Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE 9 redirects when searching on Google


  • This topic is locked This topic is locked
18 replies to this topic

#1 Cheapfire

Cheapfire

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 26 January 2012 - 07:23 PM

Hi,
I have a Windows 7 machine that is running Internet Explorer 9. This was badly infected which a friend managed to clear up for me, but now when ever I search for anything though google and click on a link it will redirect me to a ad page.

Here a the logs, I tried to run GMER but most of the options were greyed out and I could not select them and i cannot attach the ark file.



DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by User at 10:30:00.15 on Fri 27/01/2012
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3831.2745 [GMT 11:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [BelkinAPM] "C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPM.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

================= FIREFOX ===================

FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s7rq7nhc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642706&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0

============= SERVICES / DRIVERS ===============

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2010-10-14 21544]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 189440]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-4 63928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-7-21 133944]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2010-10-14 68136]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2010-10-14 72304]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2010-10-14 114688]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-25 3027840]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-14 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-14 271872]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 84864]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-27 75264]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-27 176640]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-14 346144]
S2 BelkinAPMmonitor;BelkinAPMmonitor;C:\PROGRA~2\BELKIN~1\BELKIN~4.EXE -zglaxservice BelkinAPMmonitor --> C:\PROGRA~2\BELKIN~1\BELKIN~4.EXE -zglaxservice BelkinAPMmonitor [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2009-9-4 31744]
S3 BelkinAPMRMI;BelkinAPMRMI;C:\PROGRA~2\BELKIN~1\BELKIN~3.EXE -zglaxservice BelkinAPMRMI --> C:\PROGRA~2\BELKIN~1\BELKIN~3.EXE -zglaxservice BelkinAPMRMI [?]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-10-15 30528]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\qcusbser.sys [2009-12-19 126440]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-3-23 7408]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-9 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-15 1255736]
S4 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

=============== Created Last 30 ================

2012-01-26 22:59:22 -------- d-s---w- C:\ComboFix
2012-01-26 22:48:57 8602168 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{5D1BC0DE-96CC-4C06-B3AD-E60676AC1CCA}\mpengine.dll
2012-01-25 05:52:30 -------- d-----w- C:\MGtools
2012-01-25 05:52:16 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2012-01-25 05:37:17 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-01-25 05:36:47 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-01-25 05:36:32 -------- d-----w- C:\Program Files (x86)\Auslogics
2012-01-25 05:36:10 -------- d-----w- C:\Users\User\AppData\Roaming\Auslogics
2012-01-25 05:35:53 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-01-25 04:54:07 -------- d-----w- C:\$RECYCLE.BIN
2012-01-24 05:55:21 53248 ----a-w- C:\Windows\SysWow64\zlib.dll
2012-01-24 04:10:56 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2012-01-24 04:10:54 -------- d-----w- C:\PROGRA~3\Hitman Pro
2012-01-24 02:20:50 -------- d-----w- C:\Support
2012-01-24 02:16:35 24576 ----a-w- C:\Windows\System32\FoolishEventLogMsgHelper.dll
2012-01-18 23:50:10 -------- d-----w- C:\Users\User\AppData\Local\Apple Computer
2012-01-18 23:50:06 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-01-18 23:50:06 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-01-18 23:50:06 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-01-18 23:49:38 -------- d-----w- C:\Program Files\iTunes
2012-01-18 23:49:38 -------- d-----w- C:\Program Files\iPod
2012-01-18 23:49:38 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-18 23:49:38 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-18 23:49:14 -------- d-----w- C:\Users\User\AppData\Local\Apple
2012-01-18 23:48:43 -------- d-----w- C:\Program Files\Bonjour
2012-01-18 23:48:43 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-01-18 21:53:20 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-18 21:53:20 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-18 21:53:20 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-18 21:53:20 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 19:35:55 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 19:35:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 19:35:54 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 19:35:54 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 19:35:50 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 19:35:50 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 19:35:46 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 19:35:46 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

==================== Find3M ====================

2012-01-26 22:38:03 25640 ----a-w- C:\Windows\gdrv.sys
2012-01-25 05:35:17 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-25 05:34:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 09:26:37 279096 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 10:37:59.92 ===============


Thankyou for your time

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 27 January 2012 - 01:44 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Cheapfire

Cheapfire
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 29 January 2012 - 06:58 PM

Hi Gringo,
Was able to get combofix into the computer and run it with no problem, IE is still redirecting when I search though, here is the log as requested;

