Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

email spam

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

email spam

Unread postby Magenta » February 7th, 2013, 3:26 pm

Hello, I have a problem with my email receiving and sending a lot of spam. I had deltalima helping me out, but then I took longer than 3 days to respond, so the topic was closed. Very sorry, I won't let that happen again. Here is the link to the topic:
viewtopic.php?f=11&t=61330&p=620670#p620670

And here are my DDS logs

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Elizabeth Gries at 11:24:54 on 2013-02-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3055.1923 [GMT -8:00]
.
AV: Avira Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe
C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\My Smart Tabs\smtb_updater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Elizabeth Gries\Local Settings\Apps\F.lux\flux.exe
C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\YouTube To MP3 Converter\yt2mp3converter.exe
C:\Documents and Settings\Elizabeth Gries\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Browny02\BrYNSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.avira.com/?l=dis&o=APN102 ... cale=en_CA
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: YouTube to MP3 Converter: {E71596B0-A83B-453D-82C1-4BE99947C65F} - c:\documents and settings\elizabeth gries\local settings\application data\sevas-s\youtube to mp3 converter\browserextensions\ie\YouTubeDownloaderExtension.dll
BHO: My Smart Tabs: {E7190CBA-EF64-4CBC-AE5F-44d9930D8CEC} - c:\documents and settings\elizabeth gries\local settings\application data\sevas-s\my smart tabs\browserextensions\ie\MySmartTabs.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [F.lux] "c:\documents and settings\elizabeth gries\local settings\apps\f.lux\flux.exe" /noshow
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [Sevas-SSoftwareDefender] c:\documents and settings\elizabeth gries\local settings\application data\sevas-s\defender\defender.exe
mRun: [Sevas-SSoftwareUpdater] c:\documents and settings\elizabeth gries\local settings\application data\sevas-s\updater\updater.exe
mRun: [YouTube to MP3 Converter Updater] c:\documents and settings\elizabeth gries\local settings\application data\sevas-s\youtube to mp3 converter\yt2mp3_updater.exe
mRun: [My Smart Tabs Updater] c:\documents and settings\elizabeth gries\local settings\application data\sevas-s\my smart tabs\smtb_updater.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\elizab~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\elizabeth gries\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
TCP: NameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{14868C30-7CCE-47F0-8B81-B47EBCFA260F} : DHCPNameServer = 192.168.1.254 75.153.176.9
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\elizabeth gries\application data\mozilla\firefox\profiles\1zkfajhr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmysmarttabnpapi.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-11-8 36552]
R2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2012-11-8 400160]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-11-8 85280]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-11-8 109344]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-11-8 565024]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-11-8 83944]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-22 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-2 682344]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-1-15 245760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-2 21104]
.
=============== File Associations ===============
.
ShellExec: hpqpssp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpssp.exe
.
=============== Created Last 30 ================
.
2013-02-07 17:10:25 -------- d-----w- c:\program files\ESET
2013-02-02 02:31:41 -------- d-----w- C:\_OTL
2013-01-14 00:42:19 -------- d-----w- c:\documents and settings\elizabeth gries\local settings\application data\DoNotTrackPlus
2013-01-14 00:42:12 -------- d-----w- c:\documents and settings\elizabeth gries\application data\AskToolbar
2013-01-09 17:56:31 -------- d-----w- c:\program files\Plants vs Zombies
2013-01-09 17:54:23 -------- d-----w- c:\documents and settings\all users\application data\Big Fish Games
2013-01-09 17:54:22 -------- d-----w- c:\program files\bfgclient
2013-01-09 17:53:34 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 15:55:08 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-13 17:05:59 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:25:06.45 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/28/2011 3:47:41 PM
