Sign in to follow this  
Followers 0
lifethezero

malware seemingly removed...

28 posts in this topic

Last week I noticed my computer running slow and just generally seeming off. I located some malware, which was some sort of trojan originating from an svchost file. I tried multiple times using mbam and spybot to remove the malware, and each time both programs removed threats but they pretty much regenerated each time and the same problems persisted. I finally got on this forum and after reading through a few threads relating to the same sort of problem involving svchost trojans I followed the steps outlined in another thread titled something to the effect of "svchost trojan - search redirects". FYI, it seemed to be combofix that eventually corrected the problem. I should mention I fully understand that a recurring theme from the experts on this forum seems to be that you shouldn't remove any files, etc., without being specifically directed to do so by said experts. That said, I proceeded anyway and everything seemed to work out alright considering. Anyway best I can tell all traces of the malware were removed, spybot and mbam both come up clear plus i ran tdsskiller again and it found 1 threat but it didn't seem to be actual malware.

The reason I am posting is that even though I can't find any remaining malware some problems seem to persist. First of all when I restart I get two error messages at startup, one says there was a problem starting c:\windows\TEMP\wiavmg.dll and the other is the same except it is apatdm.dll. Also I tried to run a system restore a few times from a few different points after the malware was removed and it failed each time. Also I notice my browser still runs slower than before than malware. There are various other minor issues I'm noticing as well. I have to assume that these error messages are likely the result of me removing files I shouldn't have without being instructed to do so, but either way I'm not really sure. Any help would be appreciated and here is the mbam log if that helps any:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.07.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

4/11/2012 3:53:02 PM

mbam-log-2012-04-11 (15-53-02).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 200780

Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

----------------------------------

Next....

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

How are we doing??

Do you still need help or can I close this post??

MrC

Share this post


Link to post
Share on other sites

Yeah, I'm still having the same issues. Here is the dds log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by Owner at 22:17:40 on 2012-04-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1902 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360210d525l04g4z145t4402x242

BHO: MRI_DISABLED - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7C35DC11-42C9-41FB-87DE-61E1D3F282C5} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7C35DC11-42C9-41FB-87DE-61E1D3F282C5}\37771696D6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7C35DC11-42C9-41FB-87DE-61E1D3F282C5}\C696E6B6379737 : DhcpNameServer = 68.87.68.166 68.87.74.166

TCP: Interfaces\{7C35DC11-42C9-41FB-87DE-61E1D3F282C5}\E4544574541425 : DhcpNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: MRI_DISABLED - No File

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Google Dictionary Compression sdch - No File

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\00u66hgm.default\

FF - prefs.js: browser.startup.homepage - hxxp://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ff&clid=e5053b451ed44eeaa08e2adcc000a661&subid=

FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Owner\AppData\Roaming\Move Networks

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

.

---- FIREFOX POLICIES ----

FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=

FF - user.js: keyword.enabled - 1

.

============= SERVICES / DRIVERS ===============

.

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-11-5 844320]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-21 1153368]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-5 240160]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe --> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 253600]

S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe --> C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [?]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

.

=============== Created Last 30 ================

.

2012-04-12 19:26:01 8669240 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll

2012-04-11 03:54:37 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-11 03:54:37 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-11 03:54:36 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-11 03:54:36 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-11 03:54:36 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-11 03:54:36 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-11 03:54:36 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-07 16:36:39 8669240 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F96F4DC7-E96F-419B-9720-A3E3BA2AE2C1}\mpengine.dll

2012-04-07 16:31:44 -------- d-sh--w- C:\$RECYCLE.BIN

2012-04-07 04:58:05 -------- d-----w- C:\Users\Owner\AppData\Local\{4E816686-82DD-46C8-B9F8-D25B2CDA7D1F}

2012-04-06 03:27:22 -------- d-----w- C:\Users\Owner\AppData\Local\{E7B6953F-7F5E-11E1-826D-B8AC6F996F26}

2012-04-05 20:55:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\Lyihyv

2012-04-05 20:55:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\Ciwiku

2012-04-05 13:50:57 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-05 13:47:59 -------- d-----w- C:\Users\Owner\AppData\Local\{BA0C1109-60F6-4D13-8E44-1C52FBE9071E}

2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-03-25 06:59:42 -------- d-----w- C:\Users\Owner\AppData\Local\{EA2522B7-0677-458A-BCD4-34184FF906EE}

2012-03-25 06:59:29 -------- d-----w- C:\Users\Owner\AppData\Local\{5D763051-1A12-42BD-B3E1-766B86A48FE3}

.

==================== Find3M ====================

.

2012-04-05 13:50:57 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-07 16:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

.

============= FINISH: 22:18:57.75 ===============

And I just ran another mbam quick scan, here is the log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.04.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

4/17/2012 10:28:32 PM

mbam-log-2012-04-17 (22-28-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 200657

Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I'll have the rogue killer log here in just a few...

Share this post


Link to post
Share on other sites

Ok here is the rogue killer log:

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Owner [Admin rights]

Mode: Scan -- Date: 04/17/2012 22:38:27

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤

[bLACKLIST DLL] HKLM\[...]\Run : wiavmg (rundll32.exe "C:\Windows\TEMP\wiavmg.dll",CreateRenderToEnvMap) -> FOUND

[bLACKLIST DLL] HKLM\[...]\Run : apatdm (rundll32.exe "C:\Windows\TEMP\apatdm.dll",GetObjectHandleByName) -> FOUND

[sUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : InnoSetupRegFile.0000000001 ("C:\Windows\is-K9V0O.exe" /REG /REGSVRMODE) -> FOUND

[sCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\WLXPGSS.SCR) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1655GSX ATA Device +++++

--- User ---

[MBR] 51285b765106bd65cdefb00e44957e7a

[bSP] a47b25ecd3d5cdee75dbfe1af51495d0 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 101 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25382700 | Size: 140232 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

I really appreciate any help you can provide here.

Share this post


Link to post
Share on other sites

Please run RogueKiller again and click Scan, when the scan is done.....