ComboFix 12-01-29.02 - User 30/01/2012 9:54.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3831.2097 [GMT 11:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-29 23:23 . 2012-01-29 23:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-29 22:49 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF57E750-227B-499A-AEBE-018FC570C7AC}\mpengine.dll
2012-01-27 00:31 . 2012-01-27 00:31 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-27 00:31 . 2012-01-27 00:31 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-25 05:52 . 2012-01-26 22:47 -------- d-----w- C:\MGtools
2012-01-25 05:52 . 2012-01-25 05:52 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-01-25 05:37 . 2012-01-25 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-25 05:36 . 2012-01-25 05:36 -------- d-----w- c:\program files (x86)\TeamViewer
2012-01-25 05:36 . 2012-01-25 05:36 -------- d-----w- c:\program files (x86)\Auslogics
2012-01-25 05:36 . 2012-01-25 05:36 -------- d-----w- c:\users\User\AppData\Roaming\Auslogics
2012-01-25 05:35 . 2012-01-25 05:35 -------- d-----w- c:\windows\SysWow64\Adobe
2012-01-25 05:35 . 2012-01-25 05:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-25 05:35 . 2012-01-25 05:35 -------- d-----w- c:\program files (x86)\Java
2012-01-25 05:34 . 2012-01-25 05:34 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-01-25 05:34 . 2012-01-25 05:34 -------- d-----w- c:\windows\system32\Macromed
2012-01-24 05:55 . 2012-01-26 23:07 53248 ----a-w- c:\windows\SysWow64\zlib.dll
2012-01-24 04:10 . 2012-01-24 04:10 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-01-24 04:10 . 2012-01-24 04:10 -------- d-----w- c:\programdata\Hitman Pro
2012-01-24 02:20 . 2012-01-24 02:20 -------- d-----w- C:\Support
2012-01-24 02:16 . 2012-01-26 23:28 24576 ----a-w- c:\windows\system32\FoolishEventLogMsgHelper.dll
2012-01-18 23:50 . 2012-01-18 23:50 -------- d-----w- c:\users\User\AppData\Local\Apple Computer
2012-01-18 23:50 . 2012-01-19 00:00 -------- d-----w- c:\users\User\AppData\Roaming\Apple Computer
2012-01-18 23:50 . 2009-05-18 02:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-18 23:50 . 2008-04-17 01:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-01-18 23:50 . 2008-04-17 01:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-01-18 23:50 . 2012-01-18 23:50 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-18 23:49 . 2012-01-18 23:50 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-18 23:49 . 2012-01-18 23:50 -------- d-----w- c:\program files\iTunes
2012-01-18 23:49 . 2012-01-18 23:50 -------- d-----w- c:\program files (x86)\iTunes
2012-01-18 23:49 . 2012-01-18 23:49 -------- d-----w- c:\programdata\Apple Computer
2012-01-18 23:49 . 2012-01-18 23:49 -------- d-----w- c:\program files\iPod
2012-01-18 23:49 . 2012-01-18 23:49 -------- d-----w- c:\users\User\AppData\Local\Apple
2012-01-18 23:49 . 2012-01-18 23:49 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-01-18 23:48 . 2012-01-18 23:48 -------- d-----w- c:\program files\Common Files\Apple
2012-01-18 23:48 . 2012-01-18 23:48 -------- d-----w- c:\program files (x86)\Bonjour
2012-01-18 23:48 . 2012-01-18 23:48 -------- d-----w- c:\program files\Bonjour
2012-01-18 23:48 . 2012-01-18 23:49 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-01-18 23:48 . 2012-01-18 23:49 -------- d-----w- c:\programdata\Apple
2012-01-18 21:53 . 2012-01-18 21:53 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-18 21:53 . 2012-01-18 21:53 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-18 21:53 . 2012-01-18 21:53 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-18 21:53 . 2012-01-18 21:53 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-16 06:25 . 2012-01-16 06:25 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-01-11 19:35 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:35 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 19:35 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 19:35 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 19:35 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:35 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 19:35 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:35 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 23:25 . 2010-10-14 13:24 25640 ----a-w- c:\windows\gdrv.sys
2012-01-26 22:45 . 2012-01-26 22:45 21808 ----a-w- C:\MGlogs.zip
2012-01-25 05:35 . 2010-10-15 01:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-25 05:34 . 2011-06-06 21:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-06 05:15 . 2010-10-17 19:05 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2010-10-14 12:28 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-06 21:06 . 2011-12-06 21:06 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:52 . 2011-12-13 22:09 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:32 . 2011-12-13 22:09 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-13 22:09 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 07:12 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 07:12 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 07:12 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 07:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 07:12 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 07:12 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 07:12 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 07:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\User\AppData\Local\Akamai\netsession_win.exe" [2011-12-22 3334432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-30 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-23 114688]
"BelkinAPM"="c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPM.exe" [2010-10-15 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-07 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 01:05 356352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 BlackBox;BlackBox SR2; [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-11-17 30528]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [x]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2011-07-20 133944]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-01-07 2307448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 220.233.0.3 220.233.0.4 10.1.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s7rq7nhc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642706&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~2\BELKIN~1\BELKIN~4.EXE
c:\program files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\progra~2\BELKIN~1\BELKIN~3.EXE
c:\program files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfimon.exe
.
**************************************************************************
.
Completion time: 2012-01-30 10:45:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-29 23:45
ComboFix2.txt 2012-01-25 05:13
.
Pre-Run: 374,532,423,680 bytes free
Post-Run: 374,724,005,888 bytes free
.
- - End Of File - - A159B4B5887F2EBCA281F8073E2D011F


Cheapfire

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 29 January 2012 - 08:07 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Cheapfire

Cheapfire
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 29 January 2012 - 09:20 PM

Hi Gringo,
I have downloaded and attempted to run tdsskiller a few times and it will not run or even attempt to start. I get the administrator screen asking "if i want to run this program" I click Yes and nothing happens after several minutes. Any thoughts?

Cheapfire

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 29 January 2012 - 09:41 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Cheapfire

Cheapfire
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 29 January 2012 - 09:56 PM

Hi Gringo,
Ran fixTDSS and this is the msg received;

***Infected MBR detected
Repair Succeeded


Then ran TDSSkiller successively here is the log;