System Uptime: 2/7/2013 7:56:49 AM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 0A54h
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | XU1 PROCESSOR | 1862/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 789.248 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&696F438&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&696F438&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP457: 11/9/2012 7:50:01 PM - System Checkpoint
RP458: 11/10/2012 8:37:17 PM - System Checkpoint
RP459: 11/11/2012 9:07:43 PM - System Checkpoint
RP460: 11/12/2012 11:10:45 PM - System Checkpoint
RP461: 11/13/2012 11:53:05 PM - System Checkpoint
RP462: 11/15/2012 12:15:52 AM - System Checkpoint
RP463: 11/16/2012 9:12:30 AM - Software Distribution Service 3.0
RP464: 11/17/2012 11:26:31 AM - System Checkpoint
RP465: 11/18/2012 12:42:16 PM - System Checkpoint
RP466: 11/19/2012 1:17:56 PM - System Checkpoint
RP467: 11/20/2012 2:15:14 PM - System Checkpoint
RP468: 11/21/2012 6:20:59 PM - System Checkpoint
RP469: 11/22/2012 7:07:56 PM - System Checkpoint
RP470: 11/23/2012 7:41:58 PM - System Checkpoint
RP471: 11/24/2012 8:16:59 PM - System Checkpoint
RP472: 11/25/2012 9:26:34 PM - System Checkpoint
RP473: 11/26/2012 9:35:05 PM - System Checkpoint
RP474: 11/27/2012 11:50:17 PM - System Checkpoint
RP475: 11/29/2012 12:08:44 AM - System Checkpoint
RP476: 11/30/2012 10:15:42 AM - System Checkpoint
RP477: 12/1/2012 10:18:09 AM - System Checkpoint
RP478: 12/2/2012 10:44:54 AM - System Checkpoint
RP479: 12/3/2012 12:30:15 PM - System Checkpoint
RP480: 12/4/2012 1:14:13 PM - System Checkpoint
RP481: 12/5/2012 6:23:42 PM - System Checkpoint
RP482: 12/6/2012 8:50:10 PM - System Checkpoint
RP483: 12/7/2012 10:01:45 PM - System Checkpoint
RP484: 12/8/2012 10:35:59 PM - System Checkpoint
RP485: 12/9/2012 11:40:03 PM - System Checkpoint
RP486: 12/11/2012 12:14:43 AM - System Checkpoint
RP487: 12/12/2012 8:34:53 AM - System Checkpoint
RP488: 12/13/2012 7:03:36 AM - Software Distribution Service 3.0
RP489: 12/14/2012 9:55:05 AM - System Checkpoint
RP490: 12/15/2012 10:42:44 AM - System Checkpoint
RP491: 12/16/2012 12:05:21 PM - System Checkpoint
RP492: 12/17/2012 12:18:31 PM - System Checkpoint
RP493: 1/5/2013 6:13:09 PM - System Checkpoint
RP494: 1/6/2013 11:03:30 AM - Software Distribution Service 3.0
RP495: 1/7/2013 12:14:22 PM - System Checkpoint
RP496: 1/8/2013 12:24:40 PM - System Checkpoint
RP497: 1/9/2013 9:14:29 AM - Software Distribution Service 3.0
RP498: 1/10/2013 12:28:01 PM - System Checkpoint
RP499: 1/11/2013 1:02:51 PM - System Checkpoint
RP500: 1/12/2013 4:39:34 PM - System Checkpoint
RP501: 1/13/2013 7:17:52 PM - System Checkpoint
RP502: 1/14/2013 10:31:31 PM - System Checkpoint
RP503: 1/15/2013 10:59:18 PM - System Checkpoint
RP504: 1/16/2013 7:58:39 AM - Software Distribution Service 3.0
RP505: 1/17/2013 1:08:28 PM - System Checkpoint
RP506: 1/18/2013 3:10:20 PM - System Checkpoint
RP507: 1/19/2013 3:43:03 PM - System Checkpoint
RP508: 1/20/2013 7:06:20 PM - System Checkpoint
RP509: 1/21/2013 8:32:03 PM - System Checkpoint
RP510: 1/22/2013 9:41:55 PM - System Checkpoint
RP511: 1/23/2013 10:25:12 PM - System Checkpoint
RP512: 1/24/2013 10:39:46 PM - System Checkpoint
RP513: 1/25/2013 10:53:32 PM - System Checkpoint
RP514: 1/26/2013 11:45:48 PM - System Checkpoint
RP515: 1/27/2013 11:50:10 PM - System Checkpoint
RP516: 1/29/2013 12:09:15 AM - System Checkpoint
RP517: 1/30/2013 8:26:42 AM - System Checkpoint
RP518: 1/31/2013 9:01:23 AM - System Checkpoint
RP519: 2/1/2013 10:09:10 AM - System Checkpoint
RP520: 2/2/2013 11:33:01 AM - System Checkpoint
RP521: 2/3/2013 12:10:53 PM - System Checkpoint
RP522: 2/4/2013 12:21:26 PM - System Checkpoint
RP523: 2/5/2013 9:07:48 PM - System Checkpoint
RP524: 2/6/2013 10:05:24 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
Amazon Kindle
Ask Toolbar
Avira Antivirus Premium
Big Fish Games: Game Manager
BufferChm
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Destinations
DocProc
Dropbox
Easy Thumbnails (Remove only)
F.lux
GPBaseService2
HL-2270DW
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Scanjet G3010
HP Solution Center 13.0
HP Update
hpg3010
HPPhotosmartEssential
HPProductAssistant
Intel(R) Active Management Technology LMS Service and SOL Driver
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OCR Software by I.R.I.S. 13.0
Plants vs. Zombies
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SolutionCenter
Spell Checker For OE 2.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6f
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.01 (32-bit)
YouTube to MP3 Converter
.
==== End Of File ===========================
Magenta
Active Member
 
