Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect and Internet Explorer open in task manager


  • This topic is locked This topic is locked
18 replies to this topic

#1 likelight2flies

likelight2flies

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 31 October 2012 - 11:21 AM

Hello,

I've been having an issue with a redirects when clicking on links from google searches. I am also having an issue with Internet Explorer showing as active and using large amounts of memory when I open my task manager. When I close the instances (there are 2 at a time) they reopen almost immediately. I've run Malwarebytes and have found nothing.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:10 AM

Posted 31 October 2012 - 04:50 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 likelight2flies

likelight2flies
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 31 October 2012 - 05:34 PM

security check's log

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Lavasoft Ad-Aware
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ SE Runtime Environment 6 Update 1
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Symantec Norton Online Backup NOBuAgent.exe
McAfee Online Backup MOBKbackup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````

DDS "DDS.txt" log

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_01
Run by jafool at 18:29:19 on 2012-10-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1362 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIHAA.EXE
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\jafool\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\REAPER (x64)\reaper.exe
C:\windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\jafool\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\windows\sysWOW64\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=DD2E13AF765E2BB47D0F2450846FD4F6
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [EPSON NX330 Series] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIHAA.EXE /FU "C:\Users\jafool\AppData\Local\Temp\E_SB9EC.tmp" /EF "HKCU"
uRun: [Spotify Web Helper] "C:\Users\jafool\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\jafool\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
uRun: [Google Update] "C:\Users\jafool\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [WinRAR SFX] rundll32.exe "C:\Users\jafool\AppData\Local\WinRAR SFX\cgmoohnk.dll",IZDSP_GetLimiter
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
StartupFolder: C:\Users\jafool\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jafool\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: line6.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{02FA8253-B413-404A-81B0-CF642A00D707} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{02FA8253-B413-404A-81B0-CF642A00D707}\242716A796C602055726C6963602C496262716279702140513 : DHCPNameServer = 10.1.1.99 207.191.187.90
TCP: Interfaces\{02FA8253-B413-404A-81B0-CF642A00D707}\242716A796C602055726C6963602C496262716279702140533 : DHCPNameServer = 10.1.1.99 207.191.187.90
TCP: Interfaces\{02FA8253-B413-404A-81B0-CF642A00D707}\242716A796C602055726C6963602C496262716279702140543 : DHCPNameServer = 10.1.1.99 207.191.187.90
TCP: Interfaces\{02FA8253-B413-404A-81B0-CF642A00D707}\F68766F627461607 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{405B7696-271D-4C2B-8182-8C0595210D3B} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jafool\AppData\Roaming\Mozilla\Firefox\Profiles\0f3fbhgt.default\
FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=DD2E13AF765E2BB47D0F2450846FD4F6
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\jafool\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\jafool\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\jafool\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-09-05 14:42; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-09-18 11:37; [email protected]; C:\Users\jafool\AppData\Roaming\Mozilla\Firefox\Profiles\0f3fbhgt.default\extensions\[email protected]
FF - ExtSQL: 2012-10-21 01:25; [email protected]; C:\Users\jafool\AppData\Roaming\Mozilla\Firefox\Profiles\0f3fbhgt.default\extensions\[email protected]
FF - ExtSQL: 2012-10-21 17:57; {87934c42-161d-45bc-8cef-ef18abe2a30c}; C:\Users\jafool\AppData\Roaming\Mozilla\Firefox\Profiles\0f3fbhgt.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2012-10-21 17:57; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\jafool\AppData\Roaming\Mozilla\Firefox\Profiles\0f3fbhgt.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
============= SERVICES / DRIVERS ===============
.
R1 MOBKFilter;MOBKFilter;C:\windows\System32\drivers\MOBK.sys [2012-10-13 66040]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-4-28 13824]
R1 SBRE;SBRE;C:\windows\System32\drivers\sbredrv.sys [2012-10-21 57976]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2011-4-28 60416]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-9-20 1236368]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-27 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-27 676936]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\windows\System32\drivers\sbapifs.sys [2011-11-29 74872]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-4-28 136192]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2011-4-28 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-28 289280]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-10-27 25928]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 L6UX1;Service - Line 6 UX1;C:\windows\System32\drivers\L6UX164.sys [2009-1-28 830720]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-1 115168]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 sbhips;sbhips;C:\windows\System32\drivers\sbhips.sys [2012-10-21 60536]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-9-2 1255736]
S4 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-28 17:54:20 -------- d-----w- C:\Users\jafool\AppData\Local\Microsoft Help
2012-10-27 17:45:20 -------- d-----w- C:\Users\jafool\AppData\Roaming\Malwarebytes
2012-10-27 17:45:14 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-27 17:45:12 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-10-27 17:45:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-23 07:01:15 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-10-21 22:33:09 -------- d-----w- C:\Users\jafool\AppData\Roaming\LavasoftStatistics
2012-10-21 22:02:41 60536 ----a-w- C:\windows\System32\drivers\sbhips.sys
2012-10-21 22:02:40 57976 ----a-w- C:\windows\System32\drivers\sbredrv.sys
2012-10-21 22:02:40 45936 ----a-w- C:\windows\System32\sbbd.exe
2012-10-21 22:02:34 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-10-21 22:02:05 -------- d-----w- C:\Users\jafool\AppData\Local\Downloaded Installations
2012-10-21 21:58:06 -------- d-----w- C:\ProgramData\blekko toolbars
2012-10-21 21:58:05 -------- d-----w- C:\Users\jafool\AppData\Local\adawarebp
2012-10-21 21:58:04 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-10-21 21:57:58 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-10-21 21:57:33 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-10-21 21:50:34 -------- d-----w- C:\Users\jafool\AppData\Roaming\Ad-Aware Antivirus
2012-10-17 04:30:42 163056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-13 18:12:28 -------- d-----w- C:\Program Files (x86)\Amazon
2012-10-13 17:31:08 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2012-10-13 17:31:05 66040 ----a-w- C:\windows\System32\drivers\MOBK.sys
2012-10-13 17:31:03 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2012-10-11 06:11:26 -------- d-----w- C:\Users\jafool\AppData\Local\WinRAR SFX
2012-10-10 13:49:02 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-10-10 13:41:55 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-10-10 13:41:54 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-10-10 13:41:48 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-10-10 13:41:48 2048 ----a-w- C:\windows\System32\tzres.dll
2012-10-10 13:41:05 715776 ----a-w- C:\windows\System32\kerberos.dll
2012-10-10 13:41:05 542208 ----a-w- C:\windows\SysWow64\kerberos.dll
2012-10-10 13:40:24 1464320 ----a-w- C:\windows\System32\crypt32.dll
2012-10-10 13:40:23 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-10-10 13:40:23 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-10-10 13:40:23 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-10-10 13:40:23 1159680 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-10-10 13:40:23 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-10-04 18:25:19 -------- d-----w- C:\Program Files (x86)\Geekbench 2.3
2012-10-02 19:29:27 -------- d-----w- C:\Users\jafool\AppData\Local\Google
.
==================== Find3M ====================
.
2012-10-09 06:12:49 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 06:12:49 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 18:30:35.03 ===============

DDS "ATTACH.txt" log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/1/2012 1:01:55 AM
System Uptime: 10/31/2012 4:35:00 AM (14 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R530/R730/R540
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz | CPU 1 | 911/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 179 GiB total, 129.436 GiB free.
D: is FIXED (NTFS) - 267 GiB total, 266.514 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP50: 10/12/2012 7:27:34 AM - Windows Update
RP51: 10/23/2012 3:00:16 AM - Windows Update
RP52: 10/30/2012 4:38:03 PM - Windows Update
RP53: 10/31/2012 7:59:42 AM - Windows Update
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
µTorrent
Ad-Aware Antivirus
Ad-Aware Security Add-on
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1
Alice Greenfingers
Amazon MP3 Downloader 1.0.17
Ask Toolbar
Atheros Client Installation Program
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
BatteryLifeExtender
Bing Bar
Bonbon Quest
Broadcom 802.11 Network Adapter
bx_cleansweep V2 2.2
Cake Mania
Converter Plus
CyberLink YouCam
D3DX10
Daycare Nightmare
Dropbox
Easy Content Share
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
EPSON NX330 Series Printer Uninstall
EPSON Scan
ETDWare PS/2-x64 7.0.7.0_WHQL
Flip Words
Fotogalerija Windows Live
Galapago
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Game Pack
Geekbench 2.3
Gem Shop
Google Talk Plugin
Insaniquarium Deluxe
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Java™ SE Runtime Environment 6 Update 1
Junk Mail filter update
Line 6 Uninstaller
Mahjong Escape Ancient China
Malwarebytes Anti-Malware version 1.65.1.1000
Marvell Miniport Driver
McAfee Online Backup
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires II
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MP3 Rocket Toolbar Updater
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Online Backup
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
REAPER (x64)
S?????? f?t???af??? t?? Windows Live
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shared C Run-time for x64
Skype Click to Call
Skype™ 5.10
Slingo
Spotify
TabIt version 2.03
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
User Guide
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinRAR 4.20 (32-bit)
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
10/30/2012 9:30:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
10/30/2012 9:30:56 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2012 9:29:31 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Failed to start language pack setup wizard. Please restart the system and try running the wizard again.
10/30/2012 10:31:32 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer RACHEL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{02FA8253-B413-404A-81B0-CF642A00D707}. The master browser is stopping or an election is being forced.
10/29/2012 9:59:37 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{02FA8253-B413-404A-81B0-CF642A00D707} because another computer on the network has the same name. The server could not start.
10/29/2012 9:01:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/29/2012 9:00:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
10/29/2012 9:00:06 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on F: cannot be read.
10/29/2012 8:59:15 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
10/26/2012 11:20:46 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:10 AM

