Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Removal Advice


  • This topic is locked This topic is locked
26 replies to this topic

#1 LionsFanDET

LionsFanDET

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 18 November 2011 - 12:17 AM

Greetings,

I originally posted in the "Am I infected? What do I do?" forum, ran some scans as requested and was directed here needing the help of the malware removal team.

Here was the original post items, none of the scans fixed them.

-I can't click "More search tools" on Google - but I can open in new tab and the additional links appear
-On Google Image search, page 1 loads but when I scroll down, no other pages appear (white space)
-Google redirect virus
-Windows ALWAYS has "updates" to install, & every time I shut down it senses there are background programs (when there's not)
-No system restore will work. It stays at the initializing screen, whether in Windows or on startup & F8


http://www.bleepingcomputer.com/forums/topic428091.html

Thanks!

edit: Just noticed the two logs requested for new topics, will do that now.

I'm 64-bit, so no GMER log. I did run it earlier today, posted in the thread linked above.

DDS.txt Log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by Craig at 0:21:40 on 2011-11-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.1890 [GMT -5:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Users\Craig\Downloads\Applications\7 Taskbar Tweaker x64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\AVG\AVG2012\avgcsrvx.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6b6l0440z125a4561x530
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6b6l0440z125a4561x530
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=95.154.211.201:31013
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - C:\Program Files (x86)\FireShot for IE\FSAddin-0.85.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [7 Taskbar Tweaker] "C:\Users\Craig\Downloads\Applications\7 Taskbar Tweaker x64.exe" -hidewnd
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 216.165.129.158
TCP: Interfaces\{02D98159-5206-4F95-B1F4-0255DF7C2B07} : DhcpNameServer = 192.168.0.1 216.165.129.158
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: FireShot: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for IE\FSAddin-0.85.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\54ew1f56.default\
FF - prefs.js: browser.startup.homepage - hxxp://sidelinescouting.com/mock/index5.shtml
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58182
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Spoon\3.23.0.12\npMozillaSpoonPlugin.dll
FF - plugin: C:\Program Files (x86)\Spoon\3.24.0.9\npMozillaSpoonPlugin.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Craig\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 FSProFilter;FSPro File Filter;C:\Windows\system32\Drivers\FSPFltd.sys --> C:\Windows\system32\Drivers\FSPFltd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-10-24 2398512]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-3-17 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-29 240160]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-22 135664]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-22 135664]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-29 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2011-11-18 00:30:22 -------- d-----w- C:\$RECYCLE.BIN
2011-11-18 00:29:22 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{46399B3F-732E-4EB6-9F84-0D1AF5F0E65B}\offreg.dll
2011-11-17 23:50:31 -------- d-----w- C:\ComboFix
2011-11-17 18:32:30 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{46399B3F-732E-4EB6-9F84-0D1AF5F0E65B}\mpengine.dll
2011-11-17 03:59:41 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-15 09:45:58 -------- d-----w- C:\Users\Craig\AppData\Roaming\ESET
2011-11-15 09:45:58 -------- d-----w- C:\Users\Craig\AppData\Local\ESET
2011-11-15 09:38:53 -------- d-----w- C:\Program Files\ESET
2011-11-15 09:09:13 0 ----a-w- C:\backup.reg
2011-11-15 09:09:10 61440 ----a-w- C:\Windows\SysWow64\drivers\vzwbzdy.sys
2011-11-15 07:20:14 -------- d-----w- C:\Users\Craig\AppData\Local\CrashDumps
2011-11-15 07:04:44 -------- d-----w- C:\Users\Craig\AppData\Local\NPE
2011-11-15 06:59:40 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FCECA603-8DD0-47AB-BECA-FB236A095959}\mpengine.dll
2011-11-15 06:11:34 -------- d-----w- C:\$AVG
2011-11-15 05:28:47 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-15 05:28:46 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-15 05:28:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-15 05:28:39 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-11-15 04:22:32 -------- d-----w- C:\Users\Craig\AppData\Roaming\AVG2012
2011-11-15 04:21:46 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-11-15 04:17:29 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-11-15 04:17:29 -------- d-----w- C:\ProgramData\AVG2012
2011-11-15 04:06:49 -------- d--h--w- C:\ProgramData\Common Files
2011-11-15 03:48:02 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2F0B1125-4DC8-4240-9644-52FBAC7B218B}\gapaengine.dll
2011-11-15 02:42:13 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-15 02:41:57 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-15 02:41:35 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-11-15 02:27:30 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-11-13 20:53:51 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
.
==================== Find3M ====================
.
2011-11-15 02:21:41 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-10-07 11:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-13 11:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-09-07 00:10:09 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-04 07:27:43 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
.
============= FINISH: 0:30:56.40 ===============

Attached Files


Edited by LionsFanDET, 18 November 2011 - 12:38 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 AM

Posted 19 November 2011 - 12:46 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: ESET Smart Security 5.0
AV: Microsoft Security Essentials
AV: AVG Internet Security 2012


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 LionsFanDET

LionsFanDET
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 21 November 2011 - 01:22 AM

It seems to have all the same problems it had before. Google issues, "waiting for background program to close," etc. It really hasn't prevented me from doing work I need to do, but it makes the process longer, especially dodging the redirect in Google and when searching for images.

I removed ESET Smart Security 5.0 and AVG Internet Security 2012 but left Microsoft Security Essentials