13:50:41.0536 3832 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
13:50:43.0112 3832 ============================================================
13:50:43.0112 3832 Current date / time: 2012/01/30 13:50:43.0112
13:50:43.0112 3832 SystemInfo:
13:50:43.0112 3832
13:50:43.0112 3832 OS Version: 6.1.7601 ServicePack: 1.0
13:50:43.0112 3832 Product type: Workstation
13:50:43.0112 3832 ComputerName: WATER
13:50:43.0112 3832 UserName: User
13:50:43.0112 3832 Windows directory: C:\Windows
13:50:43.0112 3832 System windows directory: C:\Windows
13:50:43.0112 3832 Running under WOW64
13:50:43.0112 3832 Processor architecture: Intel x64
13:50:43.0112 3832 Number of processors: 4
13:50:43.0112 3832 Page size: 0x1000
13:50:43.0112 3832 Boot type: Normal boot
13:50:43.0112 3832 ============================================================
13:50:45.0155 3832 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:50:45.0155 3832 Drive \Device\Harddisk1\DR1 - Size: 0x1DD600000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:50:45.0202 3832 Initialize success
13:50:50.0974 1084 ============================================================
13:50:50.0974 1084 Scan started
13:50:50.0974 1084 Mode: Manual;
13:50:50.0974 1084 ============================================================
13:50:52.0534 1084 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:50:52.0534 1084 1394ohci - ok
13:50:52.0596 1084 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:50:52.0596 1084 ACPI - ok
13:50:52.0643 1084 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:50:52.0643 1084 AcpiPmi - ok
13:50:52.0690 1084 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:50:52.0706 1084 adp94xx - ok
13:50:52.0721 1084 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:50:52.0721 1084 adpahci - ok
13:50:52.0737 1084 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:50:52.0752 1084 adpu320 - ok
13:50:52.0830 1084 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
13:50:52.0830 1084 AFD - ok
13:50:52.0862 1084 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:50:52.0862 1084 agp440 - ok
13:50:52.0924 1084 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:50:52.0924 1084 aliide - ok
13:50:52.0940 1084 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:50:52.0940 1084 amdide - ok
13:50:52.0955 1084 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:50:52.0955 1084 AmdK8 - ok
13:50:52.0986 1084 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:50:52.0986 1084 AmdPPM - ok
13:50:53.0018 1084 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:50:53.0018 1084 amdsata - ok
13:50:53.0049 1084 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:50:53.0049 1084 amdsbs - ok
13:50:53.0080 1084 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:50:53.0080 1084 amdxata - ok
13:50:53.0127 1084 androidusb (9c59bf508c5d408bb348254e0ba2ee30) C:\Windows\system32\Drivers\androidusb.sys
13:50:53.0127 1084 androidusb - ok
13:50:53.0158 1084 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:50:53.0158 1084 AppID - ok
13:50:53.0220 1084 AppleCharger (301aa64f9643bc453d90a66c4c0e7204) C:\Windows\system32\DRIVERS\AppleCharger.sys
13:50:53.0220 1084 AppleCharger - ok
13:50:53.0252 1084 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:50:53.0252 1084 arc - ok
13:50:53.0283 1084 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:50:53.0283 1084 arcsas - ok
13:50:53.0298 1084 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:50:53.0298 1084 AsyncMac - ok
13:50:53.0330 1084 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:50:53.0330 1084 atapi - ok
13:50:53.0408 1084 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:50:53.0423 1084 b06bdrv - ok
13:50:53.0470 1084 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:50:53.0470 1084 b57nd60a - ok
13:50:53.0517 1084 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:50:53.0517 1084 Beep - ok
13:50:53.0595 1084 BlackBox - ok
13:50:53.0610 1084 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:50:53.0610 1084 blbdrive - ok
13:50:53.0673 1084 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:50:53.0688 1084 bowser - ok
13:50:53.0704 1084 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:50:53.0704 1084 BrFiltLo - ok
13:50:53.0720 1084 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:50:53.0720 1084 BrFiltUp - ok
13:50:53.0735 1084 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:50:53.0735 1084 BridgeMP - ok
13:50:53.0766 1084 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:50:53.0766 1084 Brserid - ok
13:50:53.0798 1084 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:50:53.0798 1084 BrSerWdm - ok
13:50:53.0798 1084 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:50:53.0798 1084 BrUsbMdm - ok
13:50:53.0829 1084 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:50:53.0829 1084 BrUsbSer - ok
13:50:53.0844 1084 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:50:53.0844 1084 BTHMODEM - ok
13:50:53.0922 1084 catchme - ok
13:50:53.0938 1084 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:50:53.0938 1084 cdfs - ok
13:50:53.0985 1084 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:50:54.0000 1084 cdrom - ok
13:50:54.0016 1084 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:50:54.0016 1084 circlass - ok
13:50:54.0063 1084 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:50:54.0063 1084 CLFS - ok
13:50:54.0110 1084 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:50:54.0110 1084 CmBatt - ok
13:50:54.0156 1084 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:50:54.0156 1084 cmdide - ok
13:50:54.0203 1084 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
13:50:54.0203 1084 CNG - ok
13:50:54.0219 1084 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:50:54.0219 1084 Compbatt - ok
13:50:54.0266 1084 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:50:54.0266 1084 CompositeBus - ok
13:50:54.0281 1084 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:50:54.0281 1084 crcdisk - ok
13:50:54.0359 1084 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:50:54.0359 1084 CSC - ok
13:50:54.0422 1084 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
13:50:54.0422 1084 dc3d - ok
13:50:54.0468 1084 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:50:54.0468 1084 DfsC - ok
13:50:54.0484 1084 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:50:54.0484 1084 discache - ok
13:50:54.0500 1084 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:50:54.0500 1084 Disk - ok
13:50:54.0546 1084 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:50:54.0562 1084 drmkaud - ok
13:50:54.0624 1084 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:50:54.0624 1084 DXGKrnl - ok
13:50:54.0718 1084 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:50:54.0780 1084 ebdrv - ok
13:50:54.0812 1084 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:50:54.0827 1084 elxstor - ok
13:50:54.0874 1084 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:50:54.0874 1084 ErrDev - ok
13:50:54.0905 1084 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:50:54.0905 1084 exfat - ok
13:50:54.0936 1084 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:50:54.0936 1084 fastfat - ok
