Jump to content

backdoor.bot

lilpeanut
 Share

Recommended Posts

lilpeanut

lilpeanut

Posted
Posted

A malwarebytes scan caught something called backdoor.bot, actually 2 instances of it, quarantined and I deleted.

This was just after I did a virus scan on Eset and it said it found a couple of problems which I cleaned from there.

I really want to check to make sure I'm clean and have no more problems as I've heard that this backdoor.bot is really hard to get rid of.

This is a brand new (to me) computer and I am hoping to god I'm clean!

My system info is as follows:

Summary

Operating System

MS Windows 7 Ultimate 32-bit

CPU

Intel Pentium 4

Northwood 0.13um Technology

RAM

1.00 GB Single-Channel DDR @ 166MHz (2.5-3-3-7)

Motherboard

P4VM8 (CPUSocket) 43 °C

Graphics

Generic Non-PnP Monitor (1024x768@1Hz)

128MB Standard VGA Graphics Adapter (MSI)

Hard Drives

39.1GB Western Digital WDC WD400BB-00DGA0 ATA Device (PATA)

Optical Drives

PIONEER DVD-RW DVR-111D ATA Device

SAMSUNG CD-R/RW SW-248F ATA Device

TigerJet CD-ROM USB Device

DTSOFT Virtual CdRom Device

Audio

Rocketfish 5.1

__________________________________________________________________

This was my first malwarebytes scan:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.11.07

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

Systemax :: SYSTEMAX-PC [administrator]

Protection: Enabled

3/11/2012 1:05:05 AM

mbam-log-2012-03-11 (01-05-05).txt

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Registry | File System | P2P

Objects scanned: 165717

Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WinLoad (Backdoor.Bot) -> Data: C:\Windows\system32\Winload.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\System32\winload.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

(end)

_________________________________________________________________

This was the second scan after malwarebytes cleaned it.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.11.07

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

Systemax :: SYSTEMAX-PC [administrator]

Protection: Enabled

3/11/2012 3:43:40 AM

mbam-log-2012-03-11 (03-43-40).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 289639

Time elapsed: 1 hour(s), 5 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

____________________________________________________

I have Avast, ZoneAlarm, Malwarebytes, Spybot and SuperAntiSpyware installed.

Thanks for any help,

lilpeanut

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Hello lilpeanut and welcome back to Malwarebytes! :welcome:

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you. smile.gif

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller report
  • C:\ComboFix.txt
  • checkup.txt

How is your computer running now?

Link to post
Share on other sites
lilpeanut

lilpeanut

Posted
  • Author
Posted

Ran a bunch of scans today, all day. On my way to do all of this now. Be back soon.

Link to post
Share on other sites
lilpeanut

lilpeanut

Posted
  • Author
Posted

Ok, here's the TDSS log:

22:14:02.0912 4928 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

22:14:04.0927 4928 ============================================================

22:14:04.0927 4928 Current date / time: 2012/03/12 22:14:04.0927

22:14:04.0927 4928 SystemInfo:

22:14:04.0927 4928

22:14:04.0927 4928 OS Version: 6.1.7600 ServicePack: 0.0

22:14:04.0927 4928 Product type: Workstation

22:14:04.0927 4928 ComputerName: SYSTEMAX-PC

22:14:04.0927 4928 UserName: Systemax

22:14:04.0927 4928 Windows directory: C:\Windows

22:14:04.0927 4928 System windows directory: C:\Windows

22:14:04.0927 4928 Processor architecture: Intel x86

22:14:04.0927 4928 Number of processors: 1

22:14:04.0927 4928 Page size: 0x1000

22:14:04.0927 4928 Boot type: Normal boot

22:14:04.0927 4928 ============================================================

22:14:10.0990 4928 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x47BD, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050

22:14:11.0146 4928 \Device\Harddisk0\DR0:

22:14:11.0177 4928 MBR used

22:14:11.0177 4928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

22:14:11.0177 4928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A58000

22:14:11.0349 4928 Initialize success

22:14:11.0349 4928 ============================================================

22:16:23.0802 5836 ============================================================

22:16:23.0802 5836 Scan started

22:16:23.0802 5836 Mode: Manual;