Click on the Registry Entries tab and put a check next to these and uncheck the rest, then click Delete on the right hand column:

[bLACKLIST DLL] HKLM\[...]\Run : wiavmg (rundll32.exe "C:\Windows\TEMP\wiavmg.dll",CreateRenderToEnvMap) -> FOUND

[bLACKLIST DLL] HKLM\[...]\Run : apatdm (rundll32.exe "C:\Windows\TEMP\apatdm.dll",GetObjectHandleByName) -> FOUND

[sUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : InnoSetupRegFile.0000000001 ("C:\Windows\is-K9V0O.exe" /REG /REGSVRMODE) -> FOUND

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Share this post


Link to post
Share on other sites

The only warning was one of the locked file ones you mentioned, I just skipped that. Anyway, here is the tdss log:

08:29:15.0737 6752 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

08:29:16.0080 6752 ============================================================

08:29:16.0080 6752 Current date / time: 2012/04/18 08:29:16.0080

08:29:16.0080 6752 SystemInfo:

08:29:16.0080 6752

08:29:16.0080 6752 OS Version: 6.1.7601 ServicePack: 1.0

08:29:16.0080 6752 Product type: Workstation

08:29:16.0080 6752 ComputerName: OWNER-PC

08:29:16.0080 6752 UserName: Owner

08:29:16.0080 6752 Windows directory: C:\Windows

08:29:16.0080 6752 System windows directory: C:\Windows

08:29:16.0080 6752 Running under WOW64

08:29:16.0080 6752 Processor architecture: Intel x64

08:29:16.0080 6752 Number of processors: 1

08:29:16.0080 6752 Page size: 0x1000

08:29:16.0080 6752 Boot type: Normal boot

08:29:16.0080 6752 ============================================================

08:29:18.0108 6752 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:29:18.0124 6752 \Device\Harddisk0\DR0:

08:29:18.0124 6752 MBR used

08:29:18.0124 6752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD

08:29:18.0124 6752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x111E4784

08:29:18.0155 6752 Initialize success

08:29:18.0155 6752 ============================================================

08:30:00.0587 1104 ============================================================

08:30:00.0587 1104 Scan started

08:30:00.0587 1104 Mode: Manual; SigCheck; TDLFS;

08:30:00.0587 1104 ============================================================

08:30:01.0414 1104 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

08:30:01.0679 1104 1394ohci - ok

08:30:01.0835 1104 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

08:30:01.0866 1104 ACPI - ok

08:30:02.0038 1104 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

08:30:02.0163 1104 AcpiPmi - ok

08:30:02.0334 1104 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

08:30:02.0350 1104 AdobeFlashPlayerUpdateSvc - ok

08:30:02.0506 1104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

08:30:02.0553 1104 adp94xx - ok

08:30:02.0989 1104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

08:30:03.0036 1104 adpahci - ok

08:30:03.0161 1104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

08:30:03.0192 1104 adpu320 - ok

08:30:03.0301 1104 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

08:30:03.0473 1104 AeLookupSvc - ok

08:30:03.0613 1104 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

08:30:03.0676 1104 AFD - ok

08:30:03.0832 1104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

08:30:03.0863 1104 agp440 - ok

08:30:03.0972 1104 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

08:30:04.0035 1104 ALG - ok

08:30:04.0175 1104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

08:30:04.0191 1104 aliide - ok

08:30:04.0300 1104 AMD External Events Utility (f238be4fa4e55eb67f17281fadf69851) C:\Windows\system32\atiesrxx.exe

08:30:04.0456 1104 AMD External Events Utility - ok

08:30:04.0565 1104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

08:30:04.0581 1104 amdide - ok

08:30:04.0705 1104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

08:30:04.0799 1104 AmdK8 - ok

08:30:04.0924 1104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

08:30:05.0002 1104 AmdPPM - ok

08:30:05.0142 1104 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

08:30:05.0158 1104 amdsata - ok

08:30:05.0283 1104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

08:30:05.0314 1104 amdsbs - ok

08:30:05.0454 1104 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

08:30:05.0485 1104 amdxata - ok

08:30:05.0610 1104 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

08:30:05.0829 1104 AppID - ok

08:30:05.0953 1104 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

08:30:06.0063 1104 AppIDSvc - ok

08:30:06.0203 1104 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

08:30:06.0297 1104 Appinfo - ok

08:30:06.0437 1104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

08:30:06.0484 1104 arc - ok

08:30:06.0593 1104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

08:30:06.0609 1104 arcsas - ok

08:30:06.0733 1104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

08:30:06.0827 1104 AsyncMac - ok

08:30:06.0967 1104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

08:30:06.0983 1104 atapi - ok

08:30:07.0139 1104 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys

08:30:07.0311 1104 athr - ok

08:30:07.0591 1104 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys

08:30:07.0857 1104 atikmdag - ok

08:30:08.0044 1104 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys

08:30:08.0122 1104 AtiPcie - ok

08:30:08.0262 1104 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:30:08.0356 1104 AudioEndpointBuilder - ok

08:30:08.0418 1104 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:30:08.0481 1104 AudioSrv - ok

08:30:08.0621 1104 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

08:30:08.0761 1104 AxInstSV - ok

08:30:08.0902 1104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

08:30:08.0980 1104 b06bdrv - ok

08:30:09.0120 1104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

08:30:09.0183 1104 b57nd60a - ok

08:30:09.0401 1104 BCM43XX (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys

08:30:09.0495 1104 BCM43XX - ok

08:30:09.0619 1104 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

08:30:09.0697 1104 BDESVC - ok

08:30:09.0822 1104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

08:30:09.0885 1104 Beep - ok

08:30:10.0056 1104 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

08:30:10.0181 1104 BFE - ok

08:30:10.0337 1104 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

08:30:10.0415 1104 BITS - ok

08:30:10.0555 1104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

08:30:10.0587 1104 blbdrive - ok

08:30:10.0727 1104 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

08:30:10.0743 1104 bowser - ok

08:30:10.0852 1104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

08:30:10.0961 1104 BrFiltLo - ok

08:30:11.0070 1104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

08:30:11.0101 1104 BrFiltUp - ok

08:30:11.0226 1104 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

08:30:11.0304 1104 BridgeMP - ok

08:30:11.0445 1104 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

08:30:11.0554 1104 Browser - ok

08:30:11.0663 1104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

08:30:11.0741 1104 Brserid - ok

08:30:11.0850 1104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

08:30:11.0928 1104 BrSerWdm - ok

08:30:12.0037 1104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

08:30:12.0100 1104 BrUsbMdm - ok

08:30:12.0209 1104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

08:30:12.0256 1104 BrUsbSer - ok

08:30:12.0412 1104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

08:30:12.0459 1104 BTHMODEM - ok

08:30:12.0568 1104 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

08:30:12.0646 1104 bthserv - ok

08:30:12.0771 1104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

08:30:12.0849 1104 cdfs - ok

08:30:12.0989 1104 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

08:30:13.0051 1104 cdrom - ok

08:30:13.0192 1104 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:30:13.0285 1104 CertPropSvc - ok