13:50:54.0968 1084 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:50:54.0968 1084 fdc - ok
13:50:54.0999 1084 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:50:54.0999 1084 FileInfo - ok
13:50:55.0014 1084 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:50:55.0014 1084 Filetrace - ok
13:50:55.0030 1084 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:50:55.0046 1084 flpydisk - ok
13:50:55.0077 1084 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:50:55.0077 1084 FltMgr - ok
13:50:55.0108 1084 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:50:55.0108 1084 FsDepends - ok
13:50:55.0124 1084 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:50:55.0124 1084 Fs_Rec - ok
13:50:55.0155 1084 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:50:55.0155 1084 fvevol - ok
13:50:55.0186 1084 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:50:55.0186 1084 gagp30kx - ok
13:50:55.0233 1084 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
13:50:55.0233 1084 gdrv - ok
13:50:55.0311 1084 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:50:55.0311 1084 GEARAspiWDM - ok
13:50:55.0342 1084 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
13:50:55.0342 1084 GVTDrv64 - ok
13:50:55.0358 1084 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:50:55.0358 1084 hcw85cir - ok
13:50:55.0436 1084 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:50:55.0436 1084 HdAudAddService - ok
13:50:55.0467 1084 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:50:55.0467 1084 HDAudBus - ok
13:50:55.0482 1084 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
13:50:55.0482 1084 HECIx64 - ok
13:50:55.0498 1084 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:50:55.0498 1084 HidBatt - ok
13:50:55.0529 1084 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:50:55.0529 1084 HidBth - ok
13:50:55.0560 1084 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:50:55.0560 1084 HidIr - ok
13:50:55.0623 1084 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:50:55.0623 1084 HidUsb - ok
13:50:55.0670 1084 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:50:55.0670 1084 HpSAMD - ok
13:50:55.0732 1084 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:50:55.0748 1084 HTTP - ok
13:50:55.0779 1084 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:50:55.0779 1084 hwpolicy - ok
13:50:55.0841 1084 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:50:55.0857 1084 i8042prt - ok
13:50:55.0904 1084 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:50:55.0904 1084 iaStorV - ok
13:50:56.0138 1084 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:50:56.0325 1084 igfx - ok
13:50:56.0340 1084 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:50:56.0340 1084 iirsp - ok
13:50:56.0403 1084 IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\Windows\system32\drivers\RTKVHD64.sys
13:50:56.0434 1084 IntcAzAudAddService - ok
13:50:56.0450 1084 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:50:56.0465 1084 IntcDAud - ok
13:50:56.0481 1084 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:50:56.0481 1084 intelide - ok
13:50:56.0496 1084 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:50:56.0496 1084 intelppm - ok
13:50:56.0559 1084 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:50:56.0574 1084 IpFilterDriver - ok
13:50:56.0621 1084 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:50:56.0621 1084 IPMIDRV - ok
13:50:56.0637 1084 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:50:56.0637 1084 IPNAT - ok
13:50:56.0652 1084 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:50:56.0668 1084 IRENUM - ok
13:50:56.0699 1084 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:50:56.0699 1084 isapnp - ok
13:50:56.0746 1084 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:50:56.0746 1084 iScsiPrt - ok
13:50:56.0793 1084 JRAID (1c368c1a2733dcc5b8e15420aa2b0f6d) C:\Windows\system32\DRIVERS\jraid.sys
13:50:56.0793 1084 JRAID - ok
13:50:56.0824 1084 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:50:56.0824 1084 kbdclass - ok
13:50:56.0855 1084 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:50:56.0855 1084 kbdhid - ok
13:50:56.0871 1084 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
13:50:56.0871 1084 KSecDD - ok
13:50:56.0918 1084 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
13:50:56.0918 1084 KSecPkg - ok
13:50:56.0949 1084 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:50:56.0949 1084 ksthunk - ok
13:50:56.0996 1084 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:50:56.0996 1084 lltdio - ok
13:50:57.0042 1084 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:50:57.0042 1084 LSI_FC - ok
13:50:57.0074 1084 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:50:57.0074 1084 LSI_SAS - ok
13:50:57.0089 1084 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:50:57.0089 1084 LSI_SAS2 - ok
13:50:57.0105 1084 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:50:57.0105 1084 LSI_SCSI - ok
13:50:57.0136 1084 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:50:57.0136 1084 luafv - ok
13:50:57.0183 1084 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:50:57.0183 1084 megasas - ok
13:50:57.0198 1084 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:50:57.0198 1084 MegaSR - ok
13:50:57.0230 1084 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:50:57.0230 1084 Modem - ok
13:50:57.0245 1084 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:50:57.0245 1084 monitor - ok
13:50:57.0308 1084 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:50:57.0308 1084 mouclass - ok
13:50:57.0339 1084 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:50:57.0339 1084 mouhid - ok
13:50:57.0386 1084 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:50:57.0386 1084 mountmgr - ok
13:50:57.0464 1084 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
13:50:57.0464 1084 MpFilter - ok
13:50:57.0495 1084 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:50:57.0510 1084 mpio - ok
13:50:57.0542 1084 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:50:57.0542 1084 MpNWMon - ok
13:50:57.0557 1084 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:50:57.0557 1084 mpsdrv - ok
13:50:57.0604 1084 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:50:57.0604 1084 MRxDAV - ok
13:50:57.0651 1084 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:50:57.0651 1084 mrxsmb - ok
13:50:57.0698 1084 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:50:57.0713 1084 mrxsmb10 - ok
13:50:57.0729 1084 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:50:57.0729 1084 mrxsmb20 - ok
13:50:57.0760 1084 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:50:57.0760 1084 msahci - ok
13:50:57.0776 1084 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:50:57.0776 1084 msdsm - ok
13:50:57.0791 1084 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:50:57.0791 1084 Msfs - ok
13:50:57.0822 1084 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:50:57.0822 1084 mshidkmdf - ok
13:50:57.0869 1084 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:50:57.0869 1084 msisadrv - ok
13:50:57.0900 1084 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:50:57.0900 1084 MSKSSRV - ok
13:50:57.0916 1084 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:50:57.0916 1084 MSPCLOCK - ok