22:16:23.0802 5836 ============================================================

22:16:25.0177 5836 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

22:16:25.0193 5836 1394ohci - ok

22:16:25.0474 5836 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

22:16:25.0521 5836 ACPI - ok

22:16:25.0740 5836 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

22:16:25.0740 5836 AcpiPmi - ok

22:16:26.0208 5836 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

22:16:26.0240 5836 adp94xx - ok

22:16:26.0505 5836 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

22:16:26.0537 5836 adpahci - ok

22:16:26.0974 5836 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

22:16:26.0974 5836 adpu320 - ok

22:16:27.0333 5836 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

22:16:27.0380 5836 AFD - ok

22:16:27.0615 5836 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

22:16:27.0630 5836 aic78xx - ok

22:16:27.0787 5836 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

22:16:27.0787 5836 aliide - ok

22:16:27.0943 5836 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

22:16:27.0974 5836 amdagp - ok

22:16:28.0333 5836 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

22:16:28.0349 5836 amdide - ok

22:16:28.0630 5836 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

22:16:28.0630 5836 AmdK8 - ok

22:16:29.0005 5836 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

22:16:29.0037 5836 AmdPPM - ok

22:16:29.0474 5836 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

22:16:29.0490 5836 amdsata - ok

22:16:29.0818 5836 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

22:16:29.0833 5836 amdsbs - ok

22:16:30.0005 5836 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

22:16:30.0005 5836 amdxata - ok

22:16:30.0193 5836 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

22:16:30.0193 5836 AppID - ok

22:16:30.0349 5836 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

22:16:30.0349 5836 arc - ok

22:16:30.0490 5836 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

22:16:30.0490 5836 arcsas - ok

22:16:30.0615 5836 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys

22:16:30.0615 5836 aswFsBlk - ok

22:16:30.0755 5836 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys

22:16:30.0771 5836 aswMonFlt - ok

22:16:30.0990 5836 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys

22:16:30.0990 5836 aswRdr - ok

22:16:31.0162 5836 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys

22:16:31.0193 5836 aswSnx - ok

22:16:31.0380 5836 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys

22:16:31.0412 5836 aswSP - ok

22:16:31.0552 5836 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys

22:16:31.0552 5836 aswTdi - ok

22:16:31.0646 5836 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

22:16:31.0646 5836 AsyncMac - ok

22:16:31.0724 5836 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

22:16:31.0724 5836 atapi - ok

22:16:31.0927 5836 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

22:16:31.0943 5836 b06bdrv - ok

22:16:32.0083 5836 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

22:16:32.0099 5836 b57nd60x - ok

22:16:32.0240 5836 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

22:16:32.0240 5836 Beep - ok

22:16:32.0427 5836 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

22:16:32.0427 5836 blbdrive - ok

22:16:32.0677 5836 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

22:16:32.0677 5836 bowser - ok

22:16:32.0802 5836 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:16:32.0802 5836 BrFiltLo - ok

22:16:32.0927 5836 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:16:32.0927 5836 BrFiltUp - ok

22:16:33.0068 5836 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

22:16:33.0083 5836 Brserid - ok

22:16:33.0193 5836 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

22:16:33.0208 5836 BrSerWdm - ok

22:16:33.0333 5836 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:16:33.0333 5836 BrUsbMdm - ok

22:16:33.0458 5836 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

22:16:33.0458 5836 BrUsbSer - ok

22:16:33.0583 5836 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

22:16:33.0583 5836 BTHMODEM - ok

22:16:33.0740 5836 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

22:16:33.0740 5836 cdfs - ok

22:16:33.0865 5836 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

22:16:33.0880 5836 cdrom - ok

22:16:34.0021 5836 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

22:16:34.0021 5836 circlass - ok

22:16:34.0146 5836 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

22:16:34.0162 5836 CLFS - ok

22:16:34.0318 5836 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

22:16:34.0318 5836 CmBatt - ok

22:16:34.0443 5836 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

22:16:34.0443 5836 cmdide - ok

22:16:34.0583 5836 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys

22:16:34.0599 5836 CNG - ok

22:16:34.0708 5836 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

22:16:34.0708 5836 Compbatt - ok

22:16:34.0833 5836 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

22:16:34.0833 5836 CompositeBus - ok

22:16:35.0099 5836 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

22:16:35.0099 5836 crcdisk - ok

22:16:35.0255 5836 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

22:16:35.0271 5836 CSC - ok

22:16:35.0490 5836 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

22:16:35.0490 5836 DfsC - ok

22:16:35.0615 5836 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

22:16:35.0630 5836 discache - ok

22:16:35.0740 5836 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

22:16:35.0740 5836 Disk - ok

22:16:35.0896 5836 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

22:16:35.0896 5836 drmkaud - ok

22:16:36.0052 5836 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

22:16:36.0068 5836 dtsoftbus01 - ok

22:16:36.0255 5836 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

22:16:36.0287 5836 DXGKrnl - ok

22:16:36.0568 5836 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

22:16:36.0724 5836 ebdrv - ok

22:16:36.0896 5836 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

22:16:36.0912 5836 elxstor - ok

22:16:37.0021 5836 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

22:16:37.0021 5836 ErrDev - ok

22:16:37.0177 5836 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

22:16:37.0193 5836 exfat - ok

22:16:37.0302 5836 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

22:16:37.0318 5836 fastfat - ok

22:16:37.0458 5836 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

22:16:37.0458 5836 fdc - ok

22:16:37.0662 5836 FETNDIS (f5cb6cb6d12f495516be27cffccde4bf) C:\Windows\system32\DRIVERS\fetnd6.sys

22:16:37.0662 5836 FETNDIS - ok

22:16:37.0802 5836 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

22:16:37.0802 5836 FileInfo - ok

22:16:37.0927 5836 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

22:16:37.0927 5836 Filetrace - ok

22:16:38.0052 5836 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

22:16:38.0052 5836 flpydisk - ok

22:16:38.0208 5836 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

22:16:38.0224 5836 FltMgr - ok

22:16:38.0365 5836 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

22:16:38.0365 5836 FsDepends - ok

22:16:38.0474 5836 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

22:16:38.0490 5836 Fs_Rec - ok

22:16:38.0630 5836 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

22:16:38.0646 5836 fvevol - ok

22:16:38.0755 5836 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:16:38.0755 5836 gagp30kx - ok

22:16:38.0927 5836 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

22:16:38.0927 5836 hcw85cir - ok

22:16:39.0052 5836 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

22:16:39.0068 5836 HDAudBus - ok

22:16:39.0177 5836 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

22:16:39.0177 5836 HidBatt - ok

22:16:39.0302 5836 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

22:16:39.0318 5836 HidBth - ok

22:16:39.0474 5836 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

22:16:39.0474 5836 HidIr - ok

22:16:39.0630 5836 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

22:16:39.0630 5836 HidUsb - ok

22:16:39.0771 5836 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

22:16:39.0787 5836 HpSAMD - ok

22:16:39.0943 5836 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

22:16:39.0974 5836 HTTP - ok

22:16:40.0099 5836 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

22:16:40.0099 5836 hwpolicy - ok

22:16:40.0224 5836 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

22:16:40.0240 5836 i8042prt - ok

22:16:40.0380 5836 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

22:16:40.0396 5836 iaStorV - ok

22:16:40.0568 5836 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

22:16:40.0568 5836 iirsp - ok

22:16:40.0740 5836 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

22:16:40.0740 5836 intelide - ok

22:16:40.0865 5836 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

22:16:40.0865 5836 intelppm - ok

22:16:41.0099 5836 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:16:41.0115 5836 IpFilterDriver - ok