08:30:13.0395 1104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

08:30:13.0441 1104 circlass - ok

08:30:13.0582 1104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

08:30:13.0613 1104 CLFS - ok

08:30:13.0738 1104 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:30:13.0753 1104 clr_optimization_v2.0.50727_32 - ok

08:30:13.0878 1104 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

08:30:13.0894 1104 clr_optimization_v2.0.50727_64 - ok

08:30:14.0065 1104 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:30:14.0097 1104 clr_optimization_v4.0.30319_32 - ok

08:30:14.0237 1104 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

08:30:14.0268 1104 clr_optimization_v4.0.30319_64 - ok

08:30:14.0377 1104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

08:30:14.0409 1104 CmBatt - ok

08:30:14.0533 1104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

08:30:14.0565 1104 cmdide - ok

08:30:14.0658 1104 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

08:30:14.0705 1104 CNG - ok

08:30:14.0830 1104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

08:30:14.0845 1104 Compbatt - ok

08:30:14.0986 1104 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

08:30:15.0048 1104 CompositeBus - ok

08:30:15.0157 1104 COMSysApp - ok

08:30:15.0189 1104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

08:30:15.0220 1104 crcdisk - ok

08:30:15.0376 1104 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

08:30:15.0516 1104 CryptSvc - ok

08:30:15.0657 1104 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:30:15.0735 1104 DcomLaunch - ok

08:30:15.0875 1104 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

08:30:15.0969 1104 defragsvc - ok

08:30:16.0125 1104 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

08:30:16.0203 1104 DfsC - ok

08:30:16.0359 1104 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

08:30:16.0421 1104 Dhcp - ok

08:30:16.0515 1104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

08:30:16.0593 1104 discache - ok

08:30:16.0733 1104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

08:30:16.0764 1104 Disk - ok

08:30:16.0905 1104 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys

08:30:16.0905 1104 DKbFltr - ok

08:30:17.0045 1104 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

08:30:17.0139 1104 Dnscache - ok

08:30:17.0263 1104 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

08:30:17.0357 1104 dot3svc - ok

08:30:17.0497 1104 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

08:30:17.0575 1104 DPS - ok

08:30:17.0716 1104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

08:30:17.0794 1104 drmkaud - ok

08:30:17.0934 1104 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

08:30:17.0981 1104 DXGKrnl - ok

08:30:18.0090 1104 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

08:30:18.0168 1104 EapHost - ok

08:30:18.0371 1104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

08:30:18.0480 1104 ebdrv - ok

08:30:18.0589 1104 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

08:30:18.0667 1104 EFS - ok

08:30:18.0808 1104 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

08:30:18.0901 1104 ehRecvr - ok

08:30:18.0995 1104 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

08:30:19.0042 1104 ehSched - ok

08:30:19.0167 1104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

08:30:19.0213 1104 elxstor - ok

08:30:19.0323 1104 ePowerSvc (8e910f796f5f30281cdd24aba47ddea2) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

08:30:19.0369 1104 ePowerSvc - ok

08:30:19.0479 1104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

08:30:19.0525 1104 ErrDev - ok

08:30:19.0666 1104 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

08:30:19.0775 1104 EventSystem - ok

08:30:19.0900 1104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

08:30:19.0978 1104 exfat - ok

08:30:20.0103 1104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

08:30:20.0181 1104 fastfat - ok

08:30:20.0337 1104 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

08:30:20.0415 1104 Fax - ok

08:30:20.0508 1104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

08:30:20.0571 1104 fdc - ok

08:30:20.0711 1104 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

08:30:20.0789 1104 fdPHost - ok

08:30:21.0148 1104 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

08:30:21.0366 1104 FDResPub - ok

08:30:21.0475 1104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

08:30:21.0507 1104 FileInfo - ok

08:30:21.0600 1104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

08:30:21.0678 1104 Filetrace - ok

08:30:21.0803 1104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

08:30:21.0850 1104 flpydisk - ok

08:30:21.0975 1104 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

08:30:22.0006 1104 FltMgr - ok

08:30:22.0131 1104 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

08:30:22.0193 1104 FontCache - ok

08:30:22.0333 1104 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

08:30:22.0349 1104 FontCache3.0.0.0 - ok

08:30:22.0458 1104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

08:30:22.0474 1104 FsDepends - ok

08:30:22.0599 1104 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

08:30:22.0661 1104 Fs_Rec - ok

08:30:22.0833 1104 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

08:30:22.0848 1104 fvevol - ok

08:30:22.0957 1104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

08:30:22.0989 1104 gagp30kx - ok

08:30:23.0098 1104 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

08:30:23.0191 1104 gpsvc - ok

08:30:23.0332 1104 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

08:30:23.0379 1104 Greg_Service - ok

08:30:23.0488 1104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

08:30:23.0535 1104 hcw85cir - ok

08:30:23.0675 1104 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

08:30:23.0722 1104 HdAudAddService - ok

08:30:23.0878 1104 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

08:30:23.0940 1104 HDAudBus - ok

08:30:24.0065 1104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

08:30:24.0096 1104 HidBatt - ok

08:30:24.0205 1104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

08:30:24.0268 1104 HidBth - ok

08:30:24.0393 1104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

08:30:24.0439 1104 HidIr - ok

08:30:24.0549 1104 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

08:30:24.0627 1104 hidserv - ok

08:30:24.0783 1104 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

08:30:24.0814 1104 HidUsb - ok

08:30:24.0923 1104 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

08:30:25.0017 1104 hkmsvc - ok

08:30:25.0157 1104 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

08:30:25.0251 1104 HomeGroupListener - ok

08:30:25.0360 1104 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

08:30:25.0407 1104 HomeGroupProvider - ok

08:30:25.0563 1104 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

08:30:25.0578 1104 HpSAMD - ok

08:30:25.0734 1104 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

08:30:25.0828 1104 HTTP - ok

08:30:25.0968 1104 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

08:30:25.0984 1104 hwpolicy - ok

08:30:26.0124 1104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

08:30:26.0155 1104 i8042prt - ok

08:30:26.0296 1104 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

08:30:26.0327 1104 iaStorV - ok

08:30:26.0545 1104 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

08:30:26.0592 1104 idsvc - ok

08:30:26.0701 1104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

08:30:26.0717 1104 iirsp - ok

08:30:26.0873 1104 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

08:30:26.0935 1104 IKEEXT - ok

08:30:27.0107 1104 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys

08:30:27.0185 1104 IntcAzAudAddService - ok

08:30:27.0279 1104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

08:30:27.0294 1104 intelide - ok

08:30:27.0419 1104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

08:30:27.0450 1104 intelppm - ok

08:30:27.0591 1104 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

08:30:27.0715 1104 IPBusEnum - ok

08:30:27.0840 1104 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:30:27.0918 1104 IpFilterDriver - ok