13:50:57.0947 1084 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:50:57.0947 1084 MSPQM - ok
13:50:57.0994 1084 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:50:58.0010 1084 MsRPC - ok
13:50:58.0010 1084 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:50:58.0025 1084 mssmbios - ok
13:50:58.0041 1084 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:50:58.0041 1084 MSTEE - ok
13:50:58.0056 1084 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:50:58.0056 1084 MTConfig - ok
13:50:58.0072 1084 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:50:58.0072 1084 Mup - ok
13:50:58.0119 1084 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:50:58.0119 1084 NativeWifiP - ok
13:50:58.0181 1084 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:50:58.0197 1084 NDIS - ok
13:50:58.0212 1084 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:50:58.0212 1084 NdisCap - ok
13:50:58.0244 1084 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:50:58.0244 1084 NdisTapi - ok
13:50:58.0290 1084 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:50:58.0290 1084 Ndisuio - ok
13:50:58.0337 1084 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:50:58.0337 1084 NdisWan - ok
13:50:58.0400 1084 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:50:58.0400 1084 NDProxy - ok
13:50:58.0415 1084 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:50:58.0415 1084 NetBIOS - ok
13:50:58.0446 1084 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:50:58.0462 1084 NetBT - ok
13:50:58.0493 1084 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:50:58.0493 1084 nfrd960 - ok
13:50:58.0556 1084 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:50:58.0556 1084 NisDrv - ok
13:50:58.0587 1084 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:50:58.0587 1084 Npfs - ok
13:50:58.0602 1084 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:50:58.0602 1084 nsiproxy - ok
13:50:58.0680 1084 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:50:58.0712 1084 Ntfs - ok
13:50:58.0774 1084 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
13:50:58.0774 1084 NuidFltr - ok
13:50:58.0790 1084 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:50:58.0790 1084 Null - ok
13:50:58.0836 1084 nusb3hub (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys
13:50:58.0836 1084 nusb3hub - ok
13:50:58.0868 1084 nusb3xhc (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:50:58.0883 1084 nusb3xhc - ok
13:50:58.0930 1084 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:50:58.0930 1084 nvraid - ok
13:50:58.0961 1084 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:50:58.0977 1084 nvstor - ok
13:50:59.0024 1084 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:50:59.0024 1084 nv_agp - ok
13:50:59.0055 1084 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:50:59.0055 1084 ohci1394 - ok
13:50:59.0086 1084 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:50:59.0086 1084 Parport - ok
13:50:59.0133 1084 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:50:59.0133 1084 partmgr - ok
13:50:59.0180 1084 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:50:59.0180 1084 pci - ok
13:50:59.0195 1084 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:50:59.0195 1084 pciide - ok
13:50:59.0211 1084 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:50:59.0211 1084 pcmcia - ok
13:50:59.0242 1084 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:50:59.0242 1084 pcw - ok
13:50:59.0258 1084 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:50:59.0273 1084 PEAUTH - ok
13:50:59.0351 1084 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
13:50:59.0351 1084 Point64 - ok
13:50:59.0398 1084 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:50:59.0398 1084 PptpMiniport - ok
13:50:59.0429 1084 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:50:59.0429 1084 Processor - ok
13:50:59.0492 1084 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:50:59.0492 1084 Psched - ok
13:50:59.0554 1084 qcusbser (93ac07b6de0fc71274d4c489be5ce2ba) C:\Windows\system32\DRIVERS\qcusbser.sys
13:50:59.0554 1084 qcusbser - ok
13:50:59.0616 1084 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:50:59.0648 1084 ql2300 - ok
13:50:59.0663 1084 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:50:59.0663 1084 ql40xx - ok
13:50:59.0679 1084 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:50:59.0694 1084 QWAVEdrv - ok
13:50:59.0694 1084 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:50:59.0694 1084 RasAcd - ok
13:50:59.0710 1084 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:50:59.0710 1084 RasAgileVpn - ok
13:50:59.0757 1084 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:50:59.0757 1084 Rasl2tp - ok
13:50:59.0788 1084 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:50:59.0788 1084 RasPppoe - ok
13:50:59.0804 1084 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:50:59.0804 1084 RasSstp - ok
13:50:59.0850 1084 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:50:59.0850 1084 rdbss - ok
13:50:59.0866 1084 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:50:59.0882 1084 rdpbus - ok
13:50:59.0882 1084 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:50:59.0882 1084 RDPCDD - ok
13:50:59.0944 1084 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:50:59.0944 1084 RDPDR - ok
13:50:59.0975 1084 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:50:59.0975 1084 RDPENCDD - ok
13:50:59.0991 1084 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:50:59.0991 1084 RDPREFMP - ok
13:51:00.0038 1084 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:51:00.0038 1084 RDPWD - ok
13:51:00.0069 1084 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:51:00.0069 1084 rdyboost - ok
13:51:00.0131 1084 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:51:00.0131 1084 rspndr - ok
13:51:00.0194 1084 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:51:00.0194 1084 RTL8167 - ok
13:51:00.0240 1084 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:51:00.0240 1084 s3cap - ok
13:51:00.0303 1084 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:51:00.0303 1084 SASDIFSV - ok
13:51:00.0350 1084 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
13:51:00.0350 1084 SASENUM - ok
13:51:00.0396 1084 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:51:00.0396 1084 SASKUTIL - ok
13:51:00.0428 1084 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:51:00.0428 1084 sbp2port - ok
13:51:00.0474 1084 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:51:00.0474 1084 scfilter - ok
13:51:00.0506 1084 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:51:00.0506 1084 secdrv - ok
13:51:00.0521 1084 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:51:00.0521 1084 Serenum - ok
13:51:00.0537 1084 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:51:00.0552 1084 Serial - ok
13:51:00.0599 1084 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:51:00.0599 1084 sermouse - ok
13:51:00.0646 1084 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:51:00.0646 1084 sffdisk - ok
13:51:00.0677 1084 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:51:00.0677 1084 sffp_mmc - ok
