 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:24:34.0381 1588 WdiServiceHost - ok
14:24:34.0392 1588 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:24:34.0394 1588 WdiSystemHost - ok
14:24:34.0450 1588 [ 04c37d8107320312fbae09926103d5e2 ] WebClient C:\Windows\System32\webclnt.dll
14:24:34.0455 1588 WebClient - ok
14:24:34.0499 1588 [ ae3736e7e8892241c23e4ebbb7453b60 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:24:34.0503 1588 Wecsvc - ok
14:24:34.0516 1588 [ 670ff720071ed741206d69bd995ea453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:24:34.0520 1588 wercplsupport - ok
14:24:34.0550 1588 [ 32b88481d3b326da6deb07b1d03481e7 ] WerSvc C:\Windows\System32\WerSvc.dll
14:24:34.0553 1588 WerSvc - ok
14:24:34.0644 1588 [ 4575aa12561c5648483403541d0d7f2b ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:24:34.0648 1588 WinDefend - ok
14:24:34.0657 1588 WinHttpAutoProxySvc - ok
14:24:34.0766 1588 [ 6b2a1d0e80110e3d04e6863c6e62fd8a ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:24:34.0770 1588 Winmgmt - ok
14:24:35.0035 1588 [ 7cfe68bdc065e55aa5e8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
14:24:35.0061 1588 WinRM - ok
14:24:35.0161 1588 [ c008405e4feeb069e30da1d823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:24:35.0170 1588 Wlansvc - ok
14:24:35.0224 1588 [ 2e7255d172df0b8283cdfb7b433b864e ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:24:35.0225 1588 WmiAcpi - ok
14:24:35.0278 1588 [ 43be3875207dcb62a85c8c49970b66cc ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:24:35.0280 1588 wmiApSrv - ok
14:24:35.0509 1588 [ 3978704576a121a9204f8cc49a301a9b ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:24:35.0521 1588 WMPNetworkSvc - ok
14:24:35.0539 1588 [ 801fbdb89d472b3c467eb112a0fc9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:24:35.0543 1588 WPDBusEnum - ok
14:24:35.0700 1588 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:24:35.0711 1588 WPFFontCache_v0400 - ok
14:24:35.0753 1588 [ e3a3cb253c0ec2494d4a61f5e43a389c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:24:35.0754 1588 ws2ifsl - ok
14:24:35.0783 1588 [ 1ca6c40261ddc0425987980d0cd2aaab ] wscsvc C:\Windows\system32\wscsvc.dll
14:24:35.0786 1588 wscsvc - ok
14:24:35.0792 1588 WSearch - ok
14:24:36.0186 1588 [ fc3ec24fce372c89423e015a2ac1a31e ] wuauserv C:\Windows\system32\wuaueng.dll
14:24:36.0212 1588 wuauserv - ok
14:24:36.0264 1588 [ ac13cb789d93412106b0fb6c7eb2bcb6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:24:36.0266 1588 WUDFRd - ok
14:24:36.0293 1588 [ 575a4190d989f64732119e4114045a4f ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:24:36.0296 1588 wudfsvc - ok
14:24:36.0308 1588 ================ Scan global ===============================
14:24:36.0334 1588 (f31eebc1a1c81fd04005489cc3dcdfe7) C:\Windows\system32\basesrv.dll
14:24:36.0421 1588 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
14:24:36.0448 1588 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
14:24:36.0506 1588 (d4e6d91c1349b7bfb3599a6ada56851b) C:\Windows\system32\services.exe
14:24:36.0512 1588 [Global] - ok
14:24:36.0512 1588 ================ Scan MBR ==================================
14:24:36.0530 1588 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:24:38.0781 1588 \Device\Harddisk0\DR0 - ok
14:24:38.0788 1588 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk2\DR2
14:24:38.0794 1588 \Device\Harddisk2\DR2 - ok
14:24:38.0828 1588 MBR (0x1B8) (cd73ad6398e5488c15dbcb4dd7c6ea4e) \Device\Harddisk5\DR5
14:24:47.0668 1588 \Device\Harddisk5\DR5 - ok
14:24:47.0668 1588 ================ Scan VBR ==================================
14:24:47.0710 1588 Boot (0x1200) (dc4b1a3e8fe1f6aa5278aa6e50f96b8d) \Device\Harddisk0\DR0\Partition1
14:24:47.0754 1588 \Device\Harddisk0\DR0\Partition1 - ok
14:24:47.0789 1588 Boot (0x1200) (1d88e3f9a40280e2ae6d4e9f076ab30c) \Device\Harddisk0\DR0\Partition2
14:24:47.0816 1588 \Device\Harddisk0\DR0\Partition2 - ok
14:24:47.0820 1588 Boot (0x1200) (d77663ec62794c2b11f935e2ede6479a) \Device\Harddisk2\DR2\Partition1
14:24:47.0822 1588 \Device\Harddisk2\DR2\Partition1 - ok
14:24:47.0823 1588 ============================================================
14:24:47.0823 1588 Scan finished
14:24:47.0823 1588 ============================================================
14:24:47.0837 1332 Detected object count: 0
14:24:47.0838 1332 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 17 August 2012 - 08:19 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ICL

ICL
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 19 August 2012 - 11:54 AM