08:30:28.0105 1104 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

08:30:28.0199 1104 iphlpsvc - ok

08:30:28.0339 1104 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

08:30:28.0371 1104 IPMIDRV - ok

08:30:28.0480 1104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

08:30:28.0589 1104 IPNAT - ok

08:30:28.0698 1104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

08:30:28.0792 1104 IRENUM - ok

08:30:28.0917 1104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

08:30:28.0948 1104 isapnp - ok

08:30:29.0057 1104 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

08:30:29.0088 1104 iScsiPrt - ok

08:30:29.0229 1104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

08:30:29.0244 1104 kbdclass - ok

08:30:29.0369 1104 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

08:30:29.0431 1104 kbdhid - ok

08:30:29.0556 1104 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:30:29.0572 1104 KeyIso - ok

08:30:29.0681 1104 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

08:30:29.0697 1104 KSecDD - ok

08:30:29.0821 1104 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

08:30:29.0853 1104 KSecPkg - ok

08:30:29.0962 1104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

08:30:30.0055 1104 ksthunk - ok

08:30:30.0180 1104 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

08:30:30.0305 1104 KtmRm - ok

08:30:30.0430 1104 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys

08:30:30.0508 1104 L1C - ok

08:30:30.0633 1104 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

08:30:30.0757 1104 LanmanServer - ok

08:30:30.0882 1104 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

08:30:30.0960 1104 LanmanWorkstation - ok

08:30:31.0116 1104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

08:30:31.0194 1104 lltdio - ok

08:30:31.0335 1104 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

08:30:31.0428 1104 lltdsvc - ok

08:30:31.0537 1104 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

08:30:31.0615 1104 lmhosts - ok

08:30:31.0740 1104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

08:30:31.0756 1104 LSI_FC - ok

08:30:31.0865 1104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

08:30:31.0896 1104 LSI_SAS - ok

08:30:32.0021 1104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

08:30:32.0037 1104 LSI_SAS2 - ok

08:30:32.0161 1104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

08:30:32.0177 1104 LSI_SCSI - ok

08:30:32.0302 1104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

08:30:32.0364 1104 luafv - ok

08:30:32.0427 1104 McShield - ok

08:30:32.0473 1104 McSysmon - ok

08:30:32.0598 1104 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

08:30:32.0645 1104 Mcx2Svc - ok

08:30:32.0754 1104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

08:30:32.0785 1104 megasas - ok

08:30:32.0941 1104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

08:30:32.0973 1104 MegaSR - ok

08:30:33.0097 1104 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:30:33.0175 1104 MMCSS - ok

08:30:33.0285 1104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

08:30:33.0394 1104 Modem - ok

08:30:33.0519 1104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

08:30:33.0565 1104 monitor - ok

08:30:33.0706 1104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

08:30:33.0737 1104 mouclass - ok

08:30:33.0862 1104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

08:30:33.0909 1104 mouhid - ok

08:30:34.0033 1104 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

08:30:34.0065 1104 mountmgr - ok

08:30:34.0174 1104 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

08:30:34.0205 1104 mpio - ok

08:30:34.0314 1104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

08:30:34.0377 1104 mpsdrv - ok

08:30:34.0564 1104 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

08:30:34.0657 1104 MpsSvc - ok

08:30:34.0798 1104 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

08:30:34.0860 1104 MRxDAV - ok

08:30:34.0985 1104 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:30:35.0047 1104 mrxsmb - ok

08:30:35.0172 1104 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:30:35.0235 1104 mrxsmb10 - ok

08:30:35.0359 1104 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:30:35.0391 1104 mrxsmb20 - ok

08:30:35.0500 1104 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

08:30:35.0515 1104 msahci - ok

08:30:35.0656 1104 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

08:30:35.0687 1104 msdsm - ok

08:30:35.0812 1104 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

08:30:35.0843 1104 MSDTC - ok

08:30:35.0968 1104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

08:30:36.0015 1104 Msfs - ok

08:30:36.0124 1104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

08:30:36.0202 1104 mshidkmdf - ok

08:30:36.0342 1104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

08:30:36.0358 1104 msisadrv - ok

08:30:36.0467 1104 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

08:30:36.0529 1104 MSiSCSI - ok

08:30:36.0623 1104 msiserver - ok

08:30:36.0748 1104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

08:30:36.0857 1104 MSKSSRV - ok

08:30:36.0982 1104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

08:30:37.0060 1104 MSPCLOCK - ok

08:30:37.0185 1104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

08:30:37.0278 1104 MSPQM - ok

08:30:37.0419 1104 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

08:30:37.0450 1104 MsRPC - ok

08:30:37.0590 1104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

08:30:37.0621 1104 mssmbios - ok

08:30:37.0746 1104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

08:30:37.0824 1104 MSTEE - ok

08:30:37.0949 1104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

08:30:37.0965 1104 MTConfig - ok

08:30:38.0058 1104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

08:30:38.0105 1104 Mup - ok

08:30:38.0152 1104 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

08:30:38.0167 1104 mwlPSDFilter - ok

08:30:38.0277 1104 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

08:30:38.0292 1104 mwlPSDNServ - ok

08:30:38.0417 1104 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

08:30:38.0448 1104 mwlPSDVDisk - ok

08:30:38.0589 1104 MWLService (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe

08:30:38.0620 1104 MWLService - ok

08:30:38.0760 1104 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

08:30:38.0854 1104 napagent - ok

08:30:39.0010 1104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

08:30:39.0072 1104 NativeWifiP - ok

08:30:39.0244 1104 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

08:30:39.0275 1104 NDIS - ok

08:30:39.0400 1104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

08:30:39.0478 1104 NdisCap - ok

08:30:39.0587 1104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

08:30:39.0649 1104 NdisTapi - ok

08:30:39.0790 1104 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

08:30:39.0868 1104 Ndisuio - ok

08:30:40.0008 1104 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

08:30:40.0086 1104 NdisWan - ok

08:30:40.0227 1104 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

08:30:40.0289 1104 NDProxy - ok

08:30:40.0414 1104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

08:30:40.0476 1104 NetBIOS - ok

08:30:40.0617 1104 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

08:30:40.0710 1104 NetBT - ok

08:30:40.0835 1104 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:30:40.0851 1104 Netlogon - ok