Posts: 11
Joined: January 24th, 2013, 4:39 pm
Advertisement
Register to Remove

Re: email spam

Unread postby deltalima » February 8th, 2013, 4:43 pm

Hi Magenta,

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
c:\documents and settings\elizabeth gries\local settings\application data\sevas-s\defender\defender.exe

Press Scan it - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.


ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: email spam

Unread postby Magenta » February 8th, 2013, 11:19 pm

Hmmm, that's odd. In the Sevas-S folder, there's no "defender" directory. I checked a few times that I had the right file-path. The folders in "Sevas-S" are "cache", "My Smart Tabs", "Updater", and "Youtube to MP3 Converter", and then the uninstaller.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d0d1b2419918554b860b634dec5ba352
# engine=13093
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-09 02:44:08
# local_time=2013-02-08 06:44:08 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=188892
# found=5
# cleaned=0
# scan_time=6170
sh=C1F9934920DB6C59D667C563DEBF26A33345650C ft=1 fh=4dbd9b9a2dc08dbe vn="Win32/Toggle application" ac=I fn="C:\Documents and Settings\All Users\Documents\downloads\installer_driver_samsung_ml-1520_laser_5_60_English.exe"
sh=9C27E4B6A8CFEFD8AFCAD087ED0973F3A6E3B233 ft=0 fh=0000000000000000 vn="HTML/TrojanSpy.Fraud.D trojan" ac=I fn="C:\Documents and Settings\All Users\Documents\FromOld\Documents and Settings\Elizabeth.ELIZABET-VR94N9\Local Settings\Temporary Internet Files\Content.IE5\Z1ZIO3TG\404[1].htm"
sh=8E86B710719B7122D9AF4B3940CBBD3CBCD98A76 ft=1 fh=9deac9cc43e79d8a vn="Win32/DownloadAdmin.A.Gen application" ac=I fn="C:\Documents and Settings\Elizabeth Gries\My Documents\Downloads\vlcmediaplayer-setup.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
Magenta
Active Member
 
Posts: 11
Joined: January 24th, 2013, 4:39 pm

Re: email spam

Unread postby deltalima » February 9th, 2013, 11:10 am

Hi Magenta,

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
c:\documents and settings\elizabeth gries\local settings\application data\sevas-s\updater\updater.exe

Press Scan it - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.


Run OTL Script

  • Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    
    :files
    C:\Documents and Settings\All Users\Documents\downloads\installer_driver_samsung_ml-1520_laser_5_60_English.exe
    C:\Documents and Settings\All Users\Documents\FromOld\Documents and Settings\Elizabeth.ELIZABET-VR94N9\Local Settings\Temporary Internet Files\Content.IE5\Z1ZIO3TG\404[1].htm
    C:\Documents and Settings\Elizabeth Gries\My Documents\Downloads\vlcmediaplayer-setup.exe
    :commands
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: email spam

Unread postby Magenta » February 10th, 2013, 5:05 pm

The computer froze when I tried to run the script, so I rebooted in safe mode and did it again. It worked but upon reboot to finish the job, the computer pretty much froze again. Not exactly froze, but was so slow, I was dubious that I could save a copy of the log on the desktop. I was able to do it, and then rebooted again, and after that, it was fine.


SHA256: 972d015b39507fc3fc39c30f5d84be10a63427e674a1237eeaf0532ff8e5bb5e
SHA1: 6488704e6ef29126486b6e63c0bfe29c4d679765
MD5: 749b2b72aa8d203cd8e18ae5bc0a35d4
File size: 95.9 KB ( 98152 bytes )
File name: updater.exe
File type: Win32 EXE
Detection ratio: 0 / 45
Analysis date: 2013-02-10 01:27:34 UTC ( 1 minute ago )


========== COMMANDS ==========
Unable to start System Restore Service. Error code 10
========== PROCESSES ==========
All processes killed
========== FILES ==========
C:\Documents and Settings\All Users\Documents\downloads\installer_driver_samsung_ml-1520_laser_5_60_English.exe moved successfully.
C:\Documents and Settings\All Users\Documents\FromOld\Documents and Settings\Elizabeth.ELIZABET-VR94N9\Local Settings\Temporary Internet Files\Content.IE5\Z1ZIO3TG\404[1].htm moved successfully.
C:\Documents and Settings\Elizabeth Gries\My Documents\Downloads\vlcmediaplayer-setup.exe moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 02092013_190440

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Magenta
Active Member
 
Posts: 11
Joined: January 24th, 2013, 4:39 pm

Re: email spam

Unread postby deltalima » February 10th, 2013, 5:19 pm

Hi Magenta,

TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool. Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. Click Change parameters
  4. Under Additional Options CHECK Verify file digital signatures
  5. IMPORTANT: Ensure Detect TDLFS file system remains UNCHECKED.
  6. Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure SKIP is selected... then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected... then click Continue

    DO NOT change the default actions, other than CURE to SKIP.

  7. You may be asked to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  8. A log will be created on your root drive (usually C:) drive. The log will have a name like Name.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  9. If no reboot is required, click on Report. A log file should appear.
  10. Please post the contents of the log file in your next reply
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: email spam