Here is the log

ComboFix 11-11-20.02 - Craig 11/20/2011 23:59:02.11.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2584 [GMT -5:00]
Running from: c:\users\Craig\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Craig\AppData\Local\Temp\stt8297.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-21 05:33 . 2011-11-21 05:33 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B4BC8D9-E5F7-45B9-AC80-F5442FC3DCF3}\offreg.dll
2011-11-21 05:31 . 2011-11-21 05:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-21 05:31 . 2011-11-21 05:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-20 18:49 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B4BC8D9-E5F7-45B9-AC80-F5442FC3DCF3}\mpengine.dll
2011-11-18 06:59 . 2011-11-18 07:43 -------- d-----w- c:\program files (x86)\Jeopardy!
2011-11-17 03:59 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-15 09:45 . 2011-11-15 09:45 -------- d-----w- c:\users\Craig\AppData\Local\ESET
2011-11-15 09:09 . 2011-11-15 09:09 0 ----a-w- C:\backup.reg
2011-11-15 09:09 . 2011-11-15 09:09 61440 ----a-w- c:\windows\SysWow64\drivers\vzwbzdy.sys
2011-11-15 07:20 . 2011-11-16 05:10 -------- d-----w- c:\users\Craig\AppData\Local\CrashDumps
2011-11-15 07:04 . 2011-11-15 07:17 -------- d-----w- c:\users\Craig\AppData\Local\NPE
2011-11-15 06:59 . 2011-08-16 12:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCECA603-8DD0-47AB-BECA-FB236A095959}\mpengine.dll
2011-11-15 05:28 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-15 05:28 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-15 05:28 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-15 05:28 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 04:06 . 2011-11-15 04:06 -------- d--h--w- c:\programdata\Common Files
2011-11-15 03:48 . 2011-11-15 03:47 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F0B1125-4DC8-4240-9644-52FBAC7B218B}\gapaengine.dll
2011-11-15 02:42 . 2011-11-15 02:42 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-15 02:41 . 2011-11-15 02:42 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-15 02:41 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-11-15 02:27 . 2011-11-15 02:27 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-11-13 20:53 . 2011-09-03 06:01 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 02:21 . 2011-07-18 06:59 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-01 03:21 . 2011-10-12 21:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-12 21:28 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-07 00:10 . 2011-06-27 10:33 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-04 07:27 . 2011-09-04 07:27 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-27 05:40 . 2011-10-12 21:25 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:40 . 2011-10-12 21:25 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:43 . 2011-10-12 21:25 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-12 21:25 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-18_00.32.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-29 20:15 . 2011-11-21 05:34 59020 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-21 05:34 49764 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-22 23:54 . 2011-11-21 04:50 18864 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-405526992-603938712-2474990162-1001_UserData.bin
- 2009-07-14 05:30 . 2011-11-15 09:40 86016 c:\windows\system64\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-11-20 02:26 86016 c:\windows\system64\DriverStore\infpub.dat
+ 2010-03-17 13:41 . 2011-11-19 07:54 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-17 13:41 . 2011-11-18 00:29 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-17 13:41 . 2011-11-19 07:54 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-17 13:41 . 2011-11-18 00:29 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-18 00:29 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-19 07:54 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-29 20:15 . 2011-11-21 05:34 59020 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-21 05:34 49764 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-22 23:54 . 2011-11-21 04:50 18864 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-405526992-603938712-2474990162-1001_UserData.bin
- 2009-07-14 05:30 . 2011-11-15 09:40 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-11-20 02:26 86016 c:\windows\system32\DriverStore\infpub.dat
- 2010-03-17 13:41 . 2011-11-18 00:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-17 13:41 . 2011-11-19 07:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-17 13:41 . 2011-11-19 07:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-17 13:41 . 2011-11-18 00:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-18 00:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-19 07:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-23 06:59 . 2011-11-21 05:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-23 06:59 . 2011-11-18 00:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-14 05:47 . 2011-11-18 00:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-14 05:47 . 2011-11-21 05:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-14 05:47 . 2011-11-18 00:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-11-14 05:47 . 2011-11-21 05:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-11-14 05:47 . 2011-11-18 00:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-11-14 05:47 . 2011-11-21 05:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2010-06-23 06:59 . 2011-11-21 05:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-23 06:59 . 2011-11-18 00:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-23 06:59 . 2011-11-18 00:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-23 06:59 . 2011-11-21 05:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-22 23:51 . 2011-11-18 00:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-22 23:51 . 2011-11-21 05:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-22 23:51 . 2011-11-18 00:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-22 23:51 . 2011-11-21 05:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-15 21:44 . 2011-11-18 07:46 7029 c:\windows\SysWOW64\config\systemprofile\AppData\Local\ESET\ESET Smart Security\Antispam\scdns.bin
+ 2011-11-21 05:33 . 2011-11-21 05:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-18 00:29 . 2011-11-18 00:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-18 00:29 . 2011-11-18 00:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-21 05:33 . 2011-11-21 05:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2011-11-18 10:54 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-17 10:54 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-18 10:54 868352 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-17 10:54 868352 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-23 13:48 . 2011-11-18 01:39 274980 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-11-15 02:42 629182 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-18 07:02 629182 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-18 07:02 108366 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2011-11-15 02:42 108366 c:\windows\system64\perfc009.dat
+ 2010-03-18 19:27 . 2010-03-18 18:27 827744 c:\windows\system64\msvcr100_clr0400.dll
- 2010-03-18 18:27 . 2010-03-18 18:27 827744 c:\windows\system64\msvcr100_clr0400.dll
+ 2009-07-14 05:30 . 2011-11-20 02:26 143360 c:\windows\system64\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-11-15 09:40 143360 c:\windows\system64\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-11-15 09:40 143360 c:\windows\system64\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-11-20 02:26 143360 c:\windows\system64\DriverStore\infstor.dat
+ 2010-06-23 13:48 . 2011-11-18 01:39 274980 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-11-18 07:02 629182 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-15 02:42 629182 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-15 02:42 108366 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-18 07:02 108366 c:\windows\system32\perfc009.dat
+ 2010-03-18 19:27 . 2010-03-18 18:27 827744 c:\windows\system32\msvcr100_clr0400.dll
- 2010-03-18 18:27 . 2010-03-18 18:27 827744 c:\windows\system32\msvcr100_clr0400.dll
+ 2009-07-14 05:30 . 2011-11-20 02:26 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-11-15 09:40 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-11-15 09:40 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-11-20 02:26 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2011-11-21 05:32 469748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-17 23:46 469748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-17 14:08 . 2011-05-17 14:08 578896 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
+ 2011-05-17 15:08 . 2011-05-17 14:08 578896 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
- 2011-05-17 13:27 . 2011-05-17 13:27 413520 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
+ 2011-05-17 14:27 . 2011-05-17 13:27 413520 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
- 2009-07-14 04:54 . 2011-11-17 10:54 3489792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-18 10:54 3489792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-21 08:27 . 2011-11-17 23:46 2548320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-405526992-603938712-2474990162-1001-12288.dat
+ 2011-05-21 08:27 . 2011-11-21 05:32 2548320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-405526992-603938712-2474990162-1001-12288.dat
- 2011-07-09 14:05 . 2011-07-09 14:05 9790792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
+ 2011-07-09 15:05 . 2011-07-09 14:05 9790792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
- 2009-07-14 02:34 . 2011-11-17 22:24 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-21 05:02 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-11-17 22:24 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-21 05:02 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
"7 Taskbar Tweaker"="c:\users\Craig\Downloads\Applications\7 Taskbar Tweaker x64.exe" [2010-03-20 75264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-09-24 244480]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-08-03 498160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-12-18 1541472]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-28 1132984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 kkttfwem;kkttfwem;c:\windows\system32\drivers\kkttfwem.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-23 135664]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-23 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2009-07-14 01:14 301568 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-23 00:05]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-23 00:05]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-405526992-603938712-2474990162-1001Core.job
- c:\users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 05:15]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-405526992-603938712-2474990162-1001UA.job
- c:\users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-16 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6b6l0440z125a4561x530
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6b6l0440z125a4561x530
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=95.154.211.201:31013
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1 216.165.129.158
FF - ProfilePath - c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\54ew1f56.default\
FF - prefs.js: browser.startup.homepage - hxxp://sidelinescouting.com/mock/index5.shtml
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58182
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe
.
**************************************************************************
.
Completion time: 2011-11-21 00:54:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-21 05:54
ComboFix2.txt 2011-11-18 00:55
ComboFix3.txt 2011-11-15 08:50
ComboFix4.txt 2011-11-15 01:14
ComboFix5.txt 2011-11-21 04:54
.
Pre-Run: 320,639,975,424 bytes free
Post-Run: 320,361,787,392 bytes free
.
- - End Of File - - 2F79B92B3F15EB9C478901D0EA97F487