Posted 31 October 2012 - 05:46 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 likelight2flies

likelight2flies
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 31 October 2012 - 06:23 PM

AdwCleaner log (will post roguekiller next)

# AdwCleaner v2.006 - Logfile created 10/31/2012 at 19:15:42
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : jafool - JAFOOL-PC
# Boot Mode : Normal
# Running from : C:\Users\jafool\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\jafool\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\jafool\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\jafool\AppData\Roaming\Mozilla\Firefox\Profiles\0f3fbhgt.default\extensions\[email protected]
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\jafool\AppData\Roaming\Mozilla\Firefox\Profiles\0f3fbhgt.default\prefs.js

Deleted : user_pref("extensions.enabledAddons", "[email protected]:2.0.2.039,{972ce4c6-7e08-4474-a285-320[...]

*************************

AdwCleaner[R1].txt - [4308 octets] - [31/10/2012 19:13:13]
AdwCleaner[R2].txt - [4368 octets] - [31/10/2012 19:14:42]
AdwCleaner[S1].txt - [4177 octets] - [31/10/2012 19:15:42]

########## EOF - C:\AdwCleaner[S1].txt - [4237 octets] ##########

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:10 AM

Posted 31 October 2012 - 06:24 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 likelight2flies

likelight2flies
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 31 October 2012 - 07:31 PM

Things are looking pretty good! No more IE instances in task manager. Haven't had a chance to use google to check the redirect issue but if something happens I will post it. Here is the Combofix log. If I don't return, thank you so much for all your help!

ComboFix 12-10-31.03 - jafool 10/31/2012 20:10:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2731 [GMT -4:00]
Running from: c:\users\jafool\Downloads\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\jafool\Documents\~WRL2297.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
.
.
2012-11-01 00:24 . 2012-11-01 00:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-30 20:38 . 2012-09-28 04:18 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-28 17:54 . 2012-10-28 17:54 -------- d-----w- c:\programdata\Microsoft Help
2012-10-28 17:54 . 2012-10-28 17:54 -------- d-----w- c:\users\jafool\AppData\Local\Microsoft Help
2012-10-27 17:45 . 2012-10-27 17:45 -------- d-----w- c:\users\jafool\AppData\Roaming\Malwarebytes
2012-10-27 17:45 . 2012-10-27 17:45 -------- d-----w- c:\programdata\Malwarebytes
2012-10-27 17:45 . 2012-10-27 17:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-27 17:45 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-23 07:01 . 2012-10-23 07:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-10-21 22:33 . 2012-10-21 22:33 -------- d-----w- c:\users\jafool\AppData\Roaming\LavasoftStatistics
2012-10-21 22:02 . 2011-12-19 16:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-10-21 22:02 . 2011-12-19 17:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-10-21 22:02 . 2011-10-26 18:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2012-10-21 22:02 . 2012-10-21 22:02 -------- d-----w- c:\programdata\Lavasoft
2012-10-21 22:02 . 2012-10-21 23:45 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-10-21 22:02 . 2012-10-21 22:02 -------- d-----w- c:\users\jafool\AppData\Local\Downloaded Installations
2012-10-21 21:58 . 2012-10-21 21:58 -------- d-----w- c:\users\jafool\AppData\Local\adawarebp
2012-10-21 21:58 . 2012-10-31 23:17 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-10-21 21:57 . 2012-10-21 21:57 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-10-21 21:57 . 2012-10-21 21:58 -------- d-----w- c:\program files (x86)\adawaretb
2012-10-21 21:50 . 2012-10-27 16:11 -------- d-----w- c:\users\jafool\AppData\Roaming\Ad-Aware Antivirus
2012-10-17 04:30 . 2012-10-17 04:30 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-13 18:13 . 2012-10-13 18:13 -------- d-----w- c:\users\jafool\AppData\Roaming\Amazon
2012-10-13 18:12 . 2012-10-13 18:12 -------- d-----w- c:\program files (x86)\Amazon
2012-10-13 17:31 . 2012-10-13 17:31 -------- d-----w- c:\program files (x86)\McAfeeMOBK
2012-10-13 17:31 . 2012-10-13 17:31 -------- dc----w- c:\windows\system32\DRVSTORE
2012-10-13 17:31 . 2010-04-14 00:10 66040 ----a-w- c:\windows\system32\drivers\MOBK.sys
2012-10-13 17:31 . 2012-10-13 17:31 -------- d-----w- c:\program files (x86)\McAfee Online Backup
2012-10-11 06:11 . 2012-10-13 16:34 -------- d-----w- c:\users\jafool\AppData\Local\WinRAR SFX
2012-10-10 13:49 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 13:41 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 13:41 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 13:41 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 13:41 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 13:41 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 13:41 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 13:40 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 13:40 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 13:40 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 13:40 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 13:40 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 13:40 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-04 23:40 . 2012-10-04 23:40 -------- d-----w- c:\users\Guest
2012-10-04 18:25 . 2012-10-04 18:25 -------- d-----w- c:\program files (x86)\Geekbench 2.3
2012-10-02 19:29 . 2012-10-02 19:32 -------- d-----w- c:\users\jafool\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 06:12 . 2012-09-02 03:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 06:12 . 2012-09-02 03:43 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-02 18:13 . 2012-09-02 18:13 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-02 18:13 . 2012-09-02 18:13 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-02 18:13 . 2012-09-02 18:13 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-02 18:13 . 2012-09-02 18:13 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-02 18:13 . 2012-09-02 18:13 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-02 18:13 . 2012-09-02 18:13 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-02 18:13 . 2012-09-02 18:13 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-02 18:13 . 2012-09-02 18:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-02 18:13 . 2012-09-02 18:13 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-02 18:13 . 2012-09-02 18:13 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-02 18:13 . 2012-09-02 18:13 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-02 18:13 . 2012-09-02 18:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-02 18:13 . 2012-09-02 18:13 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-02 18:13 . 2012-09-02 18:13 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-02 18:13 . 2012-09-02 18:13 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-02 18:13 . 2012-09-02 18:13 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-02 18:13 . 2012-09-02 18:13 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-02 18:13 . 2012-09-02 18:13 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-02 18:13 . 2012-09-02 18:13 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-02 18:13 . 2012-09-02 18:13 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-02 18:13 . 2012-09-02 18:13 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-02 18:13 . 2012-09-02 18:13 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-02 18:13 . 2012-09-02 18:13 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-02 18:13 . 2012-09-02 18:13 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-02 18:13 . 2012-09-02 18:13 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-02 18:13 . 2012-09-02 18:13 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-02 18:13 . 2012-09-02 18:13 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-02 18:13 . 2012-09-02 18:13 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-02 18:13 . 2012-09-02 18:13 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-02 18:13 . 2012-09-02 18:13 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-02 18:13 . 2012-09-02 18:13 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-02 18:13 . 2012-09-02 18:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-02 18:13 . 2012-09-02 18:13 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-02 18:13 . 2012-09-02 18:13 448512 ----a-w- c:\windows\system32\html.iec
2012-09-02 18:13 . 2012-09-02 18:13 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-02 18:13 . 2012-09-02 18:13 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-02 18:13 . 2012-09-02 18:13 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-02 18:13 . 2012-09-02 18:13 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-02 18:13 . 2012-09-02 18:13 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-02 18:13 . 2012-09-02 18:13 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-02 18:13 . 2012-09-02 18:13 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-02 18:13 . 2012-09-02 18:13 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-02 18:13 . 2012-09-02 18:13 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-02 18:13 . 2012-09-02 18:13 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-02 18:13 . 2012-09-02 18:13 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-02 18:13 . 2012-09-02 18:13 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-02 18:13 . 2012-09-02 18:13 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-02 18:13 . 2012-09-02 18:13 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-02 18:13 . 2012-09-02 18:13 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-01 05:02 . 2010-06-24 02:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-24 11:15 . 2012-09-22 07:00 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 07:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 07:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 07:00 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 07:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 07:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 07:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 07:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 07:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 07:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 00:31 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 00:31 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 00:31 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 00:31 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 14:50 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 13:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-09-20 20:06 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-09-20 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\jafool\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\jafool\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\jafool\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\jafool\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-26 1199576]
"Spotify"="c:\users\jafool\AppData\Roaming\Spotify\spotify.exe" [2012-10-26 7880664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]
.
c:\users\jafool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jafool\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-09-20 1236368]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 cpuz135;cpuz135;c:\users\jafool\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 L6UX1;Service - Line 6 UX1;c:\windows\system32\Drivers\L6UX164.sys [2009-01-28 830720]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-27 115168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-02 1255736]
R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-01 136192]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 289280]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942724973-3254444484-952029406-1000Core.job
- c:\users\jafool\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-02 19:29]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942724973-3254444484-952029406-1000UA.job
- c:\users\jafool\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-02 19:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\jafool\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\jafool\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\jafool\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\jafool\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=DD2E13AF765E2BB47D0F2450846FD4F6
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\jafool\AppData\Roaming\Mozilla\Firefox\Profiles\0f3fbhgt.default\
FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=DD2E13AF765E2BB47D0F2450846FD4F6
FF - ExtSQL: 2012-09-05 14:42; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-10-21 01:25; [email protected]; c:\users\jafool\AppData\Roaming\Mozilla\Firefox\Profiles\0f3fbhgt.default\extensions\[email protected]
FF - ExtSQL: 2012-10-21 17:57; {87934c42-161d-45bc-8cef-ef18abe2a30c}; c:\users\jafool\AppData\Roaming\Mozilla\Firefox\Profiles\0f3fbhgt.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2012-10-21 17:57; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\jafool\AppData\Roaming\Mozilla\Firefox\Profiles\0f3fbhgt.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-31 20:28:32
ComboFix-quarantined-files.txt 2012-11-01 00:28
.
Pre-Run: 138,704,736,256 bytes free
Post-Run: 139,240,656,896 bytes free
.
- - End Of File - - 4AFC709EB34A711A3A2B3DF3F7F13852