13:51:00.0693 1084 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:51:00.0693 1084 sffp_sd - ok
13:51:00.0708 1084 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:51:00.0708 1084 sfloppy - ok
13:51:00.0755 1084 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:51:00.0755 1084 SiSRaid2 - ok
13:51:00.0771 1084 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:51:00.0786 1084 SiSRaid4 - ok
13:51:00.0833 1084 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:51:00.0833 1084 Smb - ok
13:51:00.0849 1084 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:51:00.0849 1084 spldr - ok
13:51:00.0911 1084 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:51:00.0911 1084 srv - ok
13:51:00.0942 1084 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:51:00.0958 1084 srv2 - ok
13:51:00.0958 1084 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:51:00.0974 1084 srvnet - ok
13:51:01.0005 1084 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:51:01.0005 1084 stexstor - ok
13:51:01.0052 1084 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
13:51:01.0052 1084 StillCam - ok
13:51:01.0114 1084 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:51:01.0114 1084 storflt - ok
13:51:01.0145 1084 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:51:01.0145 1084 storvsc - ok
13:51:01.0176 1084 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:51:01.0176 1084 swenum - ok
13:51:01.0286 1084 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:51:01.0332 1084 Tcpip - ok
13:51:01.0364 1084 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:51:01.0364 1084 TCPIP6 - ok
13:51:01.0410 1084 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:51:01.0410 1084 tcpipreg - ok
13:51:01.0426 1084 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:51:01.0426 1084 TDPIPE - ok
13:51:01.0442 1084 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:51:01.0442 1084 TDTCP - ok
13:51:01.0488 1084 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:51:01.0488 1084 tdx - ok
13:51:01.0535 1084 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:51:01.0535 1084 TermDD - ok
13:51:01.0582 1084 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:51:01.0582 1084 tssecsrv - ok
13:51:01.0660 1084 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:51:01.0660 1084 TsUsbFlt - ok
13:51:01.0707 1084 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:51:01.0707 1084 tunnel - ok
13:51:01.0722 1084 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:51:01.0722 1084 uagp35 - ok
13:51:01.0769 1084 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:51:01.0769 1084 udfs - ok
13:51:01.0800 1084 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:51:01.0800 1084 uliagpkx - ok
13:51:01.0847 1084 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:51:01.0847 1084 umbus - ok
13:51:01.0863 1084 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:51:01.0878 1084 UmPass - ok
13:51:01.0925 1084 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:51:01.0925 1084 usbccgp - ok
13:51:01.0988 1084 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:51:01.0988 1084 usbcir - ok
13:51:02.0034 1084 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:51:02.0034 1084 usbehci - ok
13:51:02.0066 1084 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:51:02.0066 1084 usbhub - ok
13:51:02.0081 1084 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:51:02.0081 1084 usbohci - ok
13:51:02.0097 1084 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:51:02.0097 1084 usbprint - ok
13:51:02.0144 1084 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:51:02.0144 1084 usbscan - ok
13:51:02.0175 1084 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:51:02.0175 1084 USBSTOR - ok
13:51:02.0190 1084 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:51:02.0190 1084 usbuhci - ok
13:51:02.0237 1084 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:51:02.0237 1084 vdrvroot - ok
13:51:02.0253 1084 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:51:02.0253 1084 vga - ok
13:51:02.0268 1084 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:51:02.0268 1084 VgaSave - ok
13:51:02.0300 1084 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:51:02.0300 1084 vhdmp - ok
13:51:02.0315 1084 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:51:02.0315 1084 viaide - ok
13:51:02.0346 1084 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:51:02.0346 1084 vmbus - ok
13:51:02.0362 1084 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:51:02.0362 1084 VMBusHID - ok
13:51:02.0393 1084 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:51:02.0409 1084 volmgr - ok
13:51:02.0456 1084 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:51:02.0456 1084 volmgrx - ok
13:51:02.0487 1084 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:51:02.0487 1084 volsnap - ok
13:51:02.0502 1084 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:51:02.0518 1084 vsmraid - ok
13:51:02.0534 1084 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:51:02.0534 1084 vwifibus - ok
13:51:02.0549 1084 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:51:02.0549 1084 WacomPen - ok
13:51:02.0580 1084 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:51:02.0580 1084 WANARP - ok
13:51:02.0596 1084 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:51:02.0596 1084 Wanarpv6 - ok
13:51:02.0627 1084 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:51:02.0643 1084 Wd - ok
13:51:02.0674 1084 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:51:02.0690 1084 Wdf01000 - ok
13:51:02.0721 1084 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:51:02.0721 1084 WfpLwf - ok
13:51:02.0736 1084 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:51:02.0736 1084 WIMMount - ok
13:51:02.0830 1084 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:51:02.0830 1084 WinUsb - ok
13:51:02.0861 1084 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:51:02.0877 1084 WmiAcpi - ok
13:51:02.0908 1084 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:51:02.0908 1084 ws2ifsl - ok
13:51:02.0970 1084 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:51:02.0970 1084 WudfPf - ok
13:51:03.0017 1084 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:51:03.0017 1084 WUDFRd - ok
13:51:03.0064 1084 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:51:03.0126 1084 \Device\Harddisk0\DR0 - ok
13:51:03.0126 1084 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
13:51:03.0142 1084 \Device\Harddisk1\DR1 - ok
13:51:03.0142 1084 Boot (0x1200) (ad428bcd3de4666a3ec33f1fb10d81fb) \Device\Harddisk0\DR0\Partition0
13:51:03.0142 1084 \Device\Harddisk0\DR0\Partition0 - ok
13:51:03.0158 1084 Boot (0x1200) (6d6d4378ec40ff4594400d7f04c61969) \Device\Harddisk0\DR0\Partition1
13:51:03.0158 1084 \Device\Harddisk0\DR0\Partition1 - ok
13:51:03.0158 1084 Boot (0x1200) (e4ca607754190f2f694e8a9fb646e985) \Device\Harddisk1\DR1\Partition0
13:51:03.0158 1084 \Device\Harddisk1\DR1\Partition0 - ok
13:51:03.0173 1084 ============================================================
13:51:03.0173 1084 Scan finished
13:51:03.0173 1084 ============================================================
13:51:03.0173 3056 Detected object count: 0
13:51:03.0173 3056 Actual detected object count: 0