22:16:41.0255 5836 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

22:16:41.0255 5836 IPMIDRV - ok

22:16:41.0396 5836 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

22:16:41.0412 5836 IPNAT - ok

22:16:41.0537 5836 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

22:16:41.0537 5836 IRENUM - ok

22:16:41.0662 5836 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

22:16:41.0662 5836 isapnp - ok

22:16:41.0787 5836 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

22:16:41.0802 5836 iScsiPrt - ok

22:16:41.0912 5836 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

22:16:41.0912 5836 ISWKL - ok

22:16:42.0068 5836 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

22:16:42.0068 5836 kbdclass - ok

22:16:42.0193 5836 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

22:16:42.0193 5836 kbdhid - ok

22:16:42.0333 5836 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys

22:16:42.0333 5836 KSecDD - ok

22:16:42.0458 5836 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys

22:16:42.0474 5836 KSecPkg - ok

22:16:42.0646 5836 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

22:16:42.0662 5836 lltdio - ok

22:16:42.0833 5836 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:16:42.0849 5836 LSI_FC - ok

22:16:42.0974 5836 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:16:42.0990 5836 LSI_SAS - ok

22:16:43.0115 5836 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:16:43.0115 5836 LSI_SAS2 - ok

22:16:43.0240 5836 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:16:43.0255 5836 LSI_SCSI - ok

22:16:43.0380 5836 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

22:16:43.0380 5836 luafv - ok

22:16:43.0615 5836 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

22:16:43.0615 5836 MBAMProtector - ok

22:16:43.0787 5836 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

22:16:43.0849 5836 megasas - ok

22:16:43.0974 5836 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

22:16:43.0990 5836 MegaSR - ok

22:16:44.0130 5836 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

22:16:44.0130 5836 Modem - ok

22:16:44.0271 5836 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

22:16:44.0271 5836 monitor - ok

22:16:44.0396 5836 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

22:16:44.0396 5836 mouclass - ok

22:16:44.0521 5836 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

22:16:44.0521 5836 mouhid - ok

22:16:44.0646 5836 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

22:16:44.0646 5836 mountmgr - ok

22:16:44.0771 5836 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

22:16:44.0787 5836 mpio - ok

22:16:44.0958 5836 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

22:16:44.0958 5836 mpsdrv - ok

22:16:45.0083 5836 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

22:16:45.0099 5836 MRxDAV - ok

22:16:45.0240 5836 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:16:45.0240 5836 mrxsmb - ok

22:16:45.0380 5836 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:16:45.0396 5836 mrxsmb10 - ok

22:16:45.0505 5836 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:16:45.0521 5836 mrxsmb20 - ok

22:16:45.0646 5836 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

22:16:45.0646 5836 msahci - ok

22:16:45.0787 5836 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

22:16:45.0787 5836 msdsm - ok

22:16:45.0974 5836 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

22:16:45.0974 5836 Msfs - ok

22:16:46.0099 5836 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

22:16:46.0099 5836 mshidkmdf - ok

22:16:46.0224 5836 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

22:16:46.0224 5836 msisadrv - ok

22:16:46.0365 5836 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

22:16:46.0365 5836 MSKSSRV - ok

22:16:46.0474 5836 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

22:16:46.0490 5836 MSPCLOCK - ok

22:16:46.0599 5836 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

22:16:46.0599 5836 MSPQM - ok

22:16:46.0740 5836 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

22:16:46.0740 5836 MsRPC - ok

22:16:46.0880 5836 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

22:16:46.0880 5836 mssmbios - ok

22:16:47.0005 5836 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

22:16:47.0005 5836 MSTEE - ok

22:16:47.0130 5836 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

22:16:47.0146 5836 MTConfig - ok

22:16:47.0240 5836 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

22:16:47.0255 5836 Mup - ok

22:16:47.0396 5836 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

22:16:47.0412 5836 NativeWifiP - ok

22:16:47.0583 5836 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

22:16:47.0615 5836 NDIS - ok

22:16:47.0818 5836 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

22:16:47.0818 5836 NdisCap - ok

22:16:47.0927 5836 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

22:16:47.0927 5836 NdisTapi - ok

22:16:48.0068 5836 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

22:16:48.0068 5836 Ndisuio - ok

22:16:48.0224 5836 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

22:16:48.0224 5836 NdisWan - ok

22:16:48.0349 5836 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

22:16:48.0365 5836 NDProxy - ok

22:16:48.0490 5836 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

22:16:48.0490 5836 NetBIOS - ok

22:16:48.0646 5836 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

22:16:48.0646 5836 NetBT - ok

22:16:48.0833 5836 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

22:16:48.0833 5836 nfrd960 - ok

22:16:48.0974 5836 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

22:16:48.0974 5836 Npfs - ok

22:16:49.0115 5836 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

22:16:49.0115 5836 nsiproxy - ok

22:16:49.0302 5836 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

22:16:49.0380 5836 Ntfs - ok

22:16:49.0505 5836 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

22:16:49.0505 5836 Null - ok

22:16:49.0662 5836 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

22:16:49.0662 5836 nvraid - ok

22:16:49.0802 5836 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

22:16:49.0818 5836 nvstor - ok

22:16:49.0927 5836 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

22:16:49.0943 5836 nv_agp - ok

22:16:50.0052 5836 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

22:16:50.0068 5836 ohci1394 - ok

22:16:50.0287 5836 P17 (f2519d547a6ac2afe0df0dc826a085a7) C:\Windows\system32\drivers\P17.sys