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:10 AM

Posted 31 October 2012 - 07:41 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 likelight2flies

likelight2flies
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 31 October 2012 - 08:36 PM

TDSSkiller


21:21:29.0446 0304 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:21:30.0116 0304 ============================================================
21:21:30.0116 0304 Current date / time: 2012/10/31 21:21:30.0116
21:21:30.0116 0304 SystemInfo:
21:21:30.0116 0304
21:21:30.0116 0304 OS Version: 6.1.7601 ServicePack: 1.0
21:21:30.0116 0304 Product type: Workstation
21:21:30.0116 0304 ComputerName: JAFOOL-PC
21:21:30.0116 0304 UserName: jafool
21:21:30.0116 0304 Windows directory: C:\windows
21:21:30.0116 0304 System windows directory: C:\windows
21:21:30.0116 0304 Running under WOW64
21:21:30.0116 0304 Processor architecture: Intel x64
21:21:30.0116 0304 Number of processors: 4
21:21:30.0116 0304 Page size: 0x1000
21:21:30.0116 0304 Boot type: Normal boot
21:21:30.0116 0304 ============================================================
21:21:30.0803 0304 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:21:30.0818 0304 ============================================================
21:21:30.0818 0304 \Device\Harddisk0\DR0:
21:21:30.0818 0304 MBR partitions:
21:21:30.0818 0304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
21:21:30.0818 0304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x16600000
21:21:30.0834 0304 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x18E33000, BlocksNum 0x21552800
21:21:30.0834 0304 ============================================================
21:21:30.0865 0304 C: <-> \Device\Harddisk0\DR0\Partition2
21:21:30.0912 0304 D: <-> \Device\Harddisk0\DR0\Partition3
21:21:30.0912 0304 ============================================================
21:21:30.0912 0304 Initialize success
21:21:30.0912 0304 ============================================================
21:21:32.0628 4892 ============================================================
21:21:32.0628 4892 Scan started
21:21:32.0628 4892 Mode: Manual;
21:21:32.0628 4892 ============================================================
21:21:33.0876 4892 ================ Scan system memory ========================
21:21:33.0876 4892 System memory - ok
21:21:33.0876 4892 ================ Scan services =============================
21:21:34.0141 4892 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
21:21:34.0157 4892 1394ohci - ok
21:21:34.0204 4892 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
21:21:34.0204 4892 ACPI - ok
21:21:34.0266 4892 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
21:21:34.0266 4892 AcpiPmi - ok
21:21:34.0703 4892 [ C59992E25F4EBAD9E5C15B0D5D225F99 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
21:21:34.0703 4892 Ad-Aware Service - ok
21:21:34.0781 4892 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
21:21:34.0796 4892 adp94xx - ok
21:21:34.0859 4892 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
21:21:34.0859 4892 adpahci - ok
21:21:34.0952 4892 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
21:21:34.0952 4892 adpu320 - ok
21:21:35.0030 4892 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
21:21:35.0030 4892 AeLookupSvc - ok
21:21:35.0171 4892 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
21:21:35.0186 4892 AFD - ok
21:21:35.0249 4892 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
21:21:35.0249 4892 agp440 - ok
21:21:35.0311 4892 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
21:21:35.0311 4892 ALG - ok
21:21:35.0389 4892 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
21:21:35.0389 4892 aliide - ok
21:21:35.0436 4892 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
21:21:35.0436 4892 amdide - ok
21:21:35.0545 4892 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
21:21:35.0545 4892 AmdK8 - ok
21:21:35.0576 4892 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
21:21:35.0576 4892 AmdPPM - ok
21:21:35.0654 4892 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
21:21:35.0654 4892 amdsata - ok
21:21:35.0717 4892 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
21:21:35.0717 4892 amdsbs - ok
21:21:35.0810 4892 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
21:21:35.0810 4892 amdxata - ok
21:21:36.0060 4892 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
21:21:36.0060 4892 AppID - ok
21:21:36.0138 4892 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
21:21:36.0138 4892 AppIDSvc - ok
21:21:36.0232 4892 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
21:21:36.0232 4892 Appinfo - ok
21:21:36.0403 4892 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
21:21:36.0403 4892 arc - ok
21:21:36.0434 4892 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
21:21:36.0434 4892 arcsas - ok
21:21:36.0481 4892 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
21:21:36.0481 4892 AsyncMac - ok
21:21:36.0544 4892 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
21:21:36.0544 4892 atapi - ok
21:21:36.0668 4892 [ 7D89B0C443F6068E5B27AA3B972069FF ] athr C:\windows\system32\DRIVERS\athrx.sys
21:21:36.0700 4892 athr - ok
21:21:36.0840 4892 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
21:21:36.0840 4892 AudioEndpointBuilder - ok
21:21:36.0871 4892 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
21:21:36.0887 4892 AudioSrv - ok
21:21:36.0965 4892 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
21:21:36.0965 4892 AxInstSV - ok
21:21:37.0105 4892 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
21:21:37.0121 4892 b06bdrv - ok
21:21:37.0214 4892 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
21:21:37.0230 4892 b57nd60a - ok
21:21:37.0308 4892 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:21:37.0308 4892 BBSvc - ok
21:21:37.0355 4892 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
21:21:37.0355 4892 BDESVC - ok
21:21:37.0402 4892 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
21:21:37.0402 4892 Beep - ok
21:21:37.0448 4892 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
21:21:37.0464 4892 BFE - ok
21:21:37.0511 4892 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
21:21:37.0542 4892 BITS - ok
21:21:37.0573 4892 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
21:21:37.0573 4892 blbdrive - ok
21:21:37.0620 4892 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
21:21:37.0620 4892 bowser - ok
21:21:37.0651 4892 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
21:21:37.0651 4892 BrFiltLo - ok
21:21:37.0651 4892 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
21:21:37.0667 4892 BrFiltUp - ok
21:21:37.0682 4892 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
21:21:37.0682 4892 BridgeMP - ok
21:21:37.0714 4892 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
21:21:37.0714 4892 Browser - ok
21:21:37.0729 4892 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
21:21:37.0729 4892 Brserid - ok
21:21:37.0729 4892 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
21:21:37.0745 4892 BrSerWdm - ok
21:21:37.0745 4892 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
21:21:37.0745 4892 BrUsbMdm - ok
21:21:37.0760 4892 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
21:21:37.0760 4892 BrUsbSer - ok
21:21:37.0807 4892 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
21:21:37.0807 4892 BthEnum - ok
21:21:37.0823 4892 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
21:21:37.0823 4892 BTHMODEM - ok
21:21:37.0854 4892 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
21:21:37.0854 4892 BthPan - ok
21:21:37.0901 4892 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
21:21:37.0916 4892 BTHPORT - ok
21:21:37.0979 4892 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
21:21:37.0979 4892 bthserv - ok
21:21:37.0994 4892 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
21:21:37.0994 4892 BTHUSB - ok
21:21:38.0041 4892 catchme - ok
21:21:38.0088 4892 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
21:21:38.0088 4892 cdfs - ok
21:21:38.0119 4892 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
21:21:38.0119 4892 cdrom - ok
21:21:38.0150 4892 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
21:21:38.0166 4892 CertPropSvc - ok
21:21:38.0182 4892 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
21:21:38.0182 4892 circlass - ok
21:21:38.0197 4892 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
21:21:38.0213 4892 CLFS - ok
21:21:38.0291 4892 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:21:38.0291 4892 clr_optimization_v2.0.50727_32 - ok
21:21:38.0338 4892 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:21:38.0338 4892 clr_optimization_v2.0.50727_64 - ok
21:21:38.0447 4892 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:21:38.0462 4892 clr_optimization_v4.0.30319_32 - ok
21:21:38.0509 4892 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:21:38.0509 4892 clr_optimization_v4.0.30319_64 - ok
21:21:38.0540 4892 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
21:21:38.0540 4892 CmBatt - ok
21:21:38.0572 4892 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
21:21:38.0572 4892 cmdide - ok
21:21:38.0618 4892 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
21:21:38.0634 4892 CNG - ok
21:21:38.0681 4892 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
21:21:38.0681 4892 Compbatt - ok
21:21:38.0712 4892 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
21:21:38.0712 4892 CompositeBus - ok
21:21:38.0728 4892 COMSysApp - ok
21:21:38.0821 4892 cpuz135 - ok
21:21:38.0852 4892 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
21:21:38.0852 4892 crcdisk - ok
21:21:38.0899 4892 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
21:21:38.0915 4892 CryptSvc - ok
21:21:39.0008 4892 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:21:39.0024 4892 cvhsvc - ok
21:21:39.0071 4892 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
21:21:39.0071 4892 dc3d - ok
21:21:39.0133 4892 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
21:21:39.0133 4892 DcomLaunch - ok
21:21:39.0164 4892 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
21:21:39.0164 4892 defragsvc - ok
21:21:39.0196 4892 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
21:21:39.0211 4892 DfsC - ok
21:21:39.0242 4892 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
21:21:39.0242 4892 Dhcp - ok
21:21:39.0258 4892 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
21:21:39.0258 4892 discache - ok
21:21:39.0305 4892 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
21:21:39.0305 4892 Disk - ok
21:21:39.0352 4892 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
21:21:39.0352 4892 Dnscache - ok
21:21:39.0367 4892 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
21:21:39.0367 4892 dot3svc - ok
21:21:39.0398 4892 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
21:21:39.0398 4892 DPS - ok
21:21:39.0414 4892 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
21:21:39.0430 4892 drmkaud - ok
21:21:39.0461 4892 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
21:21:39.0476 4892 DXGKrnl - ok
21:21:39.0523 4892 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
21:21:39.0523 4892 EapHost - ok
21:21:39.0601 4892 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
21:21:39.0695 4892 ebdrv - ok
21:21:39.0757 4892 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
21:21:39.0757 4892 EFS - ok
21:21:39.0851 4892 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
21:21:39.0851 4892 ehRecvr - ok
21:21:39.0882 4892 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
21:21:39.0882 4892 ehSched - ok
21:21:39.0944 4892 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
21:21:39.0960 4892 elxstor - ok
21:21:39.0991 4892 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
21:21:39.0991 4892 ErrDev - ok
21:21:40.0054 4892 [ 438021C3F32F30E227D0F5DFD118B7B1 ] ETD C:\windows\system32\DRIVERS\ETD.sys
21:21:40.0054 4892 ETD - ok