- Cheapfire

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 29 January 2012 - 10:22 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Cheapfire

Cheapfire
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 29 January 2012 - 11:00 PM

Hi Gringo,

While waiting on a reply I did get a BSOD error which was caused by "kdcom.dll" it hasn't happened again yet and everything else seems normal.

Have done as requested and here is the log;

ComboFix 12-01-29.02 - User 30/01/2012 14:36:24.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3831.2653 [GMT 11:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 03:41 . 2012-01-30 03:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-29 22:49 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF57E750-227B-499A-AEBE-018FC570C7AC}\mpengine.dll
2012-01-27 00:31 . 2012-01-27 00:31 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-27 00:31 . 2012-01-27 00:31 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-25 05:52 . 2012-01-26 22:47 -------- d-----w- C:\MGtools
2012-01-25 05:52 . 2012-01-25 05:52 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-01-25 05:37 . 2012-01-25 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-25 05:36 . 2012-01-25 05:36 -------- d-----w- c:\program files (x86)\TeamViewer
2012-01-25 05:36 . 2012-01-25 05:36 -------- d-----w- c:\program files (x86)\Auslogics
2012-01-25 05:36 . 2012-01-25 05:36 -------- d-----w- c:\users\User\AppData\Roaming\Auslogics
2012-01-25 05:35 . 2012-01-25 05:35 -------- d-----w- c:\windows\SysWow64\Adobe
2012-01-25 05:35 . 2012-01-25 05:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-25 05:35 . 2012-01-25 05:35 -------- d-----w- c:\program files (x86)\Java
2012-01-25 05:34 . 2012-01-25 05:34 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-01-25 05:34 . 2012-01-25 05:34 -------- d-----w- c:\windows\system32\Macromed
2012-01-24 05:55 . 2012-01-30 03:30 53248 ----a-w- c:\windows\SysWow64\zlib.dll
2012-01-24 04:10 . 2012-01-24 04:10 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-01-24 04:10 . 2012-01-24 04:10 -------- d-----w- c:\programdata\Hitman Pro
2012-01-24 02:20 . 2012-01-24 02:20 -------- d-----w- C:\Support
2012-01-24 02:16 . 2012-01-30 03:34 24576 ----a-w- c:\windows\system32\FoolishEventLogMsgHelper.dll
2012-01-18 23:50 . 2012-01-18 23:50 -------- d-----w- c:\users\User\AppData\Local\Apple Computer
2012-01-18 23:50 . 2012-01-19 00:00 -------- d-----w- c:\users\User\AppData\Roaming\Apple Computer
2012-01-18 23:50 . 2009-05-18 02:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-18 23:50 . 2008-04-17 01:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-01-18 23:50 . 2008-04-17 01:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-01-18 23:50 . 2012-01-18 23:50 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-18 23:49 . 2012-01-18 23:50 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-18 23:49 . 2012-01-18 23:50 -------- d-----w- c:\program files\iTunes
2012-01-18 23:49 . 2012-01-18 23:50 -------- d-----w- c:\program files (x86)\iTunes
2012-01-18 23:49 . 2012-01-18 23:49 -------- d-----w- c:\programdata\Apple Computer
2012-01-18 23:49 . 2012-01-18 23:49 -------- d-----w- c:\program files\iPod
2012-01-18 23:49 . 2012-01-18 23:49 -------- d-----w- c:\users\User\AppData\Local\Apple
2012-01-18 23:49 . 2012-01-18 23:49 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-01-18 23:48 . 2012-01-18 23:48 -------- d-----w- c:\program files\Common Files\Apple
2012-01-18 23:48 . 2012-01-18 23:48 -------- d-----w- c:\program files (x86)\Bonjour
2012-01-18 23:48 . 2012-01-18 23:48 -------- d-----w- c:\program files\Bonjour
2012-01-18 23:48 . 2012-01-18 23:49 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-01-18 23:48 . 2012-01-18 23:49 -------- d-----w- c:\programdata\Apple
2012-01-18 21:53 . 2012-01-18 21:53 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-18 21:53 . 2012-01-18 21:53 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-18 21:53 . 2012-01-18 21:53 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-18 21:53 . 2012-01-18 21:53 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-16 06:25 . 2012-01-16 06:25 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-01-11 19:35 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:35 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 19:35 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 19:35 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 19:35 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:35 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 19:35 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:35 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 03:42 . 2010-10-14 13:24 25640 ----a-w- c:\windows\gdrv.sys
2012-01-26 22:45 . 2012-01-26 22:45 21808 ----a-w- C:\MGlogs.zip
2012-01-25 05:35 . 2010-10-15 01:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-25 05:34 . 2011-06-06 21:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-06 05:15 . 2010-10-17 19:05 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2010-10-14 12:28 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-06 21:06 . 2011-12-06 21:06 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:52 . 2011-12-13 22:09 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:32 . 2011-12-13 22:09 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-13 22:09 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 07:12 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 07:12 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 07:12 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 07:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 07:12 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 07:12 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 07:12 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 07:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-29_23.27.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-14 22:18 . 2012-01-30 02:49 50424 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-30 03:31 32900 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-14 13:25 . 2012-01-30 03:31 12164 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1706583518-3912022777-2046167897-1000_UserData.bin
- 2010-10-14 07:51 . 2012-01-27 01:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-14 07:51 . 2012-01-30 01:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-14 07:51 . 2012-01-30 01:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-14 07:51 . 2012-01-27 01:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-30 01:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-27 01:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-29 23:25 . 2012-01-29 23:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-30 03:42 . 2012-01-30 03:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-30 03:42 . 2012-01-30 03:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-29 23:25 . 2012-01-29 23:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-01-29 22:45 633418 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-30 03:36 633418 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-30 03:36 112442 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-29 22:45 112442 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:12 . 2012-01-30 01:58 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-01-26 23:13 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-01-30 03:41 471188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-29 23:24 471188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-24 05:53 . 2012-01-30 03:41 4294596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1706583518-3912022777-2046167897-1000-8192.dat
+ 2011-03-09 04:03 . 2012-01-30 02:46 40178548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1706583518-3912022777-2046167897-1000-12288.dat
- 2011-03-09 04:03 . 2012-01-25 06:27 40178548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1706583518-3912022777-2046167897-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 01:05 356352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 BlackBox;BlackBox SR2; [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-11-17 30528]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [x]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R4 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2011-07-20 133944]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 220.233.0.3 220.233.0.4 10.1.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s7rq7nhc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642706&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~2\BELKIN~1\BELKIN~4.EXE
c:\program files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\progra~2\BELKIN~1\BELKIN~3.EXE
c:\program files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2012-01-30 14:46:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-30 03:46
ComboFix2.txt 2012-01-29 23:45
ComboFix3.txt 2012-01-25 05:13
.
Pre-Run: 373,504,266,240 bytes free
Post-Run: 373,370,331,136 bytes free
.
- - End Of File - - 44AA1E1C3B2616C21A6EF7393690748A