Unread postby Magenta » February 12th, 2013, 2:31 am

22:25:59.0328 1652 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:25:59.0875 1652 ============================================================
22:25:59.0875 1652 Current date / time: 2013/02/11 22:25:59.0875
22:25:59.0875 1652 SystemInfo:
22:25:59.0875 1652
22:25:59.0875 1652 OS Version: 5.1.2600 ServicePack: 3.0
22:25:59.0875 1652 Product type: Workstation
22:25:59.0875 1652 ComputerName: MAGENTA-ANGEL
22:25:59.0875 1652 UserName: Elizabeth Gries
22:25:59.0875 1652 Windows directory: C:\WINDOWS
22:25:59.0875 1652 System windows directory: C:\WINDOWS
22:25:59.0875 1652 Processor architecture: Intel x86
22:25:59.0875 1652 Number of processors: 2
22:25:59.0875 1652 Page size: 0x1000
22:25:59.0875 1652 Boot type: Normal boot
22:25:59.0875 1652 ============================================================
22:26:07.0203 1652 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:26:07.0203 1652 ============================================================
22:26:07.0203 1652 \Device\Harddisk0\DR0:
22:26:07.0203 1652 MBR partitions:
22:26:07.0203 1652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
22:26:07.0203 1652 ============================================================
22:26:07.0234 1652 C: <-> \Device\Harddisk0\DR0\Partition1
22:26:07.0234 1652 ============================================================
22:26:07.0234 1652 Initialize success
22:26:07.0234 1652 ============================================================
22:27:59.0968 3496 ============================================================
22:27:59.0968 3496 Scan started
22:27:59.0968 3496 Mode: Manual; SigCheck;
22:27:59.0968 3496 ============================================================
22:28:00.0203 3496 ================ Scan system memory ========================
22:28:00.0203 3496 System memory - ok
22:28:00.0203 3496 ================ Scan services =============================
22:28:00.0453 3496 Abiosdsk - ok
22:28:00.0453 3496 abp480n5 - ok
22:28:00.0546 3496 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:28:02.0906 3496 ACPI - ok
22:28:02.0921 3496 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:28:03.0031 3496 ACPIEC - ok
22:28:03.0031 3496 adpu160m - ok
22:28:03.0078 3496 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:28:03.0234 3496 aec - ok
22:28:03.0296 3496 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:28:03.0359 3496 AFD - ok
22:28:03.0375 3496 Aha154x - ok
22:28:03.0375 3496 aic78u2 - ok
22:28:03.0375 3496 aic78xx - ok
22:28:03.0406 3496 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:28:03.0515 3496 Alerter - ok
22:28:03.0546 3496 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
22:28:03.0593 3496 ALG - ok
22:28:03.0609 3496 AliIde - ok
22:28:03.0609 3496 amsint - ok
22:28:03.0796 3496 [ 05EBF798D6A8AB74B4923E49B5681741 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
22:28:04.0000 3496 AntiVirMailService - ok
22:28:04.0046 3496 [ EC974E0B4C5290E695F4D99A3571864B ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:28:04.0078 3496 AntiVirSchedulerService - ok
22:28:04.0109 3496 [ 0CA64AC331DA61CCE0FD2C8FBA129F30 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:28:04.0125 3496 AntiVirService - ok
22:28:04.0265 3496 [ 18BF884CB5B2F3B36EB82A1A2D00E934 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:28:04.0484 3496 AntiVirWebService - ok
22:28:04.0546 3496 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:28:04.0656 3496 AppMgmt - ok
22:28:04.0671 3496 asc - ok
22:28:04.0671 3496 asc3350p - ok
22:28:04.0671 3496 asc3550 - ok
22:28:04.0765 3496 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:28:04.0812 3496 aspnet_state - ok
22:28:04.0828 3496 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:28:04.0937 3496 AsyncMac - ok
22:28:05.0000 3496 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:28:05.0093 3496 atapi - ok
22:28:05.0171 3496 [ 9730E43C00252BA1659E3A0AA99251A3 ] atchksrv C:\Program Files\Intel\AMT\atchksrv.exe
22:28:05.0281 3496 atchksrv - ok
22:28:05.0281 3496 Atdisk - ok
22:28:05.0312 3496 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:28:05.0437 3496 Atmarpc - ok
22:28:05.0453 3496 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:28:05.0562 3496 AudioSrv - ok
22:28:05.0578 3496 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:28:05.0671 3496 audstub - ok
22:28:05.0703 3496 [ D57E60FF40E858B653C404605BBDD6FC ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:28:05.0750 3496 avgntflt - ok
22:28:05.0796 3496 [ 0189056DDBF23C7DEF09D2B5999C5405 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:28:05.0843 3496 avipbb - ok
22:28:05.0859 3496 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:28:05.0890 3496 avkmgr - ok
22:28:05.0890 3496 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:28:06.0000 3496 Beep - ok
22:28:06.0140 3496 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
22:28:06.0453 3496 BITS - ok
22:28:06.0500 3496 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
22:28:06.0562 3496 Browser - ok
22:28:06.0671 3496 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
22:28:06.0734 3496 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
22:28:06.0734 3496 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
22:28:06.0750 3496 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:28:06.0843 3496 cbidf2k - ok
22:28:06.0859 3496 cd20xrnt - ok
22:28:06.0859 3496 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:28:06.0968 3496 Cdaudio - ok
22:28:06.0984 3496 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:28:07.0078 3496 Cdfs - ok
22:28:07.0109 3496 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:28:07.0218 3496 Cdrom - ok
22:28:07.0234 3496 Changer - ok
22:28:07.0250 3496 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:28:07.0375 3496 CiSvc - ok
22:28:07.0390 3496 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:28:07.0515 3496 ClipSrv - ok