Edited by LionsFanDET, 21 November 2011 - 01:22 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 AM

Posted 21 November 2011 - 01:44 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 LionsFanDET

LionsFanDET
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 21 November 2011 - 03:52 AM

Here is that log.

03:49:29.0448 2668 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
03:49:29.0963 2668 ============================================================
03:49:29.0963 2668 Current date / time: 2011/11/21 03:49:29.0963
03:49:29.0963 2668 SystemInfo:
03:49:29.0963 2668
03:49:29.0963 2668 OS Version: 6.1.7600 ServicePack: 0.0
03:49:29.0963 2668 Product type: Workstation
03:49:29.0963 2668 ComputerName: CRAIG-PC
03:49:29.0963 2668 UserName: Craig
03:49:29.0963 2668 Windows directory: C:\Windows
03:49:29.0963 2668 System windows directory: C:\Windows
03:49:29.0963 2668 Running under WOW64
03:49:29.0963 2668 Processor architecture: Intel x64
03:49:29.0963 2668 Number of processors: 2
03:49:29.0963 2668 Page size: 0x1000
03:49:29.0963 2668 Boot type: Normal boot
03:49:29.0963 2668 ============================================================
03:49:31.0008 2668 Initialize success
03:49:37.0825 2624 ============================================================
03:49:37.0825 2624 Scan started
03:49:37.0825 2624 Mode: Manual;
03:49:37.0825 2624 ============================================================
03:49:41.0023 2624 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
03:49:41.0039 2624 1394ohci - ok
03:49:41.0164 2624 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
03:49:41.0164 2624 ACPI - ok
03:49:41.0273 2624 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
03:49:41.0273 2624 AcpiPmi - ok
03:49:41.0398 2624 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
03:49:41.0413 2624 adp94xx - ok
03:49:41.0554 2624 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
03:49:41.0554 2624 adpahci - ok
03:49:41.0678 2624 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
03:49:41.0678 2624 adpu320 - ok
03:49:41.0819 2624 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
03:49:41.0834 2624 AFD - ok
03:49:41.0944 2624 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
03:49:41.0944 2624 agp440 - ok
03:49:42.0053 2624 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
03:49:42.0053 2624 aliide - ok
03:49:42.0162 2624 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
03:49:42.0162 2624 amdide - ok
03:49:42.0271 2624 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
03:49:42.0271 2624 AmdK8 - ok
03:49:42.0614 2624 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
03:49:42.0614 2624 AmdPPM - ok
03:49:42.0755 2624 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
03:49:42.0755 2624 amdsata - ok
03:49:42.0958 2624 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
03:49:42.0958 2624 amdsbs - ok
03:49:43.0129 2624 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
03:49:43.0129 2624 amdxata - ok
03:49:43.0285 2624 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys
03:49:43.0301 2624 Andbus - ok
03:49:43.0426 2624 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys
03:49:43.0426 2624 AndDiag - ok
03:49:43.0550 2624 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys
03:49:43.0550 2624 AndGps - ok
03:49:43.0675 2624 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys
03:49:43.0675 2624 ANDModem - ok
03:49:43.0816 2624 ApfiltrService (9815014f3e30357168da272088c6f12f) C:\Windows\system32\DRIVERS\Apfiltr.sys
03:49:43.0816 2624 ApfiltrService - ok
03:49:43.0909 2624 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
03:49:43.0909 2624 AppID - ok
03:49:44.0050 2624 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
03:49:44.0096 2624 arc - ok
03:49:44.0252 2624 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
03:49:44.0252 2624 arcsas - ok
03:49:44.0377 2624 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
03:49:44.0377 2624 AsyncMac - ok
03:49:44.0502 2624 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
03:49:44.0502 2624 atapi - ok
03:49:44.0689 2624 athr (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys
03:49:44.0705 2624 athr - ok
03:49:44.0830 2624 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
03:49:44.0830 2624 AtiHdmiService - ok
03:49:45.0095 2624 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
03:49:45.0220 2624 atikmdag - ok
03:49:45.0329 2624 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
03:49:45.0329 2624 AtiPcie - ok
03:49:45.0454 2624 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
03:49:45.0454 2624 b06bdrv - ok
03:49:45.0594 2624 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
03:49:45.0594 2624 b57nd60a - ok
03:49:45.0750 2624 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
03:49:45.0766 2624 BCM43XX - ok
03:49:45.0906 2624 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
03:49:45.0906 2624 Beep - ok
03:49:46.0078 2624 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
03:49:46.0078 2624 blbdrive - ok
03:49:46.0280 2624 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
03:49:46.0280 2624 bowser - ok
03:49:46.0405 2624 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:49:46.0405 2624 BrFiltLo - ok
03:49:46.0546 2624 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:49:46.0546 2624 BrFiltUp - ok
03:49:46.0733 2624 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
03:49:46.0733 2624 Brserid - ok
03:49:46.0873 2624 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
03:49:46.0873 2624 BrSerWdm - ok
03:49:47.0014 2624 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:49:47.0014 2624 BrUsbMdm - ok
03:49:47.0138 2624 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
03:49:47.0138 2624 BrUsbSer - ok
03:49:47.0279 2624 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
03:49:47.0279 2624 BTHMODEM - ok
03:49:47.0669 2624 catchme - ok
03:49:47.0950 2624 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
03:49:47.0950 2624 CAXHWAZL - ok
03:49:48.0106 2624 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
03:49:48.0106 2624 cdfs - ok
03:49:48.0308 2624 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
03:49:48.0324 2624 cdrom - ok
03:49:48.0574 2624 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
03:49:48.0574 2624 circlass - ok
03:49:48.0839 2624 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
03:49:48.0839 2624 CLFS - ok
03:49:49.0089 2624 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
03:49:49.0089 2624 CmBatt - ok
03:49:49.0276 2624 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
03:49:49.0276 2624 cmdide - ok
03:49:49.0463 2624 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
03:49:49.0479 2624 CNG - ok
03:49:49.0681 2624 CnxtHdAudService (20f3f8674d7dee5d90a352b775d5d5ba) C:\Windows\system32\drivers\CHDRT64.sys
03:49:49.0697 2624 CnxtHdAudService - ok
03:49:49.0931 2624 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
03:49:49.0931 2624 Compbatt - ok
03:49:50.0118 2624 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
03:49:50.0118 2624 CompositeBus - ok
03:49:50.0290 2624 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
03:49:50.0290 2624 crcdisk - ok
03:49:50.0477 2624 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
03:49:50.0477 2624 DfsC - ok
03:49:50.0695 2624 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
03:49:50.0695 2624 discache - ok
03:49:50.0851 2624 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
03:49:50.0851 2624 Disk - ok
03:49:50.0851 2624 DKbFltr - ok