22:16:50.0349 5836 P17 - ok

22:16:50.0505 5836 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

22:16:50.0505 5836 Parport - ok

22:16:50.0630 5836 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

22:16:50.0646 5836 partmgr - ok

22:16:50.0755 5836 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

22:16:50.0755 5836 Parvdm - ok

22:16:50.0896 5836 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

22:16:50.0912 5836 pci - ok

22:16:51.0037 5836 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

22:16:51.0037 5836 pciide - ok

22:16:51.0162 5836 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

22:16:51.0193 5836 pcmcia - ok

22:16:51.0615 5836 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

22:16:51.0615 5836 pcw - ok

22:16:51.0787 5836 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

22:16:51.0818 5836 PEAUTH - ok

22:16:52.0099 5836 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

22:16:52.0099 5836 PptpMiniport - ok

22:16:52.0224 5836 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

22:16:52.0240 5836 Processor - ok

22:16:52.0380 5836 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

22:16:52.0396 5836 Psched - ok

22:16:52.0583 5836 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

22:16:52.0646 5836 ql2300 - ok

22:16:52.0802 5836 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

22:16:52.0802 5836 ql40xx - ok

22:16:52.0958 5836 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

22:16:52.0958 5836 QWAVEdrv - ok

22:16:53.0130 5836 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

22:16:53.0130 5836 RasAcd - ok

22:16:53.0271 5836 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:16:53.0271 5836 RasAgileVpn - ok

22:16:53.0412 5836 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:16:53.0412 5836 Rasl2tp - ok

22:16:53.0552 5836 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

22:16:53.0552 5836 RasPppoe - ok

22:16:53.0693 5836 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

22:16:53.0693 5836 RasSstp - ok

22:16:53.0818 5836 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

22:16:53.0833 5836 rdbss - ok

22:16:53.0974 5836 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

22:16:53.0974 5836 rdpbus - ok

22:16:54.0115 5836 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:16:54.0115 5836 RDPCDD - ok

22:16:54.0302 5836 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

22:16:54.0318 5836 RDPDR - ok

22:16:54.0427 5836 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

22:16:54.0427 5836 RDPENCDD - ok

22:16:54.0568 5836 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

22:16:54.0568 5836 RDPREFMP - ok

22:16:54.0693 5836 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

22:16:54.0708 5836 RDPWD - ok

22:16:54.0833 5836 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

22:16:54.0849 5836 rdyboost - ok

22:16:55.0052 5836 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

22:16:55.0052 5836 rspndr - ok

22:16:55.0208 5836 RTL8192su (83e64d86a4d888d973de824780567518) C:\Windows\system32\DRIVERS\RTL8192su.sys

22:16:55.0240 5836 RTL8192su - ok

22:16:55.0365 5836 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

22:16:55.0365 5836 s3cap - ok

22:16:55.0412 5836 SABProcEnum - ok

22:16:55.0505 5836 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

22:16:55.0505 5836 SASDIFSV - ok

22:16:55.0537 5836 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

22:16:55.0552 5836 SASKUTIL - ok

22:16:55.0693 5836 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

22:16:55.0708 5836 sbp2port - ok

22:16:55.0896 5836 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

22:16:55.0896 5836 scfilter - ok

22:16:56.0052 5836 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

22:16:56.0052 5836 secdrv - ok

22:16:56.0240 5836 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

22:16:56.0240 5836 Serenum - ok

22:16:56.0365 5836 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

22:16:56.0365 5836 Serial - ok

22:16:56.0490 5836 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

22:16:56.0505 5836 sermouse - ok

22:16:56.0677 5836 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

22:16:56.0677 5836 sffdisk - ok

22:16:56.0802 5836 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

22:16:56.0818 5836 sffp_mmc - ok

22:16:56.0943 5836 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys

22:16:56.0943 5836 sffp_sd - ok

22:16:57.0068 5836 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

22:16:57.0068 5836 sfloppy - ok

22:16:57.0240 5836 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:16:57.0240 5836 SiSRaid2 - ok

22:16:57.0380 5836 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

22:16:57.0380 5836 SiSRaid4 - ok

22:16:57.0505 5836 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

22:16:57.0505 5836 Smb - ok

22:16:57.0708 5836 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

22:16:57.0708 5836 spldr - ok

22:16:57.0896 5836 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

22:16:57.0912 5836 srv - ok

22:16:58.0037 5836 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

22:16:58.0068 5836 srv2 - ok

22:16:58.0255 5836 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

22:16:58.0255 5836 srvnet - ok

22:16:58.0458 5836 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

22:16:58.0505 5836 stexstor - ok

22:16:58.0630 5836 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

22:16:58.0646 5836 storflt - ok

22:16:58.0755 5836 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

22:16:58.0755 5836 storvsc - ok

22:16:58.0927 5836 SWDUMon (7168ea26833301750562bfd0a16a66d3) C:\Windows\system32\DRIVERS\SWDUMon.sys

22:16:58.0927 5836 SWDUMon - ok

22:16:59.0052 5836 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

22:16:59.0052 5836 swenum - ok

22:16:59.0302 5836 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys

22:16:59.0365 5836 Tcpip - ok

22:16:59.0552 5836 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys

22:16:59.0568 5836 TCPIP6 - ok

22:16:59.0740 5836 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

22:16:59.0740 5836 tcpipreg - ok

22:16:59.0896 5836 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

22:16:59.0896 5836 TDPIPE - ok

22:17:00.0068 5836 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

22:17:00.0068 5836 TDTCP - ok

22:17:00.0302 5836 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

22:17:00.0302 5836 tdx - ok

22:17:00.0427 5836 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

22:17:00.0427 5836 TermDD - ok

22:17:00.0615 5836 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:17:00.0615 5836 tssecsrv - ok