08:30:40.0975 1104 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

08:30:41.0053 1104 Netman - ok

08:30:41.0178 1104 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

08:30:41.0287 1104 netprofm - ok

08:30:41.0412 1104 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:30:41.0428 1104 NetTcpPortSharing - ok

08:30:41.0553 1104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

08:30:41.0584 1104 nfrd960 - ok

08:30:41.0724 1104 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

08:30:41.0818 1104 NlaSvc - ok

08:30:41.0927 1104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

08:30:42.0021 1104 Npfs - ok

08:30:42.0130 1104 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

08:30:42.0192 1104 nsi - ok

08:30:42.0301 1104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

08:30:42.0379 1104 nsiproxy - ok

08:30:42.0567 1104 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

08:30:42.0629 1104 Ntfs - ok

08:30:42.0723 1104 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

08:30:42.0769 1104 NTIBackupSvc - ok

08:30:42.0894 1104 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys

08:30:42.0910 1104 NTIDrvr - ok

08:30:43.0035 1104 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

08:30:43.0081 1104 NTISchedulerSvc - ok

08:30:43.0222 1104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

08:30:43.0284 1104 Null - ok

08:30:43.0425 1104 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

08:30:43.0471 1104 nvraid - ok

08:30:43.0596 1104 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

08:30:43.0612 1104 nvstor - ok

08:30:43.0752 1104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

08:30:43.0768 1104 nv_agp - ok

08:30:43.0908 1104 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

08:30:43.0955 1104 odserv - ok

08:30:44.0064 1104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

08:30:44.0127 1104 ohci1394 - ok

08:30:44.0251 1104 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:30:44.0267 1104 ose - ok

08:30:44.0392 1104 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:30:44.0454 1104 p2pimsvc - ok

08:30:44.0579 1104 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

08:30:44.0610 1104 p2psvc - ok

08:30:44.0704 1104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

08:30:44.0719 1104 Parport - ok

08:30:44.0844 1104 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

08:30:44.0891 1104 partmgr - ok

08:30:45.0000 1104 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

08:30:45.0047 1104 PcaSvc - ok

08:30:45.0187 1104 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

08:30:45.0203 1104 pci - ok

08:30:45.0328 1104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

08:30:45.0359 1104 pciide - ok

08:30:45.0468 1104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

08:30:45.0499 1104 pcmcia - ok

08:30:45.0593 1104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

08:30:45.0624 1104 pcw - ok

08:30:45.0765 1104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

08:30:45.0874 1104 PEAUTH - ok

08:30:45.0983 1104 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

08:30:46.0030 1104 PerfHost - ok

08:30:46.0217 1104 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

08:30:46.0326 1104 pla - ok

08:30:46.0482 1104 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

08:30:46.0560 1104 PlugPlay - ok

08:30:46.0685 1104 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

08:30:46.0716 1104 PNRPAutoReg - ok

08:30:46.0872 1104 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:30:46.0888 1104 PNRPsvc - ok

08:30:47.0013 1104 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

08:30:47.0106 1104 PolicyAgent - ok

08:30:47.0231 1104 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

08:30:47.0356 1104 Power - ok

08:30:47.0496 1104 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

08:30:47.0574 1104 PptpMiniport - ok

08:30:47.0699 1104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

08:30:47.0746 1104 Processor - ok

08:30:47.0886 1104 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

08:30:47.0964 1104 ProfSvc - ok

08:30:48.0089 1104 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:30:48.0120 1104 ProtectedStorage - ok

08:30:48.0245 1104 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

08:30:48.0323 1104 Psched - ok

08:30:48.0495 1104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

08:30:48.0557 1104 ql2300 - ok

08:30:48.0666 1104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

08:30:48.0682 1104 ql40xx - ok

08:30:48.0791 1104 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

08:30:48.0822 1104 QWAVE - ok

08:30:48.0931 1104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

08:30:48.0994 1104 QWAVEdrv - ok

08:30:49.0103 1104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

08:30:49.0165 1104 RasAcd - ok

08:30:49.0306 1104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

08:30:49.0384 1104 RasAgileVpn - ok

08:30:49.0477 1104 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

08:30:49.0571 1104 RasAuto - ok

08:30:49.0711 1104 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:30:49.0789 1104 Rasl2tp - ok

08:30:49.0914 1104 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

08:30:50.0008 1104 RasMan - ok

08:30:50.0133 1104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

08:30:50.0226 1104 RasPppoe - ok

08:30:50.0335 1104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

08:30:50.0429 1104 RasSstp - ok

08:30:50.0569 1104 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

08:30:50.0679 1104 rdbss - ok

08:30:50.0788 1104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

08:30:50.0835 1104 rdpbus - ok

08:30:50.0959 1104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:30:51.0037 1104 RDPCDD - ok

08:30:51.0162 1104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

08:30:51.0271 1104 RDPENCDD - ok

08:30:51.0381 1104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

08:30:51.0443 1104 RDPREFMP - ok

08:30:51.0568 1104 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

08:30:51.0661 1104 RDPWD - ok

08:30:51.0817 1104 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

08:30:51.0833 1104 rdyboost - ok

08:30:51.0942 1104 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

08:30:52.0036 1104 RemoteAccess - ok

08:30:52.0145 1104 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

08:30:52.0254 1104 RemoteRegistry - ok

08:30:52.0379 1104 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

08:30:52.0441 1104 RimUsb - ok

08:30:52.0551 1104 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

08:30:52.0660 1104 RpcEptMapper - ok

08:30:52.0769 1104 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

08:30:52.0816 1104 RpcLocator - ok

08:30:52.0956 1104 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:30:53.0019 1104 RpcSs - ok

08:30:53.0143 1104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

08:30:53.0221 1104 rspndr - ok

08:30:53.0362 1104 RSUSBSTOR (e220d85daaa8318736f9b6b92f109146) C:\Windows\system32\Drivers\RtsUStor.sys

08:30:53.0377 1104 RSUSBSTOR - ok

08:30:53.0487 1104 RtsUIR - ok

08:30:53.0549 1104 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:30:53.0580 1104 SamSs - ok

08:30:53.0705 1104 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

08:30:53.0721 1104 sbp2port - ok

08:30:53.0845 1104 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

08:30:53.0892 1104 SBSDWSCService - ok

08:30:54.0001 1104 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

08:30:54.0064 1104 SCardSvr - ok

08:30:54.0189 1104 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

08:30:54.0267 1104 scfilter - ok

08:30:54.0438 1104 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

08:30:54.0547 1104 Schedule - ok

08:30:54.0688 1104 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:30:54.0750 1104 SCPolicySvc - ok