03:49:51.0366 2624 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
03:49:51.0429 2624 drmkaud - ok
03:49:51.0631 2624 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
03:49:51.0647 2624 DXGKrnl - ok
03:49:52.0162 2624 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
03:49:52.0318 2624 ebdrv - ok
03:49:52.0567 2624 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
03:49:52.0583 2624 elxstor - ok
03:49:52.0755 2624 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
03:49:52.0817 2624 ErrDev - ok
03:49:52.0957 2624 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
03:49:52.0973 2624 exfat - ok
03:49:53.0098 2624 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
03:49:53.0113 2624 fastfat - ok
03:49:53.0347 2624 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
03:49:53.0347 2624 fdc - ok
03:49:53.0550 2624 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
03:49:53.0550 2624 FileInfo - ok
03:49:53.0753 2624 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
03:49:53.0753 2624 Filetrace - ok
03:49:54.0018 2624 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
03:49:54.0018 2624 flpydisk - ok
03:49:54.0268 2624 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
03:49:54.0268 2624 FltMgr - ok
03:49:54.0627 2624 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
03:49:54.0642 2624 FsDepends - ok
03:49:54.0892 2624 FSProFilter (8197c85348a33bccfe80dd6e2db53903) C:\Windows\system32\Drivers\FSPFltd.sys
03:49:54.0907 2624 FSProFilter - ok
03:49:55.0063 2624 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
03:49:55.0063 2624 Fs_Rec - ok
03:49:55.0282 2624 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
03:49:55.0282 2624 fvevol - ok
03:49:55.0407 2624 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
03:49:55.0407 2624 gagp30kx - ok
03:49:55.0687 2624 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
03:49:55.0687 2624 hcw85cir - ok
03:49:55.0953 2624 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
03:49:55.0953 2624 HdAudAddService - ok
03:49:56.0155 2624 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
03:49:56.0171 2624 HDAudBus - ok
03:49:56.0327 2624 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
03:49:56.0327 2624 HidBatt - ok
03:49:56.0483 2624 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
03:49:56.0499 2624 HidBth - ok
03:49:56.0717 2624 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
03:49:56.0733 2624 HidIr - ok
03:49:56.0873 2624 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
03:49:56.0889 2624 HidUsb - ok
03:49:57.0045 2624 hpiacoz - ok
03:49:57.0201 2624 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
03:49:57.0201 2624 HpSAMD - ok
03:49:57.0419 2624 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
03:49:57.0435 2624 HSF_DPV - ok
03:49:57.0622 2624 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
03:49:57.0653 2624 HTTP - ok
03:49:57.0840 2624 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
03:49:57.0840 2624 hwpolicy - ok
03:49:57.0996 2624 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
03:49:57.0996 2624 i8042prt - ok
03:49:58.0215 2624 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
03:49:58.0215 2624 iaStorV - ok
03:49:58.0995 2624 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
03:49:59.0182 2624 igfx - ok
03:49:59.0431 2624 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
03:49:59.0447 2624 iirsp - ok
03:49:59.0697 2624 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
03:49:59.0697 2624 intelide - ok
03:49:59.0868 2624 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
03:49:59.0868 2624 intelppm - ok
03:50:00.0102 2624 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:50:00.0102 2624 IpFilterDriver - ok
03:50:00.0289 2624 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
03:50:00.0289 2624 IPMIDRV - ok
03:50:00.0414 2624 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
03:50:00.0414 2624 IPNAT - ok
03:50:00.0539 2624 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
03:50:00.0586 2624 IRENUM - ok
03:50:00.0711 2624 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
03:50:00.0726 2624 isapnp - ok
03:50:00.0913 2624 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
03:50:00.0913 2624 iScsiPrt - ok
03:50:01.0116 2624 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
03:50:01.0132 2624 k57nd60a - ok
03:50:01.0257 2624 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
03:50:01.0288 2624 kbdclass - ok
03:50:01.0506 2624 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
03:50:01.0506 2624 kbdhid - ok
03:50:01.0647 2624 kkttfwem - ok
03:50:01.0803 2624 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
03:50:01.0803 2624 KSecDD - ok
03:50:02.0005 2624 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
03:50:02.0005 2624 KSecPkg - ok
03:50:02.0146 2624 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
03:50:02.0146 2624 ksthunk - ok
03:50:02.0255 2624 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
03:50:02.0255 2624 L1E - ok
03:50:02.0614 2624 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
03:50:02.0661 2624 lltdio - ok
03:50:02.0973 2624 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
03:50:03.0019 2624 LSI_FC - ok
03:50:03.0316 2624 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
03:50:03.0316 2624 LSI_SAS - ok
03:50:03.0534 2624 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:50:03.0550 2624 LSI_SAS2 - ok
03:50:03.0768 2624 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:50:03.0768 2624 LSI_SCSI - ok
03:50:03.0940 2624 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
03:50:03.0940 2624 luafv - ok
03:50:04.0174 2624 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
03:50:04.0189 2624 mdmxsdk - ok
03:50:04.0392 2624 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
03:50:04.0392 2624 megasas - ok
03:50:04.0579 2624 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
03:50:04.0579 2624 MegaSR - ok
03:50:04.0782 2624 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
03:50:04.0782 2624 Modem - ok
03:50:04.0954 2624 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
03:50:04.0969 2624 monitor - ok
03:50:05.0110 2624 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
03:50:05.0110 2624 mouclass - ok
03:50:05.0297 2624 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
03:50:05.0328 2624 mouhid - ok
03:50:05.0484 2624 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
03:50:05.0484 2624 mountmgr - ok
03:50:05.0703 2624 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
03:50:05.0703 2624 MpFilter - ok
03:50:06.0061 2624 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
03:50:06.0061 2624 mpio - ok
03:50:06.0327 2624 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
03:50:06.0327 2624 MpNWMon - ok
03:50:06.0451 2624 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
03:50:06.0467 2624 mpsdrv - ok
03:50:06.0701 2624 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
03:50:06.0701 2624 MRxDAV - ok
03:50:06.0873 2624 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:50:06.0888 2624 mrxsmb - ok
03:50:07.0029 2624 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:50:07.0029 2624 mrxsmb10 - ok
03:50:07.0200 2624 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:50:07.0231 2624 mrxsmb20 - ok
03:50:07.0356 2624 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
03:50:07.0372 2624 msahci - ok
03:50:07.0559 2624 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
03:50:07.0559 2624 msdsm - ok