22:17:00.0771 5836 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

22:17:00.0771 5836 tunnel - ok

22:17:00.0896 5836 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

22:17:00.0912 5836 uagp35 - ok

22:17:01.0052 5836 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

22:17:01.0068 5836 udfs - ok

22:17:01.0224 5836 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

22:17:01.0224 5836 uliagpkx - ok

22:17:01.0365 5836 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

22:17:01.0365 5836 umbus - ok

22:17:01.0490 5836 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

22:17:01.0490 5836 UmPass - ok

22:17:01.0630 5836 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys

22:17:01.0646 5836 usbaudio - ok

22:17:01.0818 5836 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys

22:17:01.0818 5836 usbccgp - ok

22:17:01.0958 5836 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

22:17:01.0958 5836 usbcir - ok

22:17:02.0099 5836 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys

22:17:02.0099 5836 usbehci - ok

22:17:02.0240 5836 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys

22:17:02.0255 5836 usbhub - ok

22:17:02.0365 5836 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys

22:17:02.0365 5836 usbohci - ok

22:17:02.0490 5836 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

22:17:02.0505 5836 usbprint - ok

22:17:02.0630 5836 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

22:17:02.0630 5836 usbscan - ok

22:17:02.0755 5836 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:17:02.0755 5836 USBSTOR - ok

22:17:02.0896 5836 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys

22:17:02.0896 5836 usbuhci - ok

22:17:03.0052 5836 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

22:17:03.0052 5836 vdrvroot - ok

22:17:03.0193 5836 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

22:17:03.0193 5836 vga - ok

22:17:03.0333 5836 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

22:17:03.0333 5836 VgaSave - ok

22:17:03.0474 5836 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

22:17:03.0490 5836 vhdmp - ok

22:17:03.0646 5836 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

22:17:03.0646 5836 viaagp - ok

22:17:03.0771 5836 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

22:17:03.0787 5836 ViaC7 - ok

22:17:03.0912 5836 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

22:17:03.0927 5836 viaide - ok

22:17:04.0099 5836 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

22:17:04.0115 5836 vmbus - ok

22:17:04.0240 5836 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

22:17:04.0240 5836 VMBusHID - ok

22:17:04.0365 5836 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

22:17:04.0365 5836 volmgr - ok

22:17:04.0552 5836 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

22:17:04.0568 5836 volmgrx - ok

22:17:04.0693 5836 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

22:17:04.0708 5836 volsnap - ok

22:17:04.0880 5836 Vsdatant (6292c794ba68e0f46a6d45468461afe1) C:\Windows\system32\DRIVERS\vsdatant.sys

22:17:04.0896 5836 Vsdatant - ok

22:17:05.0068 5836 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

22:17:05.0083 5836 vsmraid - ok

22:17:05.0224 5836 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

22:17:05.0224 5836 vwifibus - ok

22:17:05.0365 5836 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

22:17:05.0380 5836 vwififlt - ok

22:17:05.0521 5836 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

22:17:05.0537 5836 WacomPen - ok

22:17:05.0662 5836 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

22:17:05.0677 5836 WANARP - ok

22:17:05.0693 5836 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

22:17:05.0693 5836 Wanarpv6 - ok

22:17:05.0896 5836 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

22:17:05.0896 5836 Wd - ok

22:17:06.0130 5836 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

22:17:06.0146 5836 Wdf01000 - ok

22:17:06.0365 5836 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

22:17:06.0365 5836 WfpLwf - ok

22:17:06.0490 5836 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

22:17:06.0505 5836 WIMMount - ok

22:17:06.0740 5836 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

22:17:06.0740 5836 WmiAcpi - ok

22:17:06.0927 5836 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

22:17:06.0927 5836 ws2ifsl - ok

22:17:07.0099 5836 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

22:17:07.0099 5836 WudfPf - ok

22:17:07.0271 5836 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:17:07.0287 5836 WUDFRd - ok

22:17:07.0365 5836 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:17:07.0412 5836 \Device\Harddisk0\DR0 - ok

22:17:07.0427 5836 Boot (0x1200) (abffd3552967606299902c344b156148) \Device\Harddisk0\DR0\Partition0

22:17:07.0427 5836 \Device\Harddisk0\DR0\Partition0 - ok

22:17:07.0458 5836 Boot (0x1200) (01cdbc96c4154b4f478a70dbe7c57182) \Device\Harddisk0\DR0\Partition1

22:17:07.0458 5836 \Device\Harddisk0\DR0\Partition1 - ok

22:17:07.0458 5836 ============================================================

22:17:07.0458 5836 Scan finished

22:17:07.0458 5836 ============================================================

22:17:07.0490 5348 Detected object count: 0

22:17:07.0490 5348 Actual detected object count: 0

22:18:07.0380 5032 Deinitialize success

)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

Here is the Combofix log:

ComboFix 12-03-12.03 - Systemax 03/12/2012 22:28:44.1.1 - x86

Microsoft® Windows 7 Eternity™ 2009 6.1.7600.0.1252.1.1033.18.1023.435 [GMT -5:00]

Running from: c:\users\Systemax\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll

c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat

c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe

c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico

c:\windows\system32\explorer32

c:\windows\system32\explorer32\alertopen.wav

c:\windows\system32\explorer32\application.config

c:\windows\system32\explorer32\closewindow.wav

c:\windows\system32\explorer32\explorer.chm

c:\windows\system32\explorer32\explorer.chw

c:\windows\system32\explorer32\goodbye.wav

c:\windows\system32\explorer32\IdleTime.ocx

c:\windows\system32\explorer32\MonthView.ocx

c:\windows\system32\explorer32\Netlogon.exe

c:\windows\system32\explorer32\olSecurity.dll

c:\windows\system32\explorer32\PCTT.exe

c:\windows\system32\explorer32\Recycle\030412\Systemax\c11462330818.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c13042044639.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c14924573898.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c16987347602.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c17908930778.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c20601719617.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c20762729644.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c21940910816.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c22778159379.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c23528224229.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c25460189580.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c25662893056.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c27294236421.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c27294683456.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c2888578176.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c29725801944.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c3095060586.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c32271766662.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c32973593473.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c33101689815.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c33980607986.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c34060657024.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c34539163112.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c34772640466.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c37051534652.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c40184205770.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c40642130374.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c41003668308.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c41296780109.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c42291826009.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c42753332853.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c44386249780.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c4493385553.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c46187436580.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c47997826337.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c48047471046.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c48242807388.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c48983043432.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c49216562509.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c49521130323.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c50906813144.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c53824633359.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c54091358184.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c54294115304.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c54317700862.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c54766851663.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c58862859010.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c58979254961.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c61918759346.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c62020957469.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c63437193632.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c67242759466.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c67364668846.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c68081939220.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c69528180360.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c70554751157.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c72189509868.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c75068771839.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c75490832328.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c75772929191.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c79012888669.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c8069133758.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c81466394662.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c82622551918.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c84724551439.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c86453449726.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c87254685163.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c88660007715.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c8989655971.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c92295455932.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c92344516515.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c92761653661.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c92788308858.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c9542906284.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c96042281389.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c9792983531.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c99373131990.dxc

c:\windows\system32\explorer32\Recycle\030412\Systemax\c99677139520.dxc

c:\windows\system32\explorer32\Recycle\app.log

c:\windows\system32\explorer32\Recycle\k1050970.kbp

c:\windows\system32\explorer32\Recycle\k11733858.kbp

c:\windows\system32\explorer32\Recycle\k1180500.kbp

c:\windows\system32\explorer32\Recycle\k131218.kbp

c:\windows\system32\explorer32\Recycle\k1313080.kbp

c:\windows\system32\explorer32\Recycle\k1313524.kbp

c:\windows\system32\explorer32\Recycle\k1315188.kbp

c:\windows\system32\explorer32\Recycle\k1377746.kbp

c:\windows\system32\explorer32\Recycle\k1443918.kbp

c:\windows\system32\explorer32\Recycle\k1444168.kbp

c:\windows\system32\explorer32\Recycle\k1509778.kbp

c:\windows\system32\explorer32\Recycle\k1574354.kbp

c:\windows\system32\explorer32\Recycle\k1640686.kbp

c:\windows\system32\explorer32\Recycle\k1705426.kbp

c:\windows\system32\explorer32\Recycle\k1707568.kbp

c:\windows\system32\explorer32\Recycle\k1902902.kbp

c:\windows\system32\explorer32\Recycle\k2032590.kbp

c:\windows\system32\explorer32\Recycle\k2034118.kbp

c:\windows\system32\explorer32\Recycle\k2099486.kbp

c:\windows\system32\explorer32\Recycle\k2755332.kbp

c:\windows\system32\explorer32\Recycle\k2819262.kbp

c:\windows\system32\explorer32\Recycle\k2822258.kbp

c:\windows\system32\explorer32\Recycle\k2949634.kbp

c:\windows\system32\explorer32\Recycle\k2951478.kbp

c:\windows\system32\explorer32\Recycle\k2951838.kbp

c:\windows\system32\explorer32\Recycle\k3213612.kbp

c:\windows\system32\explorer32\Recycle\k328042.kbp

c:\windows\system32\explorer32\Recycle\k328828.kbp

c:\windows\system32\explorer32\Recycle\k328848.kbp

c:\windows\system32\explorer32\Recycle\k3411028.kbp

c:\windows\system32\explorer32\Recycle\k3541612.kbp

c:\windows\system32\explorer32\Recycle\k3543006.kbp

c:\windows\system32\explorer32\Recycle\k3805692.kbp

c:\windows\system32\explorer32\Recycle\k4131018.kbp

c:\windows\system32\explorer32\Recycle\k4131080.kbp

c:\windows\system32\explorer32\Recycle\k4262030.kbp

c:\windows\system32\explorer32\Recycle\k4458642.kbp

c:\windows\system32\explorer32\Recycle\k4525244.kbp

c:\windows\system32\explorer32\Recycle\k4525250.kbp

c:\windows\system32\explorer32\Recycle\k4589802.kbp

c:\windows\system32\explorer32\Recycle\k459058.kbp

c:\windows\system32\explorer32\Recycle\k4655024.kbp

c:\windows\system32\explorer32\Recycle\k4721352.kbp

c:\windows\system32\explorer32\Recycle\k5046754.kbp

c:\windows\system32\explorer32\Recycle\k525254.kbp

c:\windows\system32\explorer32\Recycle\k526734.kbp

c:\windows\system32\explorer32\Recycle\k5441990.kbp

c:\windows\system32\explorer32\Recycle\k5702906.kbp

c:\windows\system32\explorer32\Recycle\k5770482.kbp

c:\windows\system32\explorer32\Recycle\k5833978.kbp

c:\windows\system32\explorer32\Recycle\k5899514.kbp

c:\windows\system32\explorer32\Recycle\k65612.kbp

c:\windows\system32\explorer32\Recycle\k657786.kbp

c:\windows\system32\explorer32\Recycle\k6951018.kbp

c:\windows\system32\explorer32\Recycle\k721818.kbp

c:\windows\system32\explorer32\Recycle\k854398.kbp

c:\windows\system32\explorer32\Recycle\k9307030.kbp

c:\windows\system32\explorer32\Recycle\k9700178.kbp

c:\windows\system32\explorer32\Recycle\NoChat.html

c:\windows\system32\explorer32\Recycle\NoClipboard.htm

c:\windows\system32\explorer32\Recycle\NoEmails.htm

c:\windows\system32\explorer32\Recycle\NoHistory.htm

c:\windows\system32\explorer32\Recycle\upgradebrowser.htm

c:\windows\system32\explorer32\Recycle\Windows.log

c:\windows\system32\explorer32\regnow.chm

c:\windows\system32\explorer32\rollopen.wav

c:\windows\system32\explorer32\rollover.wav

c:\windows\system32\explorer32\start.wav

c:\windows\system32\explorer32\stop.wav

c:\windows\system32\explorer32\win32nls.dll

c:\windows\system32\Instructions.htm

.