-Cheapfire

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 29 January 2012 - 11:26 PM

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Cheapfire

Cheapfire
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 30 January 2012 - 12:42 AM

Hi Gringo,
I have follow the instructions and here are both logs, have not had any other BSOD's or problems yet;


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: WATER [administrator]

30/01/2012 3:57:06 PM
mbam-log-2012-01-30 (15-57-06).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 343824
Time elapsed: 39 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\User\Desktop\D7\3rd Party Tools\iehv.exe (PUP.HistoryTool) -> No action taken.
C:\Users\User\Desktop\D7\3rd Party Tools\mailpv.exe (PUP.MailPassView) -> No action taken.
C:\Users\User\Desktop\D7\3rd Party Tools\ProduKey.exe (PUP.PSWTool.ProductKey) -> No action taken.
C:\Users\User\Desktop\D7\3rd Party Tools\WirelessKeyView-x64.exe (PUP.WirelessKeyView) -> No action taken.
C:\Users\User\Desktop\D7\3rd Party Tools\WirelessKeyView.exe (PUP.WirelessKeyView) -> No action taken.

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:39:26 PM, on 30/01/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\SysWOW64\atashost.exe
O23 - Service: BelkinAPMmonitor - Macrovision - C:\PROGRA~2\BELKIN~1\BELKIN~4.EXE
O23 - Service: BelkinAPMRMI - Macrovision - C:\PROGRA~2\BELKIN~1\BELKIN~3.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7801 bytes



- Cheapfire

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 30 January 2012 - 12:49 AM

Greetings

In the MBAM report did you allow those findings to be fixed


:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Cheapfire

Cheapfire
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 30 January 2012 - 12:58 AM

Hi Gringo,
No I didn't remove the findings as they weren't automatically ticked to be removed, would it be a good idea to run the scan again and remove them?

I am running the ESET scan right now I will let it run overnight and I will post the log for you in my morning.

- Cheapfire

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 30 January 2012 - 01:08 AM

yes let it fix them and I will look for you in the morning


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Cheapfire

Cheapfire
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 30 January 2012 - 06:04 PM

Hi Gringo,

Have run both ESET and Mbam and removed the findings this time around here are the logs;

ESET results
C:\MGtools\Process.exe Win32/PrcView application
C:\Users\User\Desktop\D7\3rd Party Tools\mailpv.exe a variant of Win32/PSWTool.MailPassView.E application
C:\Users\User\Desktop\D7\3rd Party Tools\ProduKey.exe Win32/PSWTool.ProductKey application
C:\Users\User\Desktop\D7\3rd Party Tools\WirelessKeyView.exe a variant of Win32/WirelessKeyView.A application
C:\Users\User\Downloads\registrybooster.exe Win32/RegistryBooster application



Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: WATER [administrator]

31/01/2012 9:21:37 AM
mbam-log-2012-01-31 (09-21-37).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 344146
Time elapsed: 37 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\User\Desktop\D7\3rd Party Tools\iehv.exe (PUP.HistoryTool) -> Quarantined and deleted successfully.
C:\Users\User\Desktop\D7\3rd Party Tools\mailpv.exe (PUP.MailPassView) -> Quarantined and deleted successfully.
C:\Users\User\Desktop\D7\3rd Party Tools\ProduKey.exe (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.
C:\Users\User\Desktop\D7\3rd Party Tools\WirelessKeyView-x64.exe (PUP.WirelessKeyView) -> Quarantined and deleted successfully.
C:\Users\User\Desktop\D7\3rd Party Tools\WirelessKeyView.exe (PUP.WirelessKeyView) -> Quarantined and deleted successfully.

(end)


-Cheapfire




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users