22:28:07.0562 3496 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:28:07.0671 3496 clr_optimization_v2.0.50727_32 - ok
22:28:07.0671 3496 CmdIde - ok
22:28:07.0687 3496 COMSysApp - ok
22:28:07.0687 3496 Cpqarray - ok
22:28:07.0718 3496 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:28:07.0828 3496 CryptSvc - ok
22:28:07.0843 3496 dac2w2k - ok
22:28:07.0843 3496 dac960nt - ok
22:28:07.0953 3496 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:28:08.0078 3496 DcomLaunch - ok
22:28:08.0125 3496 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:28:08.0234 3496 Dhcp - ok
22:28:08.0250 3496 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:28:08.0343 3496 Disk - ok
22:28:08.0343 3496 dmadmin - ok
22:28:08.0546 3496 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:28:08.0984 3496 dmboot - ok
22:28:09.0031 3496 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:28:09.0140 3496 dmio - ok
22:28:09.0140 3496 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:28:09.0234 3496 dmload - ok
22:28:09.0250 3496 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:28:09.0359 3496 dmserver - ok
22:28:09.0375 3496 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:28:09.0500 3496 DMusic - ok
22:28:09.0515 3496 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:28:09.0625 3496 Dnscache - ok
22:28:09.0671 3496 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:28:09.0812 3496 Dot3svc - ok
22:28:09.0812 3496 dpti2o - ok
22:28:09.0812 3496 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:28:09.0921 3496 drmkaud - ok
22:28:10.0000 3496 [ 6DE32A9123EF60F9D423E9163AF0E305 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:28:10.0093 3496 e1express - ok
22:28:10.0125 3496 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:28:10.0265 3496 EapHost - ok
22:28:10.0281 3496 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:28:10.0390 3496 ERSvc - ok
22:28:10.0453 3496 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
22:28:10.0500 3496 Eventlog - ok
22:28:10.0562 3496 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
22:28:10.0656 3496 EventSystem - ok
22:28:10.0718 3496 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:28:10.0859 3496 Fastfat - ok
22:28:10.0921 3496 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:28:10.0984 3496 FastUserSwitchingCompatibility - ok
22:28:11.0015 3496 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:28:11.0125 3496 Fdc - ok
22:28:11.0156 3496 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:28:11.0265 3496 Fips - ok
22:28:11.0281 3496 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:28:11.0390 3496 Flpydisk - ok
22:28:11.0437 3496 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:28:11.0531 3496 FltMgr - ok
22:28:11.0609 3496 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:28:11.0656 3496 FontCache3.0.0.0 - ok
22:28:11.0656 3496 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:28:11.0765 3496 Fs_Rec - ok
22:28:11.0812 3496 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:28:11.0906 3496 Ftdisk - ok
22:28:11.0953 3496 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:28:12.0078 3496 Gpc - ok
22:28:12.0109 3496 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:28:12.0250 3496 HDAudBus - ok
22:28:12.0281 3496 [ D0FC694DF051BC65946DB616F20D1168 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
22:28:12.0312 3496 HECI - ok
22:28:12.0390 3496 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:28:12.0500 3496 helpsvc - ok
22:28:12.0500 3496 HidServ - ok
22:28:12.0515 3496 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:28:12.0656 3496 HidUsb - ok
22:28:12.0703 3496 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:28:12.0828 3496 hkmsvc - ok
22:28:12.0828 3496 hpn - ok
22:28:12.0968 3496 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:28:13.0046 3496 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:28:13.0046 3496 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:28:13.0140 3496 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:28:13.0234 3496 HTTP - ok
22:28:13.0265 3496 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:28:13.0375 3496 HTTPFilter - ok
22:28:13.0390 3496 i2omgmt - ok
22:28:13.0390 3496 i2omp - ok
22:28:13.0406 3496 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:28:13.0531 3496 i8042prt - ok
22:28:15.0078 3496 [ 66A685B05066683621920BC14A45CFE8 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:28:18.0156 3496 ialm - ok
22:28:18.0406 3496 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:28:18.0890 3496 idsvc - ok
22:28:18.0968 3496 [ A06EFD4965F8A3F97A8C9A291D032678 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
22:28:19.0031 3496 IJPLMSVC - ok
22:28:19.0046 3496 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:28:19.0156 3496 Imapi - ok
22:28:19.0203 3496 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:28:19.0343 3496 ImapiService - ok
22:28:19.0343 3496 ini910u - ok
22:28:20.0562 3496 [ 06B0E8D608AB69643B14A1F95F7FEAB3 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:28:21.0828 3496 IntcAzAudAddService - ok
22:28:21.0828 3496 IntelIde - ok
22:28:21.0843 3496 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:28:21.0953 3496 intelppm - ok
22:28:22.0000 3496 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:28:22.0125 3496 Ip6Fw - ok
22:28:22.0140 3496 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:28:22.0265 3496 IpFilterDriver - ok
22:28:22.0265 3496 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:28:22.0375 3496 IpInIp - ok
22:28:22.0421 3496 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:28:22.0562 3496 IpNat - ok
22:28:22.0593 3496 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:28:22.0718 3496 IPSec - ok
22:28:22.0734 3496 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:28:22.0796 3496 IRENUM - ok
22:28:22.0828 3496 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:28:22.0937 3496 isapnp - ok
22:28:22.0937 3496 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:28:23.0046 3496 Kbdclass - ok