03:50:07.0699 2624 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
03:50:07.0699 2624 Msfs - ok
03:50:07.0840 2624 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
03:50:07.0840 2624 mshidkmdf - ok
03:50:07.0965 2624 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
03:50:07.0965 2624 msisadrv - ok
03:50:08.0199 2624 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
03:50:08.0199 2624 MSKSSRV - ok
03:50:08.0339 2624 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
03:50:08.0339 2624 MSPCLOCK - ok
03:50:08.0495 2624 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
03:50:08.0495 2624 MSPQM - ok
03:50:08.0620 2624 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
03:50:08.0635 2624 MsRPC - ok
03:50:08.0745 2624 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
03:50:08.0745 2624 mssmbios - ok
03:50:08.0916 2624 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
03:50:08.0916 2624 MSTEE - ok
03:50:09.0041 2624 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
03:50:09.0306 2624 MTConfig - ok
03:50:09.0493 2624 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
03:50:09.0493 2624 Mup - ok
03:50:09.0634 2624 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
03:50:09.0634 2624 NativeWifiP - ok
03:50:09.0883 2624 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
03:50:09.0915 2624 NDIS - ok
03:50:10.0102 2624 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
03:50:10.0117 2624 NdisCap - ok
03:50:10.0258 2624 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
03:50:10.0273 2624 NdisTapi - ok
03:50:10.0461 2624 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
03:50:10.0476 2624 Ndisuio - ok
03:50:10.0617 2624 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
03:50:10.0617 2624 NdisWan - ok
03:50:10.0726 2624 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
03:50:10.0726 2624 NDProxy - ok
03:50:10.0866 2624 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
03:50:10.0882 2624 NetBIOS - ok
03:50:11.0053 2624 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
03:50:11.0053 2624 NetBT - ok
03:50:11.0256 2624 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
03:50:11.0272 2624 netr28x - ok
03:50:11.0490 2624 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
03:50:11.0490 2624 nfrd960 - ok
03:50:11.0724 2624 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
03:50:11.0740 2624 NisDrv - ok
03:50:11.0943 2624 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
03:50:11.0958 2624 Npfs - ok
03:50:12.0067 2624 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
03:50:12.0083 2624 nsiproxy - ok
03:50:12.0317 2624 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
03:50:12.0379 2624 Ntfs - ok
03:50:12.0551 2624 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
03:50:12.0551 2624 NTIDrvr - ok
03:50:12.0707 2624 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
03:50:12.0723 2624 Null - ok
03:50:12.0847 2624 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
03:50:12.0863 2624 nvraid - ok
03:50:13.0050 2624 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
03:50:13.0066 2624 nvstor - ok
03:50:13.0206 2624 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
03:50:13.0206 2624 nv_agp - ok
03:50:13.0440 2624 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
03:50:13.0440 2624 ohci1394 - ok
03:50:13.0627 2624 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
03:50:13.0627 2624 Parport - ok
03:50:13.0815 2624 Partizan - ok
03:50:13.0986 2624 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
03:50:13.0986 2624 partmgr - ok
03:50:14.0158 2624 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
03:50:14.0158 2624 pci - ok
03:50:14.0298 2624 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
03:50:14.0298 2624 pciide - ok
03:50:14.0470 2624 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
03:50:14.0470 2624 pcmcia - ok
03:50:14.0673 2624 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
03:50:14.0673 2624 pcw - ok
03:50:14.0938 2624 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
03:50:14.0953 2624 PEAUTH - ok
03:50:15.0125 2624 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
03:50:15.0141 2624 PptpMiniport - ok
03:50:15.0265 2624 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
03:50:15.0281 2624 Processor - ok
03:50:15.0453 2624 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
03:50:15.0468 2624 Psched - ok
03:50:15.0593 2624 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
03:50:15.0593 2624 PxHlpa64 - ok
03:50:15.0952 2624 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
03:50:15.0967 2624 ql2300 - ok
03:50:16.0123 2624 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
03:50:16.0123 2624 ql40xx - ok
03:50:16.0217 2624 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
03:50:16.0217 2624 QWAVEdrv - ok
03:50:16.0357 2624 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
03:50:16.0373 2624 RasAcd - ok
03:50:16.0498 2624 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:50:16.0498 2624 RasAgileVpn - ok
03:50:16.0591 2624 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:50:16.0591 2624 Rasl2tp - ok
03:50:16.0763 2624 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
03:50:16.0779 2624 RasPppoe - ok
03:50:16.0872 2624 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
03:50:16.0888 2624 RasSstp - ok
03:50:17.0044 2624 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
03:50:17.0044 2624 rdbss - ok
03:50:17.0247 2624 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
03:50:17.0247 2624 rdpbus - ok
03:50:17.0418 2624 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:50:17.0418 2624 RDPCDD - ok
03:50:17.0559 2624 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
03:50:17.0574 2624 RDPENCDD - ok
03:50:17.0902 2624 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
03:50:17.0902 2624 RDPREFMP - ok
03:50:18.0073 2624 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
03:50:18.0089 2624 RDPWD - ok
03:50:18.0229 2624 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
03:50:18.0245 2624 rdyboost - ok
03:50:18.0510 2624 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
03:50:18.0526 2624 rspndr - ok
03:50:18.0713 2624 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
03:50:18.0713 2624 RSUSBSTOR - ok
03:50:18.0885 2624 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
03:50:18.0900 2624 sbp2port - ok
03:50:19.0041 2624 SCDEmu (244fad4e3c676b48d3f3b60626134a86) C:\Windows\system32\drivers\SCDEmu.sys
03:50:19.0056 2624 SCDEmu - ok
03:50:19.0197 2624 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
03:50:19.0197 2624 scfilter - ok
03:50:19.0337 2624 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
03:50:19.0337 2624 secdrv - ok
03:50:19.0524 2624 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
03:50:19.0524 2624 Serenum - ok
03:50:19.0711 2624 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
03:50:19.0727 2624 Serial - ok
03:50:19.0867 2624 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
03:50:19.0867 2624 sermouse - ok
03:50:20.0086 2624 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
03:50:20.0086 2624 sffdisk - ok
03:50:20.0242 2624 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
03:50:20.0257 2624 sffp_mmc - ok
03:50:20.0398 2624 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
03:50:20.0413 2624 sffp_sd - ok
03:50:20.0538 2624 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
03:50:20.0538 2624 sfloppy - ok
03:50:20.0725 2624 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:50:20.0725 2624 SiSRaid2 - ok