.

((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))

.

.

2012-03-13 03:46 . 2012-03-13 03:46 -------- d-----w- c:\users\Jeannie\AppData\Local\temp

2012-03-13 03:46 . 2012-03-13 03:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-13 03:46 . 2012-03-13 03:46 -------- d-----w- c:\users\Bud\AppData\Local\temp

2012-03-12 23:19 . 2012-03-12 23:19 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-03-12 23:18 . 2012-03-12 23:18 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-03-12 23:18 . 2012-03-12 23:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-03-12 23:18 . 2012-03-12 23:18 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-03-11 18:11 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-03-11 07:57 . 2012-03-11 07:59 -------- d-----w- c:\program files\CheckPoint

2012-03-11 06:58 . 2012-03-11 06:58 -------- d-----w- c:\program files\MSXML 4.0

2012-03-11 06:51 . 2012-03-11 06:51 -------- d-----w- c:\users\Systemax\AppData\Roaming\Apple Computer

2012-03-11 05:14 . 2012-03-11 05:14 -------- d-----w- c:\program files\ESET

2012-03-11 03:54 . 2012-03-11 03:54 -------- d-----w- c:\users\Systemax\AppData\Local\DDMSettings

2012-03-11 03:48 . 2012-03-11 03:50 -------- d-----w- c:\program files\Common Files\DivX Shared

2012-03-10 19:16 . 2012-03-10 19:16 -------- d-----w- c:\users\Systemax\AppData\Local\Help

2012-03-10 19:15 . 2009-08-04 17:56 296960 ----a-w- c:\windows\winhlp32.exe

2012-03-10 19:15 . 2009-08-04 17:55 195072 ----a-w- c:\windows\system32\ftsrch.dll

2012-03-10 19:15 . 2009-08-04 17:55 9216 ----a-w- c:\windows\system32\ftlx0411.dll

2012-03-10 19:15 . 2009-08-04 17:55 10240 ----a-w- c:\windows\system32\ftlx041e.dll

2012-03-10 18:22 . 2012-03-10 18:22 -------- d-----w- c:\windows\BBSTORE

2012-03-10 18:20 . 2001-09-05 11:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2012-03-10 18:20 . 2001-09-05 11:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll

2012-03-10 18:20 . 2001-09-05 11:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2012-03-10 18:20 . 2001-09-05 11:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2012-03-10 18:16 . 2012-03-11 01:27 -------- d-----w- C:\FTW

2012-03-09 20:55 . 2012-03-09 20:55 -------- d-----w- c:\program files\Common Files\Java

2012-03-09 20:47 . 2012-03-09 20:47 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2012-03-09 08:40 . 2012-03-09 08:40 -------- d-----w- c:\program files\Stellar Phoenix Photo Recovery

2012-03-09 07:45 . 2012-03-09 08:07 -------- d-----w- c:\program files\Wondershare

2012-03-09 00:00 . 2012-03-09 00:01 -------- d-----w- c:\program files\Recuva

2012-03-08 23:21 . 2012-03-08 23:22 -------- d-----w- C:\PICDISK

2012-03-08 08:12 . 2012-03-08 08:12 -------- d-----w- c:\programdata\Apple Computer

2012-03-08 08:10 . 2012-03-08 08:10 -------- d-----w- c:\program files\Common Files\Apple

2012-03-08 08:10 . 2012-03-08 08:10 -------- d-----w- c:\users\Systemax\AppData\Local\Apple

2012-03-08 08:10 . 2012-03-08 08:10 -------- d-----w- c:\program files\Apple Software Update

2012-03-08 08:10 . 2012-03-08 08:10 -------- d-----w- c:\programdata\Apple

2012-03-03 20:05 . 2012-03-03 20:05 -------- d-----w- c:\program files\Common Files\Outlook Security Manager

2012-03-02 22:57 . 2012-03-02 22:57 -------- d-----w- c:\program files\SpeedBit Video Accelerator

2012-03-02 13:11 . 1995-09-30 01:37 30048 ----a-w- c:\windows\UNWISE.EXE

2012-03-02 12:39 . 2012-03-03 06:44 -------- d-----w- c:\users\Systemax\AppData\Roaming\NoteTab Light

2012-03-01 22:32 . 2012-03-03 06:47 -------- d-----w- c:\programdata\PCPitstop

2012-02-24 03:58 . 2012-02-24 03:58 -------- d-----w- c:\users\Systemax\AppData\Local\EasySector

2012-02-24 03:58 . 2012-02-24 03:58 -------- d-----w- c:\program files\EasySector

2012-02-15 21:15 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 21:14 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 21:14 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 21:11 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-11 09:12 . 2010-12-23 06:37 507568 ----a-w- c:\windows\system32\winload.exe

2012-03-09 20:47 . 2011-12-19 19:01 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-06 23:15 . 2012-01-23 14:22 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:15 . 2012-01-23 14:22 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-06 23:03 . 2012-01-23 14:23 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-06 23:03 . 2012-01-23 14:23 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-06 23:01 . 2012-01-23 14:23 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-06 23:01 . 2012-01-23 14:23 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-03-06 23:01 . 2012-01-23 14:23 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-02 22:31 . 2010-12-23 07:59 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2012-03-01 23:33 . 2012-01-13 17:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-09 17:03 . 2012-02-09 17:03 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-02-09 17:03 . 2012-02-09 17:03 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-01-17 16:17 . 2012-01-17 16:17 356352 ----a-w- c:\windows\system32\UninstallPCTT.exe

2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

2011-12-15 01:32 . 2011-12-15 01:32 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-12-15 01:32 . 2011-12-15 01:32 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-12-15 01:31 . 2011-12-15 01:31 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-12-15 01:31 . 2011-12-15 01:31 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2006-05-31 14:14 . 2006-05-31 14:14 108056 ----a-w- c:\program files\Common Files\secman.dll