22:28:23.0109 3496 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:28:23.0218 3496 kmixer - ok
22:28:23.0265 3496 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:28:23.0343 3496 KSecDD - ok
22:28:23.0406 3496 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
22:28:23.0468 3496 LanmanServer - ok
22:28:23.0531 3496 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:28:23.0609 3496 lanmanworkstation - ok
22:28:23.0609 3496 lbrtfdc - ok
22:28:23.0640 3496 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:28:23.0750 3496 LmHosts - ok
22:28:23.0796 3496 [ 4E7997432EA324502622D05BBC527F4F ] LMS C:\Program Files\Intel\AMT\LMS.exe
22:28:23.0828 3496 LMS ( UnsignedFile.Multi.Generic ) - warning
22:28:23.0828 3496 LMS - detected UnsignedFile.Multi.Generic (1)
22:28:23.0859 3496 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
22:28:23.0875 3496 MBAMProtector - ok
22:28:24.0000 3496 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:28:24.0203 3496 MBAMScheduler - ok
22:28:24.0375 3496 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:28:24.0703 3496 MBAMService - ok
22:28:24.0734 3496 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:28:24.0890 3496 Messenger - ok
22:28:24.0921 3496 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:28:25.0015 3496 mnmdd - ok
22:28:25.0046 3496 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:28:25.0156 3496 mnmsrvc - ok
22:28:25.0187 3496 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:28:25.0296 3496 Modem - ok
22:28:25.0328 3496 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:28:25.0437 3496 Mouclass - ok
22:28:25.0468 3496 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:28:25.0562 3496 mouhid - ok
22:28:25.0578 3496 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:28:25.0703 3496 MountMgr - ok
22:28:25.0765 3496 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:28:25.0828 3496 MozillaMaintenance - ok
22:28:25.0843 3496 mraid35x - ok
22:28:25.0890 3496 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:28:25.0984 3496 MRxDAV - ok
22:28:26.0125 3496 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:28:26.0421 3496 MRxSmb - ok
22:28:26.0437 3496 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:28:26.0531 3496 MSDTC - ok
22:28:26.0546 3496 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:28:26.0640 3496 Msfs - ok
22:28:26.0656 3496 MSIServer - ok
22:28:26.0671 3496 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:28:26.0765 3496 MSKSSRV - ok
22:28:26.0781 3496 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:28:26.0890 3496 MSPCLOCK - ok
22:28:26.0906 3496 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:28:27.0031 3496 MSPQM - ok
22:28:27.0046 3496 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:28:27.0156 3496 mssmbios - ok
22:28:27.0203 3496 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:28:27.0234 3496 Mup - ok
22:28:27.0328 3496 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:28:27.0515 3496 napagent - ok
22:28:27.0562 3496 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:28:27.0671 3496 NDIS - ok
22:28:27.0703 3496 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:28:27.0718 3496 NdisTapi - ok
22:28:27.0734 3496 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:28:27.0828 3496 Ndisuio - ok
22:28:27.0859 3496 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:28:28.0000 3496 NdisWan - ok
22:28:28.0031 3496 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:28:28.0062 3496 NDProxy - ok
22:28:28.0062 3496 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:28:28.0171 3496 NetBIOS - ok
22:28:28.0234 3496 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:28:28.0375 3496 NetBT - ok
22:28:28.0421 3496 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
22:28:28.0546 3496 NetDDE - ok
22:28:28.0578 3496 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:28:28.0687 3496 NetDDEdsdm - ok
22:28:28.0718 3496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:28:28.0812 3496 Netlogon - ok
22:28:28.0890 3496 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
22:28:28.0984 3496 Netman - ok
22:28:29.0046 3496 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:28:29.0109 3496 NetTcpPortSharing - ok
22:28:29.0187 3496 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
22:28:29.0203 3496 Nla - ok
22:28:29.0218 3496 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:28:29.0312 3496 Npfs - ok
22:28:29.0484 3496 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:28:29.0750 3496 Ntfs - ok
22:28:29.0765 3496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:28:29.0859 3496 NtLmSsp - ok
22:28:30.0000 3496 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:28:30.0265 3496 NtmsSvc - ok
22:28:30.0281 3496 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:28:30.0375 3496 Null - ok
22:28:30.0406 3496 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:28:30.0500 3496 NwlnkFlt - ok
22:28:30.0531 3496 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:28:30.0671 3496 NwlnkFwd - ok
22:28:30.0859 3496 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:28:31.0046 3496 odserv - ok
22:28:31.0109 3496 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:28:31.0156 3496 ose - ok
22:28:31.0203 3496 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:28:31.0328 3496 Parport - ok
22:28:31.0328 3496 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:28:31.0437 3496 PartMgr - ok
22:28:31.0484 3496 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:28:31.0578 3496 ParVdm - ok
22:28:31.0609 3496 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:28:31.0718 3496 PCI - ok
22:28:31.0718 3496 PCIDump - ok
22:28:31.0718 3496 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:28:31.0828 3496 PCIIde - ok
22:28:31.0859 3496 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:28:32.0000 3496 Pcmcia - ok
22:28:32.0000 3496 PDCOMP - ok
22:28:32.0000 3496 PDFRAME - ok
22:28:32.0015 3496 PDRELI - ok