21:21:40.0132 4892 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
21:21:40.0147 4892 EventSystem - ok
21:21:40.0178 4892 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
21:21:40.0178 4892 exfat - ok
21:21:40.0210 4892 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
21:21:40.0210 4892 fastfat - ok
21:21:40.0256 4892 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
21:21:40.0272 4892 Fax - ok
21:21:40.0303 4892 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
21:21:40.0303 4892 fdc - ok
21:21:40.0319 4892 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
21:21:40.0319 4892 fdPHost - ok
21:21:40.0334 4892 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
21:21:40.0334 4892 FDResPub - ok
21:21:40.0366 4892 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
21:21:40.0366 4892 FileInfo - ok
21:21:40.0381 4892 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
21:21:40.0381 4892 Filetrace - ok
21:21:40.0397 4892 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
21:21:40.0397 4892 flpydisk - ok
21:21:40.0444 4892 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
21:21:40.0444 4892 FltMgr - ok
21:21:40.0506 4892 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
21:21:40.0506 4892 FontCache - ok
21:21:40.0584 4892 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:21:40.0584 4892 FontCache3.0.0.0 - ok
21:21:40.0600 4892 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
21:21:40.0600 4892 FsDepends - ok
21:21:40.0662 4892 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
21:21:40.0662 4892 Fs_Rec - ok
21:21:40.0709 4892 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
21:21:40.0709 4892 fvevol - ok
21:21:40.0724 4892 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
21:21:40.0724 4892 gagp30kx - ok
21:21:40.0771 4892 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
21:21:40.0787 4892 gpsvc - ok
21:21:40.0834 4892 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
21:21:40.0834 4892 hcw85cir - ok
21:21:40.0849 4892 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
21:21:40.0865 4892 HdAudAddService - ok
21:21:40.0912 4892 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
21:21:40.0912 4892 HDAudBus - ok
21:21:40.0943 4892 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
21:21:40.0943 4892 HidBatt - ok
21:21:40.0943 4892 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
21:21:40.0943 4892 HidBth - ok
21:21:40.0958 4892 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
21:21:40.0958 4892 HidIr - ok
21:21:41.0005 4892 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
21:21:41.0005 4892 hidserv - ok
21:21:41.0052 4892 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
21:21:41.0052 4892 HidUsb - ok
21:21:41.0083 4892 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
21:21:41.0083 4892 hkmsvc - ok
21:21:41.0114 4892 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
21:21:41.0130 4892 HomeGroupListener - ok
21:21:41.0161 4892 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
21:21:41.0177 4892 HomeGroupProvider - ok
21:21:41.0192 4892 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
21:21:41.0208 4892 HpSAMD - ok
21:21:41.0255 4892 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
21:21:41.0270 4892 HTTP - ok
21:21:41.0286 4892 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
21:21:41.0286 4892 hwpolicy - ok
21:21:41.0317 4892 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
21:21:41.0317 4892 i8042prt - ok
21:21:41.0364 4892 [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
21:21:41.0364 4892 iaStor - ok
21:21:41.0411 4892 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
21:21:41.0426 4892 iaStorV - ok
21:21:41.0489 4892 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:21:41.0520 4892 idsvc - ok
21:21:41.0801 4892 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
21:21:42.0050 4892 igfx - ok
21:21:42.0082 4892 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
21:21:42.0082 4892 iirsp - ok
21:21:42.0128 4892 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
21:21:42.0160 4892 IKEEXT - ok
21:21:42.0191 4892 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
21:21:42.0206 4892 Impcd - ok
21:21:42.0300 4892 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
21:21:42.0331 4892 IntcAzAudAddService - ok
21:21:42.0378 4892 [ C6C1F19205DA83C801BE7C25F4E2EE07 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
21:21:42.0378 4892 IntcDAud - ok
21:21:42.0409 4892 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
21:21:42.0409 4892 intelide - ok
21:21:42.0456 4892 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
21:21:42.0456 4892 intelppm - ok
21:21:42.0487 4892 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
21:21:42.0487 4892 IPBusEnum - ok
21:21:42.0534 4892 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
21:21:42.0534 4892 IpFilterDriver - ok
21:21:42.0565 4892 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
21:21:42.0581 4892 iphlpsvc - ok
21:21:42.0596 4892 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
21:21:42.0596 4892 IPMIDRV - ok
21:21:42.0612 4892 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
21:21:42.0612 4892 IPNAT - ok
21:21:42.0628 4892 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
21:21:42.0628 4892 IRENUM - ok
21:21:42.0643 4892 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
21:21:42.0643 4892 isapnp - ok
21:21:42.0674 4892 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
21:21:42.0674 4892 iScsiPrt - ok
21:21:42.0690 4892 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
21:21:42.0706 4892 kbdclass - ok
21:21:42.0721 4892 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
21:21:42.0721 4892 kbdhid - ok
21:21:42.0752 4892 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
21:21:42.0752 4892 KeyIso - ok
21:21:42.0784 4892 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
21:21:42.0799 4892 KSecDD - ok
21:21:42.0830 4892 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
21:21:42.0846 4892 KSecPkg - ok
21:21:42.0862 4892 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
21:21:42.0862 4892 ksthunk - ok
21:21:42.0893 4892 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
21:21:42.0908 4892 KtmRm - ok
21:21:42.0971 4892 [ B13D2C6CE680EDF51FA08866265CC717 ] L6UX1 C:\windows\system32\Drivers\L6UX164.sys
21:21:42.0986 4892 L6UX1 - ok
21:21:43.0033 4892 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
21:21:43.0049 4892 LanmanServer - ok
21:21:43.0064 4892 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
21:21:43.0080 4892 LanmanWorkstation - ok
21:21:43.0111 4892 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
21:21:43.0111 4892 lltdio - ok
21:21:43.0142 4892 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
21:21:43.0142 4892 lltdsvc - ok
21:21:43.0174 4892 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
21:21:43.0174 4892 lmhosts - ok
21:21:43.0205 4892 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
21:21:43.0220 4892 LSI_FC - ok
21:21:43.0252 4892 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
21:21:43.0252 4892 LSI_SAS - ok
21:21:43.0267 4892 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
21:21:43.0267 4892 LSI_SAS2 - ok
21:21:43.0283 4892 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
21:21:43.0283 4892 LSI_SCSI - ok
21:21:43.0298 4892 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
21:21:43.0314 4892 luafv - ok
21:21:43.0361 4892 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
21:21:43.0361 4892 MBAMProtector - ok
21:21:43.0439 4892 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:21:43.0454 4892 MBAMScheduler - ok
21:21:43.0486 4892 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:21:43.0501 4892 MBAMService - ok
21:21:43.0532 4892 McMPFSvc - ok
21:21:43.0564 4892 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
21:21:43.0564 4892 Mcx2Svc - ok
21:21:43.0595 4892 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
21:21:43.0610 4892 megasas - ok
21:21:43.0642 4892 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
21:21:43.0642 4892 MegaSR - ok
21:21:43.0673 4892 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
21:21:43.0673 4892 MMCSS - ok
21:21:43.0720 4892 [ 8CC001C65C31633171991FA72A551D43 ] MOBKbackup C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
21:21:43.0720 4892 MOBKbackup - ok
21:21:43.0751 4892 [ 3800C23D0D90C59AAFCDEFDC82B5C4AF ] MOBKFilter C:\windows\system32\DRIVERS\MOBK.sys
21:21:43.0766 4892 MOBKFilter - ok
21:21:43.0782 4892 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
21:21:43.0782 4892 Modem - ok
21:21:43.0829 4892 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
21:21:43.0829 4892 monitor - ok
21:21:43.0860 4892 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
21:21:43.0860 4892 mouclass - ok
21:21:43.0922 4892 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
21:21:43.0922 4892 mouhid - ok
21:21:43.0954 4892 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
21:21:43.0954 4892 mountmgr - ok
21:21:44.0032 4892 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:21:44.0032 4892 MozillaMaintenance - ok
21:21:44.0047 4892 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
21:21:44.0047 4892 mpio - ok
21:21:44.0078 4892 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
21:21:44.0078 4892 mpsdrv - ok
21:21:44.0125 4892 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
21:21:44.0141 4892 MpsSvc - ok
21:21:44.0172 4892 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
21:21:44.0172 4892 MRxDAV - ok
21:21:44.0203 4892 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
21:21:44.0203 4892 mrxsmb - ok
21:21:44.0219 4892 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
21:21:44.0234 4892 mrxsmb10 - ok
21:21:44.0250 4892 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
21:21:44.0250 4892 mrxsmb20 - ok
21:21:44.0281 4892 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
21:21:44.0281 4892 msahci - ok
21:21:44.0312 4892 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
21:21:44.0312 4892 msdsm - ok
21:21:44.0344 4892 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
21:21:44.0344 4892 MSDTC - ok
21:21:44.0375 4892 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
21:21:44.0375 4892 Msfs - ok
21:21:44.0406 4892 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
21:21:44.0406 4892 mshidkmdf - ok
21:21:44.0422 4892 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
21:21:44.0422 4892 msisadrv - ok
21:21:44.0437 4892 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
21:21:44.0453 4892 MSiSCSI - ok
21:21:44.0453 4892 msiserver - ok
21:21:44.0468 4892 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
21:21:44.0468 4892 MSKSSRV - ok
21:21:44.0484 4892 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
21:21:44.0484 4892 MSPCLOCK - ok
21:21:44.0500 4892 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
21:21:44.0500 4892 MSPQM - ok
21:21:44.0515 4892 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
21:21:44.0531 4892 MsRPC - ok
21:21:44.0546 4892 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
21:21:44.0546 4892 mssmbios - ok
21:21:44.0562 4892 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
21:21:44.0578 4892 MSTEE - ok
21:21:44.0593 4892 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
21:21:44.0593 4892 MTConfig - ok
21:21:44.0624 4892 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
21:21:44.0624 4892 Mup - ok
21:21:44.0656 4892 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
21:21:44.0671 4892 napagent - ok
21:21:44.0718 4892 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
21:21:44.0718 4892 NativeWifiP - ok
21:21:44.0780 4892 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
21:21:44.0796 4892 NDIS - ok
21:21:44.0812 4892 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
21:21:44.0812 4892 NdisCap - ok
21:21:44.0858 4892 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
21:21:44.0858 4892 NdisTapi - ok