03:50:20.0866 2624 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
03:50:20.0866 2624 SiSRaid4 - ok
03:50:21.0006 2624 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
03:50:21.0006 2624 Smb - ok
03:50:21.0131 2624 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
03:50:21.0131 2624 spldr - ok
03:50:21.0287 2624 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
03:50:21.0303 2624 srv - ok
03:50:21.0443 2624 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
03:50:21.0459 2624 srv2 - ok
03:50:21.0630 2624 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
03:50:21.0630 2624 SrvHsfHDA - ok
03:50:21.0895 2624 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
03:50:21.0989 2624 SrvHsfV92 - ok
03:50:22.0161 2624 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
03:50:22.0176 2624 SrvHsfWinac - ok
03:50:22.0332 2624 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
03:50:22.0348 2624 srvnet - ok
03:50:22.0551 2624 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
03:50:22.0551 2624 stexstor - ok
03:50:22.0707 2624 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
03:50:22.0707 2624 swenum - ok
03:50:23.0003 2624 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
03:50:23.0065 2624 Tcpip - ok
03:50:23.0377 2624 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
03:50:23.0393 2624 TCPIP6 - ok
03:50:23.0533 2624 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
03:50:23.0533 2624 tcpipreg - ok
03:50:23.0611 2624 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
03:50:23.0611 2624 TDPIPE - ok
03:50:23.0721 2624 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
03:50:23.0721 2624 TDTCP - ok
03:50:23.0845 2624 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
03:50:23.0845 2624 tdx - ok
03:50:24.0017 2624 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
03:50:24.0017 2624 TermDD - ok
03:50:24.0313 2624 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:50:24.0329 2624 tssecsrv - ok
03:50:24.0563 2624 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
03:50:24.0563 2624 tunnel - ok
03:50:24.0984 2624 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
03:50:25.0093 2624 uagp35 - ok
03:50:25.0359 2624 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
03:50:25.0359 2624 UBHelper - ok
03:50:25.0686 2624 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
03:50:25.0717 2624 udfs - ok
03:50:26.0014 2624 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
03:50:26.0014 2624 uliagpkx - ok
03:50:26.0217 2624 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
03:50:26.0217 2624 umbus - ok
03:50:26.0435 2624 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
03:50:26.0435 2624 UmPass - ok
03:50:26.0716 2624 usbbus (c85b8247fadd432fa54fe11667c8d97d) C:\Windows\system32\DRIVERS\lgx64bus.sys
03:50:26.0716 2624 usbbus - ok
03:50:26.0965 2624 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
03:50:26.0965 2624 usbccgp - ok
03:50:27.0184 2624 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
03:50:27.0199 2624 usbcir - ok
03:50:27.0355 2624 UsbDiag (d8cdc12f5429878f23ddb3785a0fdf95) C:\Windows\system32\DRIVERS\lgx64diag.sys
03:50:27.0355 2624 UsbDiag - ok
03:50:27.0496 2624 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
03:50:27.0496 2624 usbehci - ok
03:50:27.0652 2624 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
03:50:27.0652 2624 usbfilter - ok
03:50:27.0823 2624 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
03:50:27.0839 2624 usbhub - ok
03:50:27.0995 2624 USBModem (79fa7a22b0f6f0082f640cbc82a00fce) C:\Windows\system32\DRIVERS\lgx64modem.sys
03:50:27.0995 2624 USBModem - ok
03:50:28.0167 2624 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
03:50:28.0167 2624 usbohci - ok
03:50:28.0432 2624 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
03:50:28.0447 2624 usbprint - ok
03:50:28.0650 2624 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:50:28.0650 2624 USBSTOR - ok
03:50:28.0806 2624 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
03:50:28.0806 2624 usbuhci - ok
03:50:29.0025 2624 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
03:50:29.0025 2624 usbvideo - ok
03:50:29.0227 2624 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
03:50:29.0227 2624 vdrvroot - ok
03:50:29.0477 2624 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
03:50:29.0477 2624 vga - ok
03:50:29.0617 2624 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
03:50:29.0617 2624 VgaSave - ok
03:50:29.0836 2624 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
03:50:29.0851 2624 vhdmp - ok
03:50:30.0070 2624 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
03:50:30.0070 2624 viaide - ok
03:50:30.0210 2624 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
03:50:30.0210 2624 volmgr - ok
03:50:30.0366 2624 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
03:50:30.0382 2624 volmgrx - ok
03:50:30.0600 2624 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
03:50:30.0600 2624 volsnap - ok
03:50:30.0787 2624 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
03:50:30.0803 2624 vsmraid - ok
03:50:30.0928 2624 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
03:50:30.0943 2624 vwifibus - ok
03:50:31.0053 2624 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
03:50:31.0053 2624 vwififlt - ok
03:50:31.0224 2624 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
03:50:31.0224 2624 WacomPen - ok
03:50:31.0333 2624 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
03:50:31.0349 2624 WANARP - ok
03:50:31.0365 2624 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
03:50:31.0365 2624 Wanarpv6 - ok
03:50:31.0521 2624 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
03:50:31.0521 2624 Wd - ok
03:50:31.0708 2624 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
03:50:31.0739 2624 Wdf01000 - ok
03:50:31.0911 2624 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
03:50:31.0911 2624 WfpLwf - ok
03:50:32.0051 2624 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
03:50:32.0051 2624 WIMMount - ok
03:50:32.0269 2624 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
03:50:32.0301 2624 winachsf - ok
03:50:32.0519 2624 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
03:50:32.0519 2624 WmiAcpi - ok
03:50:32.0722 2624 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
03:50:32.0722 2624 ws2ifsl - ok
03:50:32.0893 2624 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
03:50:32.0893 2624 WSDPrintDevice - ok
03:50:33.0096 2624 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
03:50:33.0096 2624 WudfPf - ok
03:50:33.0299 2624 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:50:33.0315 2624 WUDFRd - ok
03:50:33.0533 2624 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
03:50:33.0533 2624 XAudio - ok
03:50:33.0611 2624 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
03:50:33.0642 2624 \Device\Harddisk0\DR0 - ok
03:50:33.0642 2624 Boot (0x1200) (dfb891f96563e14d1d4bfb09930c3bc4) \Device\Harddisk0\DR0\Partition0
03:50:33.0642 2624 \Device\Harddisk0\DR0\Partition0 - ok
03:50:33.0689 2624 Boot (0x1200) (230b6b1b7dd950814f51318c6eb38fb3) \Device\Harddisk0\DR0\Partition1
03:50:33.0689 2624 \Device\Harddisk0\DR0\Partition1 - ok
03:50:33.0689 2624 ============================================================
03:50:33.0689 2624 Scan finished
03:50:33.0689 2624 ============================================================
03:50:33.0705 3396 Detected object count: 0
03:50:33.0705 3396 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 AM