22:28:32.0015 3496 PDRFRAME - ok
22:28:32.0015 3496 perc2 - ok
22:28:32.0015 3496 perc2hib - ok
22:28:32.0078 3496 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
22:28:32.0093 3496 PlugPlay - ok
22:28:32.0109 3496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:28:32.0203 3496 PolicyAgent - ok
22:28:32.0234 3496 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:28:32.0375 3496 PptpMiniport - ok
22:28:32.0375 3496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:28:32.0468 3496 ProtectedStorage - ok
22:28:32.0515 3496 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:28:32.0656 3496 PSched - ok
22:28:32.0671 3496 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:28:32.0781 3496 Ptilink - ok
22:28:32.0781 3496 ql1080 - ok
22:28:32.0796 3496 Ql10wnt - ok
22:28:32.0796 3496 ql12160 - ok
22:28:32.0796 3496 ql1240 - ok
22:28:32.0796 3496 ql1280 - ok
22:28:32.0828 3496 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:28:32.0937 3496 RasAcd - ok
22:28:33.0000 3496 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:28:33.0125 3496 RasAuto - ok
22:28:33.0156 3496 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:28:33.0265 3496 Rasl2tp - ok
22:28:33.0328 3496 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:28:33.0468 3496 RasMan - ok
22:28:33.0484 3496 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:28:33.0625 3496 RasPppoe - ok
22:28:33.0625 3496 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:28:33.0734 3496 Raspti - ok
22:28:33.0781 3496 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:28:33.0890 3496 Rdbss - ok
22:28:33.0890 3496 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:28:34.0000 3496 RDPCDD - ok
22:28:34.0062 3496 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:28:34.0234 3496 rdpdr - ok
22:28:34.0281 3496 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:28:34.0359 3496 RDPWD - ok
22:28:34.0421 3496 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:28:34.0578 3496 RDSessMgr - ok
22:28:34.0609 3496 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:28:34.0781 3496 redbook - ok
22:28:34.0812 3496 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:28:34.0937 3496 RemoteAccess - ok
22:28:34.0984 3496 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:28:35.0109 3496 RemoteRegistry - ok
22:28:35.0140 3496 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
22:28:35.0265 3496 RpcLocator - ok
22:28:35.0375 3496 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:28:35.0453 3496 RpcSs - ok
22:28:35.0500 3496 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:28:35.0625 3496 RSVP - ok
22:28:35.0656 3496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
22:28:35.0750 3496 SamSs - ok
22:28:35.0781 3496 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:28:35.0906 3496 SCardSvr - ok
22:28:35.0968 3496 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:28:36.0140 3496 Schedule - ok
22:28:36.0171 3496 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:28:36.0234 3496 Secdrv - ok
22:28:36.0250 3496 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:28:36.0359 3496 seclogon - ok
22:28:36.0390 3496 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
22:28:36.0484 3496 SENS - ok
22:28:36.0500 3496 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:28:36.0625 3496 serenum - ok
22:28:36.0656 3496 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:28:36.0781 3496 Serial - ok
22:28:36.0828 3496 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:28:36.0921 3496 Sfloppy - ok
22:28:37.0015 3496 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:28:37.0265 3496 SharedAccess - ok
22:28:37.0312 3496 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:28:37.0328 3496 ShellHWDetection - ok
22:28:37.0328 3496 Simbad - ok
22:28:37.0343 3496 Sparrow - ok
22:28:37.0343 3496 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:28:37.0453 3496 splitter - ok
22:28:37.0484 3496 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:28:37.0531 3496 Spooler - ok
22:28:37.0562 3496 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:28:37.0625 3496 sr - ok
22:28:37.0671 3496 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
22:28:37.0781 3496 srservice - ok
22:28:37.0875 3496 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:28:38.0078 3496 Srv - ok
22:28:38.0125 3496 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:28:38.0187 3496 SSDPSRV - ok
22:28:38.0218 3496 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:28:38.0234 3496 ssmdrv - ok
22:28:38.0328 3496 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:28:38.0640 3496 stisvc - ok
22:28:38.0671 3496 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:28:38.0765 3496 swenum - ok
22:28:38.0812 3496 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:28:38.0953 3496 swmidi - ok
22:28:38.0953 3496 SwPrv - ok
22:28:38.0953 3496 symc810 - ok
22:28:38.0953 3496 symc8xx - ok
22:28:38.0968 3496 sym_hi - ok
22:28:38.0968 3496 sym_u3 - ok
22:28:39.0015 3496 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:28:39.0140 3496 sysaudio - ok
22:28:39.0203 3496 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:28:39.0328 3496 SysmonLog - ok
22:28:39.0390 3496 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:28:39.0546 3496 TapiSrv - ok
22:28:39.0734 3496 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:28:39.0937 3496 Tcpip - ok
22:28:39.0953 3496 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:28:40.0062 3496 TDPIPE - ok
22:28:40.0078 3496 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:28:40.0187 3496 TDTCP - ok
22:28:40.0203 3496 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:28:40.0328 3496 TermDD - ok
22:28:40.0406 3496 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
22:28:40.0578 3496 TermService - ok
22:28:40.0625 3496 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
22:28:40.0656 3496 Themes - ok
22:28:40.0703 3496 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:28:40.0781 3496 TlntSvr - ok