21:21:44.0874 4892 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
21:21:44.0874 4892 Ndisuio - ok
21:21:44.0905 4892 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
21:21:44.0905 4892 NdisWan - ok
21:21:44.0921 4892 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
21:21:44.0921 4892 NDProxy - ok
21:21:44.0936 4892 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
21:21:44.0936 4892 NetBIOS - ok
21:21:44.0952 4892 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
21:21:44.0952 4892 NetBT - ok
21:21:44.0983 4892 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
21:21:44.0983 4892 Netlogon - ok
21:21:45.0030 4892 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
21:21:45.0046 4892 Netman - ok
21:21:45.0061 4892 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
21:21:45.0077 4892 netprofm - ok
21:21:45.0108 4892 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:21:45.0108 4892 NetTcpPortSharing - ok
21:21:45.0139 4892 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
21:21:45.0139 4892 nfrd960 - ok
21:21:45.0170 4892 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
21:21:45.0170 4892 NlaSvc - ok
21:21:45.0295 4892 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
21:21:45.0326 4892 NOBU - ok
21:21:45.0342 4892 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
21:21:45.0342 4892 Npfs - ok
21:21:45.0358 4892 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
21:21:45.0358 4892 nsi - ok
21:21:45.0404 4892 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
21:21:45.0404 4892 nsiproxy - ok
21:21:45.0514 4892 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
21:21:45.0545 4892 Ntfs - ok
21:21:45.0560 4892 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
21:21:45.0560 4892 Null - ok
21:21:45.0623 4892 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
21:21:45.0623 4892 nvraid - ok
21:21:45.0670 4892 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
21:21:45.0670 4892 nvstor - ok
21:21:45.0763 4892 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
21:21:45.0763 4892 nv_agp - ok
21:21:45.0779 4892 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
21:21:45.0794 4892 ohci1394 - ok
21:21:45.0872 4892 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:21:45.0872 4892 ose - ok
21:21:46.0044 4892 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:21:46.0184 4892 osppsvc - ok
21:21:46.0231 4892 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
21:21:46.0231 4892 p2pimsvc - ok
21:21:46.0262 4892 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
21:21:46.0262 4892 p2psvc - ok
21:21:46.0294 4892 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
21:21:46.0309 4892 Parport - ok
21:21:46.0340 4892 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
21:21:46.0340 4892 partmgr - ok
21:21:46.0372 4892 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
21:21:46.0372 4892 PcaSvc - ok
21:21:46.0387 4892 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
21:21:46.0387 4892 pci - ok
21:21:46.0418 4892 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
21:21:46.0418 4892 pciide - ok
21:21:46.0450 4892 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
21:21:46.0450 4892 pcmcia - ok
21:21:46.0465 4892 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
21:21:46.0465 4892 pcw - ok
21:21:46.0496 4892 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
21:21:46.0512 4892 PEAUTH - ok
21:21:46.0637 4892 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
21:21:46.0637 4892 PerfHost - ok
21:21:46.0855 4892 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
21:21:46.0886 4892 pla - ok
21:21:46.0933 4892 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
21:21:46.0949 4892 PlugPlay - ok
21:21:46.0964 4892 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
21:21:46.0980 4892 PNRPAutoReg - ok
21:21:46.0996 4892 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
21:21:47.0011 4892 PNRPsvc - ok
21:21:47.0058 4892 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
21:21:47.0058 4892 PolicyAgent - ok
21:21:47.0089 4892 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
21:21:47.0089 4892 Power - ok
21:21:47.0120 4892 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
21:21:47.0120 4892 PptpMiniport - ok
21:21:47.0152 4892 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
21:21:47.0152 4892 Processor - ok
21:21:47.0198 4892 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
21:21:47.0198 4892 ProfSvc - ok
21:21:47.0214 4892 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
21:21:47.0214 4892 ProtectedStorage - ok
21:21:47.0245 4892 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
21:21:47.0245 4892 Psched - ok
21:21:47.0308 4892 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
21:21:47.0354 4892 ql2300 - ok
21:21:47.0370 4892 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
21:21:47.0370 4892 ql40xx - ok
21:21:47.0417 4892 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
21:21:47.0417 4892 QWAVE - ok
21:21:47.0432 4892 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
21:21:47.0432 4892 QWAVEdrv - ok
21:21:47.0432 4892 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
21:21:47.0432 4892 RasAcd - ok
21:21:47.0495 4892 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
21:21:47.0495 4892 RasAgileVpn - ok
21:21:47.0510 4892 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
21:21:47.0510 4892 RasAuto - ok
21:21:47.0526 4892 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
21:21:47.0526 4892 Rasl2tp - ok
21:21:47.0557 4892 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
21:21:47.0557 4892 RasMan - ok
21:21:47.0573 4892 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
21:21:47.0588 4892 RasPppoe - ok
21:21:47.0604 4892 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
21:21:47.0604 4892 RasSstp - ok
21:21:47.0620 4892 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
21:21:47.0635 4892 rdbss - ok
21:21:47.0651 4892 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
21:21:47.0651 4892 rdpbus - ok
21:21:47.0666 4892 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
21:21:47.0666 4892 RDPCDD - ok
21:21:47.0698 4892 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
21:21:47.0698 4892 RDPENCDD - ok
21:21:47.0713 4892 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
21:21:47.0713 4892 RDPREFMP - ok
21:21:47.0744 4892 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
21:21:47.0744 4892 RDPWD - ok
21:21:47.0776 4892 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
21:21:47.0791 4892 rdyboost - ok
21:21:47.0822 4892 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
21:21:47.0822 4892 RemoteAccess - ok
21:21:47.0854 4892 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
21:21:47.0854 4892 RemoteRegistry - ok
21:21:47.0900 4892 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
21:21:47.0900 4892 RFCOMM - ok
21:21:47.0932 4892 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
21:21:47.0932 4892 RpcEptMapper - ok
21:21:47.0963 4892 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
21:21:47.0963 4892 RpcLocator - ok
21:21:48.0025 4892 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
21:21:48.0041 4892 RpcSs - ok
21:21:48.0088 4892 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
21:21:48.0088 4892 rspndr - ok
21:21:48.0119 4892 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
21:21:48.0119 4892 RTL8167 - ok
21:21:48.0150 4892 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys
21:21:48.0150 4892 SABI - ok
21:21:48.0166 4892 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
21:21:48.0166 4892 SamSs - ok
21:21:48.0322 4892 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
21:21:48.0353 4892 SBAMSvc - ok
21:21:48.0400 4892 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\windows\system32\DRIVERS\sbapifs.sys
21:21:48.0400 4892 sbapifs - ok
21:21:48.0446 4892 [ B671EEF468D13016B9286F5835A06AE1 ] sbhips C:\windows\system32\drivers\sbhips.sys
21:21:48.0446 4892 sbhips - ok
21:21:48.0478 4892 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
21:21:48.0478 4892 sbp2port - ok
21:21:48.0509 4892 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\windows\system32\drivers\SBREdrv.sys
21:21:48.0509 4892 SBRE - ok
21:21:48.0540 4892 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
21:21:48.0540 4892 SCardSvr - ok
21:21:48.0556 4892 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
21:21:48.0556 4892 scfilter - ok
21:21:48.0602 4892 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
21:21:48.0634 4892 Schedule - ok
21:21:48.0665 4892 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
21:21:48.0665 4892 SCPolicySvc - ok
21:21:48.0696 4892 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
21:21:48.0696 4892 SDRSVC - ok
21:21:48.0758 4892 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:21:48.0774 4892 SeaPort - ok
21:21:48.0790 4892 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
21:21:48.0790 4892 secdrv - ok
21:21:48.0805 4892 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
21:21:48.0805 4892 seclogon - ok
21:21:48.0821 4892 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
21:21:48.0821 4892 SENS - ok
21:21:48.0868 4892 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
21:21:48.0868 4892 SensrSvc - ok
21:21:48.0899 4892 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
21:21:48.0899 4892 Serenum - ok
21:21:48.0961 4892 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
21:21:48.0961 4892 Serial - ok
21:21:48.0977 4892 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
21:21:48.0992 4892 sermouse - ok
21:21:49.0024 4892 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
21:21:49.0024 4892 SessionEnv - ok
21:21:49.0039 4892 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
21:21:49.0039 4892 sffdisk - ok
21:21:49.0039 4892 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
21:21:49.0055 4892 sffp_mmc - ok
21:21:49.0055 4892 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
21:21:49.0070 4892 sffp_sd - ok
21:21:49.0070 4892 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
21:21:49.0070 4892 sfloppy - ok
21:21:49.0117 4892 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
21:21:49.0133 4892 Sftfs - ok
21:21:49.0195 4892 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:21:49.0211 4892 sftlist - ok
21:21:49.0226 4892 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
21:21:49.0226 4892 Sftplay - ok
21:21:49.0242 4892 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
21:21:49.0242 4892 Sftredir - ok
21:21:49.0258 4892 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
21:21:49.0258 4892 Sftvol - ok
21:21:49.0273 4892 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:21:49.0273 4892 sftvsa - ok
21:21:49.0304 4892 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
21:21:49.0304 4892 SharedAccess - ok
21:21:49.0351 4892 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
21:21:49.0367 4892 ShellHWDetection - ok
21:21:49.0398 4892 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
21:21:49.0398 4892 SiSRaid2 - ok
21:21:49.0429 4892 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
21:21:49.0429 4892 SiSRaid4 - ok
21:21:49.0570 4892 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:21:49.0601 4892 Skype C2C Service - ok
21:21:49.0632 4892 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:21:49.0632 4892 SkypeUpdate - ok
21:21:49.0663 4892 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
21:21:49.0663 4892 Smb - ok
21:21:49.0694 4892 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
21:21:49.0694 4892 SNMPTRAP - ok
21:21:49.0710 4892 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
21:21:49.0710 4892 spldr - ok
21:21:49.0757 4892 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
21:21:49.0772 4892 Spooler - ok
21:21:49.0866 4892 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
21:21:49.0913 4892 sppsvc - ok