Posted 21 November 2011 - 05:09 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 LionsFanDET

LionsFanDET
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 21 November 2011 - 05:04 PM

I ran the QuickScan but did not "FixMBR"

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-21 05:53:28
-----------------------------
05:53:28.114 OS Version: Windows x64 6.1.7600
05:53:28.114 Number of processors: 2 586 0x602
05:53:28.114 ComputerName: CRAIG-PC UserName: Craig
05:53:29.674 Initialize success
06:07:00.268 AVAST engine defs: 11112100
06:07:10.861 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
06:07:10.861 Disk 0 Vendor: TOSHIBA_MK5055GSX FG001J Size: 476940MB BusType: 11
06:07:12.951 Disk 0 MBR read successfully
06:07:12.951 Disk 0 MBR scan
06:07:12.951 Disk 0 Windows VISTA default MBR code
06:07:12.951 Disk 0 MBR hidden
06:07:12.967 Service scanning
06:07:13.591 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
06:07:14.246 Modules scanning
06:07:14.246 Disk 0 trace - called modules:
06:07:14.293 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004a80334]<<
06:07:14.293 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a64790]
06:07:14.308 3 CLASSPNP.SYS[fffff8800190e43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004996060]
06:07:14.324 \Driver\atapi[0xfffffa80048e8570] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a80334
06:07:15.681 AVAST engine scan C:\Windows
06:07:25.306 AVAST engine scan C:\Windows\system32
06:10:02.211 AVAST engine scan C:\Windows\system32\drivers
06:10:22.601 AVAST engine scan C:\Users\Craig
06:10:53.707 Disk 0 MBR has been saved successfully to "C:\Users\Craig\Desktop\MBR.dat"
06:10:53.723 The log file has been saved successfully to "C:\Users\Craig\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-21 05:53:28
-----------------------------
05:53:28.114 OS Version: Windows x64 6.1.7600
05:53:28.114 Number of processors: 2 586 0x602
05:53:28.114 ComputerName: CRAIG-PC UserName: Craig
05:53:29.674 Initialize success
06:07:00.268 AVAST engine defs: 11112100
06:07:10.861 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
06:07:10.861 Disk 0 Vendor: TOSHIBA_MK5055GSX FG001J Size: 476940MB BusType: 11
06:07:12.951 Disk 0 MBR read successfully
06:07:12.951 Disk 0 MBR scan
06:07:12.951 Disk 0 Windows VISTA default MBR code
06:07:12.951 Disk 0 MBR hidden
06:07:12.967 Service scanning
06:07:13.591 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
06:07:14.246 Modules scanning
06:07:14.246 Disk 0 trace - called modules:
06:07:14.293 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004a80334]<<
06:07:14.293 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a64790]
06:07:14.308 3 CLASSPNP.SYS[fffff8800190e43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004996060]
06:07:14.324 \Driver\atapi[0xfffffa80048e8570] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a80334
06:07:15.681 AVAST engine scan C:\Windows
06:07:25.306 AVAST engine scan C:\Windows\system32
06:10:02.211 AVAST engine scan C:\Windows\system32\drivers
06:10:22.601 AVAST engine scan C:\Users\Craig
06:10:53.707 Disk 0 MBR has been saved successfully to "C:\Users\Craig\Desktop\MBR.dat"
06:10:53.723 The log file has been saved successfully to "C:\Users\Craig\Desktop\aswMBR.txt"
06:25:30.687 File: C:\Users\Craig\Downloads\Applications\spoon-plugin.exe **INFECTED** Win32:Malware-gen
06:26:56.971 AVAST engine scan C:\ProgramData
06:28:50.820 Scan finished successfully
17:02:40.099 Disk 0 MBR has been saved successfully to "C:\Users\Craig\Desktop\MBR.dat"
17:02:40.099 The log file has been saved successfully to "C:\Users\Craig\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 AM