08:30:54.0875 1104 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

08:30:54.0953 1104 SDRSVC - ok

08:30:55.0062 1104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

08:30:55.0140 1104 secdrv - ok

08:30:55.0296 1104 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

08:30:55.0359 1104 seclogon - ok

08:30:55.0452 1104 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

08:30:55.0499 1104 SENS - ok

08:30:55.0608 1104 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

08:30:55.0686 1104 SensrSvc - ok

08:30:55.0811 1104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

08:30:55.0858 1104 Serenum - ok

08:30:55.0983 1104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

08:30:55.0998 1104 Serial - ok

08:30:56.0123 1104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

08:30:56.0154 1104 sermouse - ok

08:30:56.0295 1104 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

08:30:56.0373 1104 SessionEnv - ok

08:30:56.0497 1104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

08:30:56.0560 1104 sffdisk - ok

08:30:56.0685 1104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

08:30:56.0747 1104 sffp_mmc - ok

08:30:56.0887 1104 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

08:30:56.0950 1104 sffp_sd - ok

08:30:57.0075 1104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

08:30:57.0106 1104 sfloppy - ok

08:30:57.0262 1104 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

08:30:57.0340 1104 SharedAccess - ok

08:30:57.0480 1104 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

08:30:57.0574 1104 ShellHWDetection - ok

08:30:57.0699 1104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

08:30:57.0714 1104 SiSRaid2 - ok

08:30:57.0823 1104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

08:30:57.0870 1104 SiSRaid4 - ok

08:30:57.0995 1104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

08:30:58.0057 1104 Smb - ok

08:30:58.0198 1104 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

08:30:58.0229 1104 SNMPTRAP - ok

08:30:58.0369 1104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

08:30:58.0401 1104 spldr - ok

08:30:58.0525 1104 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

08:30:58.0588 1104 Spooler - ok

08:30:58.0822 1104 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

08:30:59.0025 1104 sppsvc - ok

08:30:59.0134 1104 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

08:30:59.0227 1104 sppuinotify - ok

08:30:59.0368 1104 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

08:30:59.0368 1104 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

08:30:59.0368 1104 sptd ( LockedFile.Multi.Generic ) - warning

08:30:59.0368 1104 sptd - detected LockedFile.Multi.Generic (1)

08:30:59.0508 1104 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

08:30:59.0571 1104 srv - ok

08:30:59.0727 1104 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

08:30:59.0773 1104 srv2 - ok

08:30:59.0898 1104 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

08:30:59.0945 1104 srvnet - ok

08:31:00.0070 1104 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

08:31:00.0132 1104 SSDPSRV - ok

08:31:00.0241 1104 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

08:31:00.0335 1104 SstpSvc - ok

08:31:00.0444 1104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

08:31:00.0460 1104 stexstor - ok

08:31:00.0585 1104 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

08:31:00.0647 1104 stisvc - ok

08:31:00.0865 1104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

08:31:00.0897 1104 swenum - ok

08:31:01.0037 1104 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

08:31:01.0131 1104 swprv - ok

08:31:01.0271 1104 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys

08:31:01.0318 1104 SynTP - ok

08:31:01.0474 1104 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

08:31:01.0567 1104 SysMain - ok

08:31:01.0692 1104 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

08:31:01.0770 1104 TabletInputService - ok

08:31:01.0911 1104 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

08:31:02.0004 1104 TapiSrv - ok

08:31:02.0129 1104 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

08:31:02.0191 1104 TBS - ok

08:31:02.0347 1104 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

08:31:02.0410 1104 Tcpip - ok

08:31:02.0566 1104 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

08:31:02.0628 1104 TCPIP6 - ok

08:31:02.0753 1104 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

08:31:02.0847 1104 tcpipreg - ok

08:31:02.0956 1104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

08:31:03.0003 1104 TDPIPE - ok

08:31:03.0127 1104 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

08:31:03.0190 1104 TDTCP - ok

08:31:03.0315 1104 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

08:31:03.0377 1104 tdx - ok

08:31:03.0486 1104 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

08:31:03.0533 1104 TermDD - ok

08:31:03.0689 1104 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

08:31:03.0783 1104 TermService - ok

08:31:03.0907 1104 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

08:31:03.0954 1104 Themes - ok

08:31:04.0095 1104 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:31:04.0157 1104 THREADORDER - ok

08:31:04.0251 1104 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

08:31:04.0329 1104 TrkWks - ok

08:31:04.0453 1104 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

08:31:04.0563 1104 TrustedInstaller - ok

08:31:04.0703 1104 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:31:04.0765 1104 tssecsrv - ok

08:31:04.0906 1104 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

08:31:04.0968 1104 TsUsbFlt - ok

08:31:05.0093 1104 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

08:31:05.0171 1104 tunnel - ok

08:31:05.0296 1104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

08:31:05.0327 1104 uagp35 - ok

08:31:05.0436 1104 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys

08:31:05.0452 1104 UBHelper - ok

08:31:05.0577 1104 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

08:31:05.0655 1104 udfs - ok

08:31:05.0795 1104 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

08:31:05.0842 1104 UI0Detect - ok

08:31:05.0967 1104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

08:31:05.0982 1104 uliagpkx - ok

08:31:06.0107 1104 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

08:31:06.0169 1104 umbus - ok

08:31:06.0294 1104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

08:31:06.0341 1104 UmPass - ok

08:31:06.0435 1104 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

08:31:06.0450 1104 Updater Service - ok

08:31:06.0559 1104 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

08:31:06.0637 1104 upnphost - ok

08:31:06.0778 1104 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys

08:31:06.0840 1104 usbccgp - ok

08:31:06.0934 1104 USBCCID - ok

08:31:07.0059 1104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

08:31:07.0090 1104 usbcir - ok

08:31:07.0215 1104 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

08:31:07.0261 1104 usbehci - ok

08:31:07.0371 1104 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys

08:31:07.0386 1104 usbfilter - ok

08:31:07.0527 1104 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

08:31:07.0573 1104 usbhub - ok

08:31:07.0714 1104 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

08:31:07.0776 1104 usbohci - ok

08:31:07.0901 1104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

08:31:07.0948 1104 usbprint - ok

08:31:08.0088 1104 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

08:31:08.0151 1104 USBSTOR - ok

08:31:08.0275 1104 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

08:31:08.0338 1104 usbuhci - ok

08:31:08.0494 1104 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

08:31:08.0541 1104 usbvideo - ok

08:31:08.0650 1104 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

08:31:08.0728 1104 UxSms - ok

08:31:08.0868 1104 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:31:08.0899 1104 VaultSvc - ok

08:31:09.0055 1104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

08:31:09.0071 1104 vdrvroot - ok

08:31:09.0196 1104 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

08:31:09.0258 1104 vds - ok

08:31:09.0399 1104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

08:31:09.0414 1104 vga - ok

08:31:09.0523 1104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

08:31:09.0601 1104 VgaSave - ok

08:31:09.0742 1104 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

08:31:09.0789 1104 vhdmp - ok

08:31:09.0898 1104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

08:31:09.0913 1104 viaide - ok

08:31:10.0054 1104 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

08:31:10.0069 1104 volmgr - ok

08:31:10.0210 1104 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

08:31:10.0241 1104 volmgrx - ok

08:31:10.0381 1104 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

08:31:10.0397 1104 volsnap - ok

08:31:10.0522 1104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

08:31:10.0553 1104 vsmraid - ok

08:31:10.0725 1104 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

08:31:10.0849 1104 VSS - ok

08:31:10.0974 1104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

08:31:11.0021 1104 vwifibus - ok

08:31:11.0146 1104 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

08:31:11.0208 1104 vwififlt - ok

08:31:11.0364 1104 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

08:31:11.0380 1104 vwifimp - ok

08:31:11.0489 1104 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

08:31:11.0551 1104 W32Time - ok

08:31:11.0676 1104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

08:31:11.0754 1104 WacomPen - ok

08:31:11.0895 1104 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:31:11.0957 1104 WANARP - ok

08:31:12.0051 1104 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:31:12.0097 1104 Wanarpv6 - ok

08:31:12.0316 1104 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

08:31:12.0363 1104 WatAdminSvc - ok

08:31:12.0519 1104 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

08:31:12.0612 1104 wbengine - ok

08:31:12.0784 1104 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

08:31:12.0831 1104 WbioSrvc - ok

08:31:12.0987 1104 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

08:31:13.0033 1104 wcncsvc - ok

08:31:13.0158 1104 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

08:31:13.0252 1104 WcsPlugInService - ok

08:31:13.0345 1104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

08:31:13.0377 1104 Wd - ok

08:31:13.0486 1104 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

08:31:13.0548 1104 WDC_SAM - ok

08:31:13.0689 1104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

08:31:13.0720 1104 Wdf01000 - ok

08:31:13.0829 1104 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:31:13.0923 1104 WdiServiceHost - ok

08:31:13.0954 1104 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:31:13.0985 1104 WdiSystemHost - ok

08:31:14.0110 1104 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

08:31:14.0157 1104 WebClient - ok

08:31:14.0281 1104 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

08:31:14.0344 1104 Wecsvc - ok

08:31:14.0437 1104 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

08:31:14.0515 1104 wercplsupport - ok

08:31:14.0625 1104 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

08:31:14.0718 1104 WerSvc - ok

08:31:14.0859 1104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

08:31:14.0937 1104 WfpLwf - ok

08:31:15.0046 1104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

08:31:15.0061 1104 WIMMount - ok

08:31:15.0108 1104 WinDefend - ok

08:31:15.0124 1104 WinHttpAutoProxySvc - ok

08:31:15.0264 1104 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

08:31:15.0358 1104 Winmgmt - ok

08:31:15.0529 1104 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

08:31:15.0623 1104 WinRM - ok

08:31:15.0795 1104 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUsb.sys

08:31:15.0873 1104 WinUsb - ok

08:31:16.0013 1104 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

08:31:16.0075 1104 Wlansvc - ok

08:31:16.0294 1104 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

08:31:16.0356 1104 wlidsvc - ok

08:31:16.0497 1104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

08:31:16.0528 1104 WmiAcpi - ok

08:31:16.0684 1104 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

08:31:16.0746 1104 wmiApSrv - ok

08:31:16.0824 1104 WMPNetworkSvc - ok

08:31:16.0918 1104 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

08:31:16.0949 1104 WPCSvc - ok

08:31:17.0074 1104 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

08:31:17.0136 1104 WPDBusEnum - ok

08:31:17.0261 1104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

08:31:17.0323 1104 ws2ifsl - ok

08:31:17.0433 1104 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

08:31:17.0495 1104 wscsvc - ok

08:31:17.0635 1104 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

08:31:17.0698 1104 WSDPrintDevice - ok

08:31:17.0823 1104 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys

08:31:17.0838 1104 WSDScan - ok

08:31:17.0932 1104 WSearch - ok

08:31:18.0057 1104 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

08:31:18.0213 1104 wuauserv - ok

08:31:18.0337 1104 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

08:31:18.0415 1104 WudfPf - ok

08:31:18.0571 1104 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\drivers\WUDFRd.sys

08:31:18.0649 1104 WUDFRd - ok

08:31:18.0774 1104 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

08:31:18.0837 1104 wudfsvc - ok

08:31:18.0961 1104 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

08:31:19.0039 1104 WwanSvc - ok

08:31:19.0133 1104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

08:31:20.0038 1104 \Device\Harddisk0\DR0 - ok

08:31:20.0085 1104 Boot (0x1200) (f67454094dbee62345d515d41a46a235) \Device\Harddisk0\DR0\Partition0

08:31:20.0085 1104 \Device\Harddisk0\DR0\Partition0 - ok

08:31:20.0100 1104 Boot (0x1200) (a4c049075905b6f92957382b9d33b553) \Device\Harddisk0\DR0\Partition1

08:31:20.0100 1104 \Device\Harddisk0\DR0\Partition1 - ok

08:31:20.0116 1104 ============================================================

08:31:20.0116 1104 Scan finished

08:31:20.0116 1104 ============================================================

08:31:20.0131 5516 Detected object count: 1

08:31:20.0131 5516 Actual detected object count: 1

08:32:36.0915 5516 sptd ( LockedFile.Multi.Generic ) - skipped by user

08:32:36.0915 5516 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

08:32:47.0648 3588 Deinitialize success

Share this post


Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

Ok, here is the combofix log:

ComboFix 12-04-18.01 - Owner 04/18/2012 11:26:21.3.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1699 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))

.

.