21:21:49.0944 4892 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
21:21:49.0944 4892 sppuinotify - ok
21:21:49.0991 4892 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
21:21:50.0006 4892 srv - ok
21:21:50.0022 4892 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
21:21:50.0038 4892 srv2 - ok
21:21:50.0053 4892 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
21:21:50.0069 4892 srvnet - ok
21:21:50.0100 4892 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
21:21:50.0100 4892 SSDPSRV - ok
21:21:50.0131 4892 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
21:21:50.0131 4892 SstpSvc - ok
21:21:50.0162 4892 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
21:21:50.0162 4892 stexstor - ok
21:21:50.0209 4892 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
21:21:50.0225 4892 stisvc - ok
21:21:50.0240 4892 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
21:21:50.0240 4892 swenum - ok
21:21:50.0272 4892 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
21:21:50.0287 4892 swprv - ok
21:21:50.0334 4892 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
21:21:50.0365 4892 SysMain - ok
21:21:50.0381 4892 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
21:21:50.0381 4892 TabletInputService - ok
21:21:50.0412 4892 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
21:21:50.0428 4892 TapiSrv - ok
21:21:50.0443 4892 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
21:21:50.0443 4892 TBS - ok
21:21:50.0537 4892 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
21:21:50.0552 4892 Tcpip - ok
21:21:50.0708 4892 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
21:21:50.0740 4892 TCPIP6 - ok
21:21:50.0771 4892 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
21:21:50.0771 4892 tcpipreg - ok
21:21:50.0802 4892 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
21:21:50.0802 4892 TDPIPE - ok
21:21:50.0818 4892 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
21:21:50.0833 4892 TDTCP - ok
21:21:50.0849 4892 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
21:21:50.0849 4892 tdx - ok
21:21:50.0864 4892 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
21:21:50.0864 4892 TermDD - ok
21:21:50.0942 4892 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
21:21:50.0958 4892 TermService - ok
21:21:50.0974 4892 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
21:21:50.0989 4892 Themes - ok
21:21:51.0005 4892 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
21:21:51.0005 4892 THREADORDER - ok
21:21:51.0020 4892 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
21:21:51.0020 4892 TrkWks - ok
21:21:51.0098 4892 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
21:21:51.0098 4892 TrustedInstaller - ok
21:21:51.0114 4892 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
21:21:51.0130 4892 tssecsrv - ok
21:21:51.0145 4892 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
21:21:51.0145 4892 TsUsbFlt - ok
21:21:51.0161 4892 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
21:21:51.0161 4892 TsUsbGD - ok
21:21:51.0192 4892 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
21:21:51.0208 4892 tunnel - ok
21:21:51.0223 4892 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
21:21:51.0223 4892 uagp35 - ok
21:21:51.0239 4892 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
21:21:51.0254 4892 udfs - ok
21:21:51.0286 4892 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
21:21:51.0286 4892 UI0Detect - ok
21:21:51.0301 4892 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
21:21:51.0301 4892 uliagpkx - ok
21:21:51.0317 4892 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
21:21:51.0317 4892 umbus - ok
21:21:51.0332 4892 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
21:21:51.0332 4892 UmPass - ok
21:21:51.0364 4892 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
21:21:51.0364 4892 upnphost - ok
21:21:51.0410 4892 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
21:21:51.0426 4892 usbaudio - ok
21:21:51.0457 4892 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
21:21:51.0457 4892 usbccgp - ok
21:21:51.0488 4892 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
21:21:51.0488 4892 usbcir - ok
21:21:51.0535 4892 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
21:21:51.0535 4892 usbehci - ok
21:21:51.0598 4892 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
21:21:51.0613 4892 usbhub - ok
21:21:51.0644 4892 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
21:21:51.0660 4892 usbohci - ok
21:21:51.0676 4892 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
21:21:51.0691 4892 usbprint - ok
21:21:51.0722 4892 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
21:21:51.0722 4892 usbscan - ok
21:21:51.0738 4892 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
21:21:51.0738 4892 USBSTOR - ok
21:21:51.0769 4892 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
21:21:51.0769 4892 usbuhci - ok
21:21:51.0816 4892 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
21:21:51.0816 4892 usbvideo - ok
21:21:51.0847 4892 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
21:21:51.0847 4892 UxSms - ok
21:21:51.0863 4892 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
21:21:51.0878 4892 VaultSvc - ok
21:21:51.0925 4892 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
21:21:51.0925 4892 vdrvroot - ok
21:21:51.0972 4892 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
21:21:51.0988 4892 vds - ok
21:21:52.0034 4892 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
21:21:52.0034 4892 vga - ok
21:21:52.0050 4892 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
21:21:52.0050 4892 VgaSave - ok
21:21:52.0066 4892 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
21:21:52.0081 4892 vhdmp - ok
21:21:52.0097 4892 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
21:21:52.0112 4892 viaide - ok
21:21:52.0144 4892 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
21:21:52.0144 4892 volmgr - ok
21:21:52.0175 4892 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
21:21:52.0175 4892 volmgrx - ok
21:21:52.0190 4892 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
21:21:52.0190 4892 volsnap - ok
21:21:52.0222 4892 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
21:21:52.0222 4892 vsmraid - ok
21:21:52.0300 4892 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
21:21:52.0315 4892 VSS - ok
21:21:52.0331 4892 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
21:21:52.0346 4892 vwifibus - ok
21:21:52.0378 4892 [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
21:21:52.0378 4892 vwififlt - ok
21:21:52.0409 4892 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
21:21:52.0409 4892 W32Time - ok
21:21:52.0440 4892 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
21:21:52.0440 4892 WacomPen - ok
21:21:52.0471 4892 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
21:21:52.0487 4892 WANARP - ok
21:21:52.0502 4892 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
21:21:52.0502 4892 Wanarpv6 - ok
21:21:52.0580 4892 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
21:21:52.0612 4892 WatAdminSvc - ok
21:21:52.0674 4892 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
21:21:52.0721 4892 wbengine - ok
21:21:52.0752 4892 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
21:21:52.0752 4892 WbioSrvc - ok
21:21:52.0768 4892 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
21:21:52.0783 4892 wcncsvc - ok
21:21:52.0799 4892 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
21:21:52.0799 4892 WcsPlugInService - ok
21:21:52.0830 4892 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
21:21:52.0830 4892 Wd - ok
21:21:52.0861 4892 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
21:21:52.0877 4892 Wdf01000 - ok
21:21:52.0892 4892 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
21:21:52.0908 4892 WdiServiceHost - ok
21:21:52.0908 4892 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
21:21:52.0908 4892 WdiSystemHost - ok
21:21:52.0939 4892 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
21:21:52.0939 4892 WebClient - ok
21:21:52.0955 4892 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
21:21:52.0970 4892 Wecsvc - ok
21:21:52.0986 4892 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
21:21:52.0986 4892 wercplsupport - ok
21:21:53.0002 4892 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
21:21:53.0017 4892 WerSvc - ok
21:21:53.0033 4892 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
21:21:53.0033 4892 WfpLwf - ok
21:21:53.0064 4892 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
21:21:53.0064 4892 WIMMount - ok
21:21:53.0095 4892 WinDefend - ok
21:21:53.0095 4892 WinHttpAutoProxySvc - ok
21:21:53.0173 4892 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
21:21:53.0173 4892 Winmgmt - ok
21:21:53.0251 4892 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
21:21:53.0298 4892 WinRM - ok
21:21:53.0360 4892 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
21:21:53.0392 4892 Wlansvc - ok
21:21:53.0470 4892 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:21:53.0470 4892 wlcrasvc - ok
21:21:53.0563 4892 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:21:53.0594 4892 wlidsvc - ok
21:21:53.0610 4892 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
21:21:53.0626 4892 WmiAcpi - ok
21:21:53.0657 4892 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
21:21:53.0657 4892 wmiApSrv - ok
21:21:53.0719 4892 WMPNetworkSvc - ok
21:21:53.0750 4892 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
21:21:53.0766 4892 WPCSvc - ok
21:21:53.0782 4892 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
21:21:53.0782 4892 WPDBusEnum - ok
21:21:53.0813 4892 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
21:21:53.0813 4892 ws2ifsl - ok
21:21:53.0828 4892 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
21:21:53.0828 4892 wscsvc - ok
21:21:53.0844 4892 WSearch - ok
21:21:53.0938 4892 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
21:21:53.0969 4892 wuauserv - ok
21:21:54.0000 4892 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
21:21:54.0000 4892 WudfPf - ok
21:21:54.0016 4892 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
21:21:54.0016 4892 WUDFRd - ok
21:21:54.0031 4892 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
21:21:54.0031 4892 wudfsvc - ok
21:21:54.0062 4892 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
21:21:54.0062 4892 WwanSvc - ok
21:21:54.0125 4892 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys
21:21:54.0125 4892 yukonw7 - ok
21:21:54.0156 4892 ================ Scan global ===============================
21:21:54.0172 4892 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
21:21:54.0218 4892 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
21:21:54.0234 4892 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
21:21:54.0265 4892 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
21:21:54.0296 4892 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
21:21:54.0312 4892 [Global] - ok
21:21:54.0312 4892 ================ Scan MBR ==================================
21:21:54.0328 4892 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
21:21:54.0811 4892 \Device\Harddisk0\DR0 - ok
21:21:54.0811 4892 ================ Scan VBR ==================================
21:21:54.0811 4892 [ 76E9BDF82560919EB4EB54F583FA7E42 ] \Device\Harddisk0\DR0\Partition1
21:21:54.0811 4892 \Device\Harddisk0\DR0\Partition1 - ok
21:21:54.0827 4892 [ 8C600CBA1C5677EC444FE180AC868F0A ] \Device\Harddisk0\DR0\Partition2
21:21:54.0827 4892 \Device\Harddisk0\DR0\Partition2 - ok
21:21:54.0842 4892 [ 67794FEA16B2E8F9B805A54B8E8A44A2 ] \Device\Harddisk0\DR0\Partition3
21:21:54.0858 4892 \Device\Harddisk0\DR0\Partition3 - ok
21:21:54.0858 4892 ============================================================
21:21:54.0858 4892 Scan finished
21:21:54.0858 4892 ============================================================
21:21:54.0874 5068 Detected object count: 0
21:21:54.0874 5068 Actual detected object count: 0