Posted 21 November 2011 - 07:20 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 LionsFanDET

LionsFanDET
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 21 November 2011 - 08:49 PM

***Infected MBR detected
I did not click Repair.

Here is the second aswMBR log. Again, I did not hit "FixMBR"
Let me know if I need to hit Repair from the FixTDSS or FixMBR from the aswMBR program.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-21 20:21:48
-----------------------------
20:21:48.766 OS Version: Windows x64 6.1.7600
20:21:48.766 Number of processors: 2 586 0x602
20:21:48.766 ComputerName: CRAIG-PC UserName: Craig
20:21:50.513 Initialize success
20:21:59.312 AVAST engine defs: 11112100
20:22:02.869 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:22:02.869 Disk 0 Vendor: TOSHIBA_MK5055GSX FG001J Size: 476940MB BusType: 11
20:22:04.959 Disk 0 MBR read successfully
20:22:04.959 Disk 0 MBR scan
20:22:04.975 Disk 0 Windows VISTA default MBR code
20:22:04.975 Disk 0 MBR hidden
20:22:04.975 Service scanning
20:22:08.344 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:22:09.171 Modules scanning
20:22:09.171 Disk 0 trace - called modules:
20:22:09.202 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004a99334]<<
20:22:09.202 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a7d530]
20:22:09.218 3 CLASSPNP.SYS[fffff8800185d43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049c0060]
20:22:09.218 \Driver\atapi[0xfffffa8004902cb0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a99334
20:22:11.277 AVAST engine scan C:\Windows
20:22:23.944 AVAST engine scan C:\Windows\system32
20:25:17.058 AVAST engine scan C:\Windows\system32\drivers
20:25:38.492 AVAST engine scan C:\Users\Craig
20:44:03.052 File: C:\Users\Craig\Downloads\Applications\spoon-plugin.exe **INFECTED** Win32:Malware-gen
20:45:19.024 AVAST engine scan C:\ProgramData
20:47:50.407 Scan finished successfully
20:47:58.659 Disk 0 MBR has been saved successfully to "C:\Users\Craig\Desktop\MBR.dat"
20:47:58.659 The log file has been saved successfully to "C:\Users\Craig\Desktop\2.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 AM

Posted 21 November 2011 - 09:06 PM

rerun fixtdss and select repair - restart the computer and rerun aswmbr and send me the report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 LionsFanDET

LionsFanDET
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 21 November 2011 - 09:43 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-21 21:22:18
-----------------------------
21:22:18.997 OS Version: Windows x64 6.1.7600
21:22:18.997 Number of processors: 2 586 0x602
21:22:18.997 ComputerName: CRAIG-PC UserName: Craig
21:22:20.572 Initialize success
21:22:29.371 AVAST engine defs: 11112100
21:22:49.011 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:22:49.027 Disk 0 Vendor: TOSHIBA_MK5055GSX FG001J Size: 476940MB BusType: 11
21:22:51.039 Disk 0 MBR read successfully
21:22:51.055 Disk 0 MBR scan
21:22:51.055 Disk 0 Windows VISTA default MBR code
21:22:51.055 Service scanning
21:22:57.420 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:22:58.465 Modules scanning
21:22:58.465 Disk 0 trace - called modules:
21:22:58.496 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:22:58.496 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a8a230]
21:22:58.512 3 CLASSPNP.SYS[fffff880011cc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049ad060]
21:22:59.853 AVAST engine scan C:\Windows
21:23:06.592 AVAST engine scan C:\Windows\system32
21:24:55.356 AVAST engine scan C:\Windows\system32\drivers
21:25:13.343 AVAST engine scan C:\Users\Craig
21:36:06.703 File: C:\Users\Craig\Downloads\Applications\spoon-plugin.exe **INFECTED** Win32:Malware-gen
21:36:18.263 AVAST engine scan C:\ProgramData
21:37:24.828 Scan finished successfully
21:42:38.794 Disk 0 MBR has been saved successfully to "C:\Users\Craig\Desktop\MBR.dat"
21:42:38.794 The log file has been saved successfully to "C:\Users\Craig\Desktop\3.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 AM

Posted 21 November 2011 - 09:57 PM

How are things doing now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 LionsFanDET

LionsFanDET
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 21 November 2011 - 10:49 PM

Very good, everything on my checklist seems to be okay now

I want to request you leave this thread open for a few days and I'll check back in tomorrow with an update

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 AM

Posted 21 November 2011 - 11:29 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.5 MUI

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 LionsFanDET

LionsFanDET
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 22 November 2011 - 05:14 AM

Here are the two logs. The computer seems to be running well and faster.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8213

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/22/2011 5:11:01 AM
mbam-log-2011-11-22 (05-11-01).txt

Scan type: Quick scan
Objects scanned: 174975
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:12:28 AM, on 11/22/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6b6l0440z125a4561x530
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360610n6b6l0440z125a4561x530
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=95.154.211.201:31013
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for IE\FSAddin-0.85.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [7 Taskbar Tweaker] "C:\Users\Craig\Downloads\Applications\7 Taskbar Tweaker x64.exe" -hidewnd
O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10928 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users