2012-04-18 16:33 . 2012-04-18 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-18 03:27 . 2012-04-18 03:27 711240 ----a-w- c:\windows\is-K9V0O.exe

2012-04-11 03:54 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 03:54 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 03:54 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 03:54 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 03:54 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-11 03:54 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-11 03:54 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-07 16:36 . 2012-03-14 03:27 8669240 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F96F4DC7-E96F-419B-9720-A3E3BA2AE2C1}\mpengine.dll

2012-04-06 03:27 . 2012-04-06 03:27 -------- d-----w- c:\users\Owner\AppData\Local\{E7B6953F-7F5E-11E1-826D-B8AC6F996F26}

2012-04-05 20:55 . 2012-04-07 14:14 -------- d-----w- c:\users\Owner\AppData\Roaming\Ciwiku

2012-04-05 20:55 . 2012-04-05 20:55 -------- d-----w- c:\users\Owner\AppData\Roaming\Lyihyv

2012-04-05 20:55 . 2012-04-05 20:55 182784 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\otne.exe

2012-04-05 13:50 . 2012-04-05 13:50 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-05 13:50 . 2011-07-26 20:42 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 20:56 . 2010-03-21 03:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-23 15:18 . 2010-02-21 08:07 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-13 22:42 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-13 22:42 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-13 22:42 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-13 22:42 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-14 04:25 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 04:25 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-07 16:02 . 2012-02-07 16:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-03 04:34 . 2012-03-14 04:25 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 06:38 . 2012-03-13 22:42 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-13 22:42 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-13 22:42 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

otne.exe [2012-4-5 182784]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]

2007-11-19 22:17 1261568 ----a-w- c:\program files (x86)\Acer\Acer Assist\launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-03-27 12:41 37296 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]

2009-08-04 05:09 199464 ----a-w- c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

2009-08-18 09:42 1157128 ----a-w- c:\program files (x86)\Launch Manager\LManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]

2009-07-25 00:31 588648 ----a-w- c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2009-07-30 06:20 98304 ----a-w- c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 13:50]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

lxrsii1s

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360210d525l04g4z145t4402x242

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\00u66hgm.default\

FF - prefs.js: browser.startup.homepage - hxxp://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ff&clid=e5053b451ed44eeaa08e2adcc000a661&subid=

FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Owner\AppData\Roaming\Move Networks

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=

FF - user.js: keyword.enabled - 1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

MSConfigStartUp-ArcadeDeluxeAgent - c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

MSConfigStartUp-mcagent_exe - c:\program files (x86)\McAfee.com\Agent\mcagent.exe

MSConfigStartUp-PlayMovie - c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2270189555-2747501707-2644376415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2270189555-2747501707-2644376415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-18 11:38:20

ComboFix-quarantined-files.txt 2012-04-18 16:38

.

Pre-Run: 19,858,268,160 bytes free

Post-Run: 19,798,257,664 bytes free

.

- - End Of File - - 65573C8BDF2E9362767C8F609A0AF8D9

Share this post


Link to post
Share on other sites

Please delete these two folders:

You may have to enable hidden files to see them:

http://www.bleepingc...s-in-windows-7/

c:\users\Owner\AppData\Roaming\Ciwiku

c:\users\Owner\AppData\Roaming\Lyihyv

----------------------------

Do you know what this file is for?

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\otne.exe

-----------------------------------------------

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

--------------------------------------

Then.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Share this post


Link to post
Share on other sites

Ok I deleted the two folders you mentioned, and as far as the otne.exe file I have no idea. Under the properties it says it was created about a week and a half ago, around the same time I noticed the trojan in the first place. I haven't added any programs aside from the malware programs I used through this site.

I ran TFC, rebooted and ran mbam again, didn't find anything but here is the log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.18.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

4/18/2012 12:33:24 PM

mbam-log-2012-04-18 (12-33-24).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 199475

Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Can you manually delete that file?

How's the computer running?? MrC

Share this post


Link to post
Share on other sites

Yes, I deleted it and removed it from the recycle bin then restarted. Seems to be running better overall, the error messages stopped and some of the random minor issues seem to be corrected. Browser speed seems to have improved, but still not sure if it's quite at its original speed. Of course that is just from browsing for a few minutes just to see how it was doing, so difficult to say at this point.

Also noticed that the DDS log showed some svchost processes still running, and those are no longer showing up on the task manager.

Share this post


Link to post
Share on other sites

BTW, should I turn my firewall back on now or leave it off for the time being?

Share this post


Link to post
Share on other sites
Also noticed that the DDS log showed some svchost processes still running, and those are no longer showing up on the task manager.

Several svchost processes running is not unusually.

BTW, should I turn my firewall back on now or leave it off for the time being?

Turn it back on.

We still have some clean up to do, MrC

Share this post


Link to post
Share on other sites

OK...........

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panel > Java > Update Tab > Update Now

Should be Java™ 6 Update 31, not 30

http://www.java.com/...d/installed.jsp <---verify your Java

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Ok I removed all the tools and ran the java update, I'm running a little short on time right now though, I'll be away from my computer for a bit. I will definitely run the java test and post back, probably be tomorrow morning though.

In the meantime I really appreciate the help, thanks a lot man.

Share this post


Link to post
Share on other sites

I don't know, this is kind of a mess. The java test page you provided kept coming back as not detecting java, so I went found a few sites that offer java games and nothing worked on the ie browser I've been using, even though java scripts are enabled on the browser. I checked the version on the control panel and it is the correct updated version. Firefox is running the java programs just fine though. Anyway when I was doing this I noticed even firefox still seems to be running a bit slow. I also notice that in the start menu when I go to all programs pretty much any folder containing something that hasn't been updated today just shows (none) as the contents.

Anyway I'm wondering if just running a system restore would correct some of these problems.

Share this post


Link to post
Share on other sites

Yes all I did was the java update, but I think those issues were there before, I just didn't notice them until after. I ran unhide and the start menu folders are still the same. Anyway, I tried to run windows defender and it kept saying it was turned off, it gave me an error message when I tried to turn it back on. I downloaded Microsoft Security Essentials and it found another trojan file last night, so I deleted that.

Share this post


Link to post
Share on other sites

Oh and all the restore points are gone other than the ones created yesterday, so doesn't seem that would be too much help.

Share this post


Link to post
Share on other sites

That's because we uninstalled ComboFix:

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

----------------------------------------

Also we used TFC which clears out all the temp files on the system.

I wish you had spotted this before I had you run TFC and uninstall ComboFix.

------------------------------------------

So far as the Java problem.....

See this link:

http://forums.whatth...showtopic=68632

Basically uninstall all Java, run JavaRa and reinstall.

Let me know, MrC

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.