avast

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-31 21:22:41
-----------------------------
21:22:41.517 OS Version: Windows x64 6.1.7601 Service Pack 1
21:22:41.517 Number of processors: 4 586 0x2505
21:22:41.517 ComputerName: JAFOOL-PC UserName: jafool
21:22:42.282 Initialize success
21:22:58.381 AVAST engine defs: 12103101
21:23:02.827 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:23:02.827 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
21:23:02.843 Disk 0 MBR read successfully
21:23:02.858 Disk 0 MBR scan
21:23:02.858 Disk 0 unknown MBR code
21:23:02.874 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
21:23:02.889 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088
21:23:02.905 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 183296 MB offset 42149888
21:23:02.921 Disk 0 Partition - 00 0F Extended LBA 273062 MB offset 417540096
21:23:02.967 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 273061 MB offset 417542144
21:23:02.999 Disk 0 scanning C:\windows\system32\drivers
21:23:13.872 Service scanning
21:23:42.404 Modules scanning
21:23:42.404 Disk 0 trace - called modules:
21:23:42.467 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:23:42.467 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004483060]
21:23:42.482 3 CLASSPNP.SYS[fffff8800187543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004341050]
21:23:43.855 AVAST engine scan C:\windows
21:23:48.582 AVAST engine scan C:\windows\system32
21:27:44.361 AVAST engine scan C:\windows\system32\drivers
21:28:05.811 AVAST engine scan C:\Users\jafool
21:30:03.513 Disk 0 MBR has been saved successfully to "C:\Users\jafool\Desktop\MBR.dat"
21:30:03.513 The log file has been saved successfully to "C:\Users\jafool\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:10 AM

Posted 31 October 2012 - 08:55 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 likelight2flies

likelight2flies
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 31 October 2012 - 10:58 PM