ComboFix 12-08-18.03 - office 08/19/2012 9:06.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1791.499 [GMT -7:00]
Running from: c:\users\office\Desktop\anti malware tools\ComboFix.exe
Command switches used :: c:\users\office\Desktop\anti malware tools\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\office\AppData\Local\Temp\{6CFA1948-7D80-4E64-A9FD-8FD345861067}\fpb.tmp
c:\users\office\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 16:12 . 2012-08-19 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-18 09:03 . 2012-08-18 09:03 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73557940-BF5E-4FE8-A6E7-C22CC5D74E6A}\offreg.dll
2012-08-17 21:24 . 2012-08-17 21:24 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73557940-BF5E-4FE8-A6E7-C22CC5D74E6A}\MpKsl87859122.sys
2012-08-16 19:59 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-12 09:18 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73557940-BF5E-4FE8-A6E7-C22CC5D74E6A}\mpengine.dll
2012-08-12 00:07 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-10 23:50 . 2012-08-19 16:12 -------- d-----w- c:\users\office\AppData\Local\temp
2012-08-03 21:57 . 2012-08-10 23:22 -------- d-----w- c:\users\office\AppData\Local\Local AppWizard-Generated Applications
2012-07-27 23:55 . 2010-12-30 07:01 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-07-27 23:55 . 2010-12-30 07:01 309352 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2012-07-27 23:55 . 2010-12-30 07:01 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-07-21 06:44 . 2012-02-10 03:00 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-07-21 06:44 . 2012-02-10 03:00 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-07-21 06:44 . 2012-02-10 03:00 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-07-21 06:44 . 2012-02-10 03:00 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-07-21 06:44 . 2012-02-10 03:00 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-21 06:36 . 2012-07-21 06:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-07-21 06:21 . 2010-03-05 01:04 758784 ----a-w- c:\windows\system32\cohelper.dll
2012-07-21 06:20 . 2012-07-21 06:20 -------- d-----w- C:\NVIDIA
2012-07-21 04:39 . 2012-07-21 04:39 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-07-21 04:38 . 2012-07-21 04:38 -------- d-----w- c:\program files\CPUID
2012-07-21 04:32 . 2011-09-23 00:18 73064 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-07-21 04:32 . 2011-09-23 00:18 89960 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-07-21 04:12 . 2012-07-21 04:12 -------- d-----w- c:\users\office\AppData\Roaming\AVG2012
2012-07-21 04:03 . 2012-08-18 01:16 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-21 04:03 . 2012-08-10 23:25 -------- d-----w- c:\programdata\AVG2012
2012-07-21 04:02 . 2012-07-21 04:02 -------- d-----w- c:\program files\AVG
2012-07-21 03:52 . 2012-08-18 01:16 -------- d-----w- c:\programdata\MFAData
2012-07-21 03:51 . 2012-07-21 03:51 -------- d-----w- c:\users\office\AppData\Roaming\Malwarebytes
2012-07-21 03:51 . 2012-07-21 03:51 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 03:51 . 2012-07-21 03:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 03:51 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 03:44 . 2012-07-21 03:44 -------- d-----w- c:\program files\TightVNC
2012-07-21 03:44 . 2012-07-21 03:44 -------- d-----w- c:\programdata\TightVNC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 22:01 . 2012-04-12 14:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-17 22:01 . 2011-05-28 17:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-05 16:47 . 2012-07-11 10:06 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 10:06 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 10:06 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 16:26 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 16:26 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 16:26 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 16:26 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 16:26 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 16:26 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 16:26 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 16:26 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-21 16:26 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 00:04 . 2012-07-11 10:06 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 10:06 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-02-12 18:31 . 2011-03-27 14:41 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2012-06-27 1184312]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-2-4 1155432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 58450993
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL87859122
*Deregistered* - 58450993
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 22:01]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443676034-1561210261-3150399437-1000Core.job
- c:\users\office\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 23:08]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443676034-1561210261-3150399437-1000UA.job
- c:\users\office\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 23:08]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
Trusted Zone: microsoft.com\office
TCP: DhcpNameServer = 184.63.128.68 184.63.128.69
FF - ProfilePath - c:\users\office\AppData\Roaming\Mozilla\Firefox\Profiles\az41i5r8.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
Completion time: 2012-08-19 09:13:46
ComboFix-quarantined-files.txt 2012-08-19 16:13
ComboFix2.txt 2012-08-10 23:50
.
Pre-Run: 52,906,561,536 bytes free
Post-Run: 53,043,576,832 bytes free
.
- - End Of File - - 85F486A628C1CFCA5D3D9EA8244F25A3


Hello Gringo, here is the log that was produced from running the CFScript. Browsing links from Google searches continues to be functioning normally, as does everything else.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 19 August 2012 - 12:41 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 20 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

[b]"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ICL

ICL
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 20 August 2012 - 01:30 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:21 AM, on 8/20/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Users\office\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe

--
End of file - 6522 bytes




Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.19.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
office :: OFFICE-PC [administrator]

8/19/2012 11:49:45 AM
mbam-log-2012-08-19 (11-49-45).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 468360
Time elapsed: 1 hour(s), 53 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Here are the logs you requested. The machine continues to run smoothly.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 20 August 2012 - 03:13 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ICL

ICL
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 20 August 2012 - 04:28 PM

I appreciate the prompt reply Gringo. I'm not working until Friday, I'll upload the report for you then.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 PM

Posted 21 August 2012 - 07:42 AM

thanks for letting me know
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users