2006-03-12 00:09 . 2006-03-12 00:09 626176 ----a-w- c:\program files\Common Files\osmax.ocx

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\users\Systemax\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]

"VideoAcceleratorCommTest"="c:\program files\SpeedBit Video Accelerator\CommTest.exe" [2012-01-13 1355976]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-02-04 160328]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-09 296056]

"VolPanel"="c:\program files\RocketFish\RF5.1\Volume Panel\VolPanlu.exe" [2009-07-07 241789]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-19 73360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2009-9-16 495616]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1033 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:C:\Program

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2012-02-09 17:03 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [2012-02-28 2550448]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 135664]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2012-03-02 265928]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-24 79360]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 135664]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-07 583680]

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-03-02 11232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-24 1343400]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-07 239168]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]

S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 27016]

S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 497280]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 98992008

*Deregistered* - 98992008

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPService REG_MULTI_SZ HPSLPSVC

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-03 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2011-12-16 15:50]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 07:40]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 07:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.charter.net/

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

Trusted Zone: eset.com\go

Trusted Zone: hp.com\www

Trusted Zone: live.com\explore

Trusted Zone: msn.com

Trusted Zone: yahoo.com

Trusted Zone: zonealarm.com

TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53

FF - ProfilePath - c:\users\Systemax\AppData\Roaming\Mozilla\Firefox\profiles\3lq1qeky.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-ISW - (no file)

AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(564)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

Completion time: 2012-03-12 22:59:30

ComboFix-quarantined-files.txt 2012-03-13 03:59

.

Pre-Run: 13,716,631,552 bytes free

Post-Run: 13,756,006,400 bytes free

.

- - End Of File - - FF0D84D0F18099A002AA3C3A613F1294

)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

And here is the Security Check Log:

Results of screen317's Security Check version 0.99.24

x86 (UAC is disabled!)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

avast! Free Antivirus

ZoneAlarm Firewall

ZoneAlarm Free

ZoneAlarm Toolbar

ZoneAlarm Security

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

SUPERAntiSpyware

CCleaner

Java 6 Update 31

Out of date Java installed!

Adobe Flash Player 11.1.102.62

Adobe Reader X (10.1.2)

Mozilla Firefox (3.6.25) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

CheckPoint ZoneAlarm vsmon.exe

CheckPoint ZoneAlarm zatray.exe

``````````End of Log````````````

)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

I know my Firefox is out of date but in order to use my RoboForm it has to be or RoboForm won't work.

lilpeanut

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

I'm not seeing anything particuarly dangerous in your logs at this point, which is good ;).

Since you have Avast installed, please run a scan with that, and post me the contents of the report it creates. Let me know how things go :).

Link to post
Share on other sites
lilpeanut

lilpeanut

Posted
  • Author
Posted

I keep having a problem connecting to the internet. I seem to be able to load 1 or 2 pages then all of a sudden I lose the connection and have to do a troubleshoot to re-establish the gateway. Hard to answer any questions this way. I ran an Avast scan just after I posted the previous messages but I can 't seem to figure out how to get to the log so I'm going to run another one. Also, for whatever reason the "autoplay" for my MagicJack (computer telephone service) has stopped working and I have tried uninstalling and reinstalling it a number of times. It just won't install automatically and I have to manually install it. Not sure if it not working properly after I manually is because I'm installing it manually or if there is some other reason.

Going to run another Avast scan now.

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

It sounds like those are more compatability issues than anything else. We'll wait until we can verify you're clean before we troubleshoot those. ;)

If you can't get Avast to work, try an ESET Online Scan :):

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Let me know how things go.

Link to post
Share on other sites
lilpeanut

lilpeanut

Posted
  • Author
Posted

Eset came back clean this time. As did Avast but I can't figure out how to post that file. Here is the file from Eset:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=12

esets_scanner_update returned -1 esets_gle=12

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=71873028eb6c084f8e2a964b145a3680

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-15 11:10:41

# local_time=2012-03-15 06:10:41 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=770 16774141 16 6 5883386 33569071 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16776894 75 4 0 0 0 0

# scanned=94500

# found=0

# cleaned=0

# scan_time=3380

This losing the gateway crap is frustrating!!

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

My apologies for the delay.

Your logs appear to be clean ;).

Let's see if we can see what may be causing the connection issues:

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Link to post
Share on other sites
lilpeanut

lilpeanut

Posted
  • Author
Posted

Okay, you will find that log below.

Today, 3/16/12 at 3:02pm cst, so far have not lost the gateway yet. Have been online off and on for not quite an hour, but have loaded 4 or 5 pages with falling off so far. But am still having the autorun problem with the magicjack.

Farbar Service Scanner Version: 01-03-2012

Ran by Systemax (administrator) on 16-03-2012 at 14:59:19

Running from "C:\Users\Systemax\Desktop"

Microsoft® Windows 7 Eternity™ 2009 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is blocked.

LAN connected.

Attempt to access Google IP returned error: Google IP is offline

Attempt to access Yahoo IP returend error: Yahoo IP is offline

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2011-11-29 12:28] - [2011-09-29 10:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

C:\Windows\system32\dnsrslvr.dll

[2011-11-29 12:27] - [2011-03-03 00:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll

[2009-07-13 18:53] - [2009-07-13 20:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll

[2009-07-13 18:54] - [2009-07-13 20:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll

[2009-07-13 18:23] - [2009-07-13 20:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe

[2009-07-13 18:24] - [2009-07-13 20:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll

[2011-12-19 02:04] - [2010-12-21 00:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll

[2009-07-13 19:15] - [2009-07-13 20:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll

[2009-07-13 18:30] - [2009-07-13 20:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

Attention! C:\Program Files\Windows Defender\MpSvc.dll is missing.

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Will be back in a few hours.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.