ComboFix 12-10-31.03 - jafool 10/31/2012 23:26:00.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2600 [GMT -4:00]
Running from: c:\users\jafool\Desktop\ComboFix.exe
Command switches used :: c:\users\jafool\Desktop\CFscript.txt
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
.
.
2012-11-01 03:36 . 2012-11-01 03:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-30 20:38 . 2012-09-28 04:18 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-28 17:54 . 2012-10-28 17:54 -------- d-----w- c:\programdata\Microsoft Help
2012-10-28 17:54 . 2012-10-28 17:54 -------- d-----w- c:\users\jafool\AppData\Local\Microsoft Help
2012-10-27 17:45 . 2012-10-27 17:45 -------- d-----w- c:\users\jafool\AppData\Roaming\Malwarebytes
2012-10-27 17:45 . 2012-10-27 17:45 -------- d-----w- c:\programdata\Malwarebytes
2012-10-27 17:45 . 2012-10-27 17:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-27 17:45 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-23 07:01 . 2012-10-23 07:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-10-21 22:33 . 2012-10-21 22:33 -------- d-----w- c:\users\jafool\AppData\Roaming\LavasoftStatistics
2012-10-21 22:02 . 2011-12-19 16:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-10-21 22:02 . 2011-12-19 17:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-10-21 22:02 . 2011-10-26 18:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2012-10-21 22:02 . 2012-10-21 22:02 -------- d-----w- c:\programdata\Lavasoft
2012-10-21 22:02 . 2012-10-21 23:45 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-10-21 22:02 . 2012-10-21 22:02 -------- d-----w- c:\users\jafool\AppData\Local\Downloaded Installations
2012-10-21 21:58 . 2012-10-21 21:58 -------- d-----w- c:\users\jafool\AppData\Local\adawarebp
2012-10-21 21:58 . 2012-10-31 23:17 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-10-21 21:57 . 2012-10-21 21:57 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-10-21 21:57 . 2012-10-21 21:58 -------- d-----w- c:\program files (x86)\adawaretb
2012-10-21 21:50 . 2012-10-27 16:11 -------- d-----w- c:\users\jafool\AppData\Roaming\Ad-Aware Antivirus
2012-10-17 04:30 . 2012-10-17 04:30 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-13 18:13 . 2012-10-13 18:13 -------- d-----w- c:\users\jafool\AppData\Roaming\Amazon
2012-10-13 18:12 . 2012-10-13 18:12 -------- d-----w- c:\program files (x86)\Amazon
2012-10-13 17:31 . 2012-10-13 17:31 -------- d-----w- c:\program files (x86)\McAfeeMOBK
2012-10-13 17:31 . 2012-10-13 17:31 -------- dc----w- c:\windows\system32\DRVSTORE
2012-10-13 17:31 . 2010-04-14 00:10 66040 ----a-w- c:\windows\system32\drivers\MOBK.sys
2012-10-13 17:31 . 2012-10-13 17:31 -------- d-----w- c:\program files (x86)\McAfee Online Backup
2012-10-11 06:11 . 2012-10-13 16:34 -------- d-----w- c:\users\jafool\AppData\Local\WinRAR SFX
2012-10-10 13:49 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 13:41 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 13:41 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 13:41 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 13:41 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 13:41 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 13:41 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 13:40 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 13:40 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 13:40 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 13:40 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 13:40 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 13:40 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-04 23:40 . 2012-10-04 23:40 -------- d-----w- c:\users\Guest
2012-10-04 18:25 . 2012-10-04 18:25 -------- d-----w- c:\program files (x86)\Geekbench 2.3
2012-10-02 19:29 . 2012-10-02 19:32 -------- d-----w- c:\users\jafool\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 06:12 . 2012-09-02 03:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 06:12 . 2012-09-02 03:43 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-02 18:13 . 2012-09-02 18:13 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-02 18:13 . 2012-09-02 18:13 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-02 18:13 . 2012-09-02 18:13 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-02 18:13 . 2012-09-02 18:13 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-02 18:13 . 2012-09-02 18:13 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-02 18:13 . 2012-09-02 18:13 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-02 18:13 . 2012-09-02 18:13 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-02 18:13 . 2012-09-02 18:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-02 18:13 . 2012-09-02 18:13 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-02 18:13 . 2012-09-02 18:13 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-02 18:13 . 2012-09-02 18:13 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-02 18:13 . 2012-09-02 18:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-02 18:13 . 2012-09-02 18:13 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-02 18:13 . 2012-09-02 18:13 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-02 18:13 . 2012-09-02 18:13 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-02 18:13 . 2012-09-02 18:13 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-02 18:13 . 2012-09-02 18:13 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-02 18:13 . 2012-09-02 18:13 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-02 18:13 . 2012-09-02 18:13 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-02 18:13 . 2012-09-02 18:13 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-02 18:13 . 2012-09-02 18:13 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-02 18:13 . 2012-09-02 18:13 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-02 18:13 . 2012-09-02 18:13 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-02 18:13 . 2012-09-02 18:13 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-02 18:13 . 2012-09-02 18:13 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-02 18:13 . 2012-09-02 18:13 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-02 18:13 . 2012-09-02 18:13 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-02 18:13 . 2012-09-02 18:13 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-02 18:13 . 2012-09-02 18:13 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-02 18:13 . 2012-09-02 18:13 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-02 18:13 . 2012-09-02 18:13 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-02 18:13 . 2012-09-02 18:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-02 18:13 . 2012-09-02 18:13 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-02 18:13 . 2012-09-02 18:13 448512 ----a-w- c:\windows\system32\html.iec
2012-09-02 18:13 . 2012-09-02 18:13 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-02 18:13 . 2012-09-02 18:13 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-02 18:13 . 2012-09-02 18:13 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-02 18:13 . 2012-09-02 18:13 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-02 18:13 . 2012-09-02 18:13 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-02 18:13 . 2012-09-02 18:13 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-02 18:13 . 2012-09-02 18:13 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-02 18:13 . 2012-09-02 18:13 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-02 18:13 . 2012-09-02 18:13 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-02 18:13 . 2012-09-02 18:13 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-02 18:13 . 2012-09-02 18:13 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-02 18:13 . 2012-09-02 18:13 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-02 18:13 . 2012-09-02 18:13 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-02 18:13 . 2012-09-02 18:13 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-02 18:13 . 2012-09-02 18:13 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-01 05:02 . 2010-06-24 02:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-24 11:15 . 2012-09-22 07:00 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 07:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 07:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 07:00 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 07:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 07:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 07:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 07:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 07:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 07:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 00:31 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 00:31 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 00:31 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 00:31 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 14:50 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 13:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-09-20 20:06 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-09-20 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\jafool\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\jafool\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\jafool\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\jafool\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-26 1199576]
"Spotify"="c:\users\jafool\AppData\Roaming\Spotify\spotify.exe" [2012-10-26 7880664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]
.
c:\users\jafool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jafool\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 cpuz135;cpuz135;c:\users\jafool\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 L6UX1;Service - Line 6 UX1;c:\windows\system32\Drivers\L6UX164.sys [2009-01-28 830720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-27 115168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-02 1255736]
R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-09-20 1236368]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-01 136192]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 289280]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 89151730
*NewlyCreated* - WS2IFSL
*Deregistered* - 89151730
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942724973-3254444484-952029406-1000Core.job
- c:\users\jafool\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-02 19:29]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942724973-3254444484-952029406-1000UA.job
- c:\users\jafool\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-02 19:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\jafool\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\jafool\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\jafool\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\jafool\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=DD2E13AF765E2BB47D0F2450846FD4F6
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\jafool\AppData\Roaming\Mozilla\Firefox\Profiles\0f3fbhgt.default\
FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=DD2E13AF765E2BB47D0F2450846FD4F6
FF - ExtSQL: 2012-09-05 14:42; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-10-21 01:25; [email protected]; c:\users\jafool\AppData\Roaming\Mozilla\Firefox\Profiles\0f3fbhgt.default\extensions\[email protected]
FF - ExtSQL: 2012-10-21 17:57; {87934c42-161d-45bc-8cef-ef18abe2a30c}; c:\users\jafool\AppData\Roaming\Mozilla\Firefox\Profiles\0f3fbhgt.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2012-10-21 17:57; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\jafool\AppData\Roaming\Mozilla\Firefox\Profiles\0f3fbhgt.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-31 23:53:20
ComboFix-quarantined-files.txt 2012-11-01 03:53
ComboFix2.txt 2012-11-01 00:28
.
Pre-Run: 139,174,813,696 bytes free
Post-Run: 139,247,128,576 bytes free
.
- - End Of File - - BCF66EBFBE79785F66BF12714A466DC5




Computer seems to be doing fine now! =)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:10 AM

Posted 01 November 2012 - 08:17 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.1
Ask Toolbar
Bing Bar
Java™ SE Runtime Environment 6 Update 1
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 likelight2flies

likelight2flies
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 01 November 2012 - 02:37 PM

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.31.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jafool :: JAFOOL-PC [administrator]

Protection: Disabled

11/1/2012 9:24:29 AM
mbam-log-2012-11-01 (09-24-29).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342813
Time elapsed: 33 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

HIJACKTHIS Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:29:49 PM, on 11/1/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Users\jafool\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\jafool\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Users\jafool\Desktop\Cleaning tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=DD2E13AF765E2BB47D0F2450846FD4F6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\jafool\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\jafool\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
O4 - Startup: Dropbox.lnk = C:\Users\jafool\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.line6.net
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9404 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:10 AM

Posted 01 November 2012 - 08:59 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\jafool\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      O4 - HKCU\..\Run: [Spotify] "C:\Users\jafool\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
      O4 - Startup: Dropbox.lnk = C:\Users\jafool\AppData\Roaming\Dropbox\bin\Dropbox.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 likelight2flies

likelight2flies
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 02 November 2012 - 08:45 AM

The Eset scanner would not show up




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users