22:28:40.0781 3496 TosIde - ok
22:28:40.0812 3496 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:28:40.0937 3496 TrkWks - ok
22:28:40.0984 3496 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:28:41.0109 3496 Udfs - ok
22:28:41.0109 3496 ultra - ok
22:28:41.0234 3496 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:28:41.0500 3496 Update - ok
22:28:41.0578 3496 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:28:41.0687 3496 upnphost - ok
22:28:41.0703 3496 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
22:28:41.0812 3496 UPS - ok
22:28:41.0828 3496 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:28:41.0937 3496 usbccgp - ok
22:28:41.0968 3496 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:28:42.0078 3496 usbehci - ok
22:28:42.0093 3496 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:28:42.0218 3496 usbhub - ok
22:28:42.0265 3496 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:28:42.0375 3496 usbprint - ok
22:28:42.0406 3496 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:28:42.0515 3496 usbscan - ok
22:28:42.0531 3496 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:28:42.0687 3496 USBSTOR - ok
22:28:42.0703 3496 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:28:42.0812 3496 usbuhci - ok
22:28:42.0828 3496 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:28:42.0937 3496 VgaSave - ok
22:28:42.0953 3496 ViaIde - ok
22:28:43.0000 3496 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:28:43.0093 3496 VolSnap - ok
22:28:43.0171 3496 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
22:28:43.0312 3496 VSS - ok
22:28:43.0359 3496 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
22:28:43.0515 3496 W32Time - ok
22:28:43.0531 3496 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:28:43.0640 3496 Wanarp - ok
22:28:43.0656 3496 WDICA - ok
22:28:43.0718 3496 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:28:43.0843 3496 wdmaud - ok
22:28:43.0875 3496 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:28:44.0000 3496 WebClient - ok
22:28:44.0078 3496 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:28:44.0218 3496 winmgmt - ok
22:28:44.0265 3496 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:28:44.0375 3496 WmdmPmSN - ok
22:28:44.0546 3496 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:28:44.0703 3496 Wmi - ok
22:28:44.0718 3496 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:28:44.0812 3496 WmiAcpi - ok
22:28:44.0875 3496 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:28:45.0015 3496 WmiApSrv - ok
22:28:45.0265 3496 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:28:45.0750 3496 WMPNetworkSvc - ok
22:28:45.0765 3496 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:28:45.0796 3496 WpdUsb - ok
22:28:45.0812 3496 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:28:45.0921 3496 WS2IFSL - ok
22:28:45.0984 3496 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:28:46.0109 3496 wscsvc - ok
22:28:46.0125 3496 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:28:46.0234 3496 wuauserv - ok
22:28:46.0296 3496 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:28:46.0328 3496 WudfPf - ok
22:28:46.0343 3496 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:28:46.0390 3496 WudfRd - ok
22:28:46.0421 3496 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:28:46.0453 3496 WudfSvc - ok
22:28:46.0593 3496 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:28:46.0828 3496 WZCSVC - ok
22:28:46.0875 3496 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:28:47.0015 3496 xmlprov - ok
22:28:47.0015 3496 ================ Scan global ===============================
22:28:47.0062 3496 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:28:47.0171 3496 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:28:47.0312 3496 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:28:47.0359 3496 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:28:47.0359 3496 [Global] - ok
22:28:47.0359 3496 ================ Scan MBR ==================================
22:28:47.0390 3496 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:28:47.0578 3496 \Device\Harddisk0\DR0 - ok
22:28:47.0578 3496 ================ Scan VBR ==================================
22:28:47.0578 3496 [ 6597C331BD6B1462D9E45744BE2180FF ] \Device\Harddisk0\DR0\Partition1
22:28:47.0578 3496 \Device\Harddisk0\DR0\Partition1 - ok
22:28:47.0578 3496 ============================================================
22:28:47.0578 3496 Scan finished
22:28:47.0578 3496 ============================================================
22:28:47.0687 1032 Detected object count: 3
22:28:47.0687 1032 Actual detected object count: 3
22:29:17.0625 1032 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:17.0625 1032 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:17.0625 1032 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:17.0625 1032 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:17.0625 1032 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:17.0625 1032 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
Magenta
Active Member
 
Posts: 11
Joined: January 24th, 2013, 4:39 pm

Re: email spam

Unread postby deltalima » February 12th, 2013, 4:25 am

Hi Magenta,

We have removed all signs of malware from the computer but found nothing that could have been responsible for sending spam email.

It is simple to forge email headers and so the spam has not necessarily been sent from this computer.
As a precaution I recommend that you change the password on your email account.

As the computer now appears to be clean, we will remove the tools that we used.

Remove GMER

Delete the GMER icon from your desktop.


Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: email spam

Unread postby deltalima » February 13th, 2013, 2:02 pm

As your computer now appears to be free from malware, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 149 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware