Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
16 replies to this topic

#1 Futurebababooey

Futurebababooey

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 13 February 2012 - 01:23 AM

I've got this blasted google redirect virus that I can't seem to get rid of with AVG, or MBAM, or TDSSKiller, it always comes back. It always seems to be found as an .exe in the temp folders or in System32, but it will pop back up in a day or so. Any help towards getting rid of this dang thing is very appreciated!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Dustin at 0:21:38 on 2012-02-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.5433 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\AVG\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\avgwdsvc.exe
C:\Program Files (x86)\AVG\avgnsa.exe
C:\Program Files (x86)\AVG\avgemca.exe
C:\Program Files (x86)\AVG\avgrsa.exe
C:\Program Files (x86)\AVG\avgcsrva.exe
C:\Program Files (x86)\AVG\avgtray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\avgtray.exe"
mRun: [<NO NAME>]
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\Users\Dustin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: Interfaces\{5DA76360-02C9-43C3-BB5F-AA85B6A64E1E} : NameServer = 208.180.42.100,208.180.42.68
TCP: Interfaces\{9E578AA7-A2CC-4354-9FE5-0BC7D18F0704} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\avgtray.exe"
mRun-x64: [(Default)]
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\nv822wdh.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dustin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/06/28 17:28:00];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-5-20 148976]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\avgwdsvc.exe [2011-8-2 192776]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-6 652360]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-6-28 75248]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SCTDriverV1011;SCTDriverV1011;C:\Windows\system32\drivers\SCTDriverV1011.sys --> C:\Windows\system32\drivers\SCTDriverV1011.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-12-18 24176]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI\RTCore64.sys [2010-5-26 14648]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-6-28 83240]
S4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-6-28 70952]
S4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-6-28 312616]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-9 128928]
S4 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-7-17 4948992]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-9-1 2358656]
.
=============== Created Last 30 ================
.
2012-02-13 05:54:17 -------- d-----w- C:\Users\Dustin\AppData\Roaming\WinPatrol
2012-02-13 05:54:15 -------- d-----w- C:\Program Files (x86)\BillP Studios
2012-02-13 05:54:14 -------- d-----w- C:\ProgramData\InstallMate
2012-02-13 02:24:46 -------- d-----w- C:\Users\Dustin\AppData\Roaming\Runiter
2012-02-09 00:41:54 -------- d-----w- C:\Malware Tools
2012-02-09 00:09:00 -------- d-----w- C:\Program Files (x86)\Process Explorer
2012-02-04 16:38:10 -------- d-----w- C:\Program Files\iTunes
2012-02-04 16:38:10 -------- d-----w- C:\Program Files\iPod
2012-01-31 18:48:33 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-01-31 18:48:25 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-01-31 18:48:25 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-01-31 18:46:41 -------- d-----w- C:\Program Files\ATI
2012-01-31 18:46:26 -------- d-----w- C:\Program Files\ATI Technologies
2012-01-31 18:45:21 -------- d-----w- C:\AMD
2012-01-23 05:01:05 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-01-23 04:42:07 -------- dc-h--w- C:\ProgramData\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2012-01-23 04:41:42 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign
2012-01-23 02:22:45 -------- d-----w- C:\ProgramData\Native Instruments
2012-01-23 02:22:44 -------- dc-h--w- C:\ProgramData\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
2012-01-23 02:21:57 -------- dc-h--w- C:\ProgramData\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}
2012-01-23 02:20:56 -------- dc-h--w- C:\ProgramData\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}
2012-01-23 02:19:37 -------- dc-h--w- C:\ProgramData\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
2012-01-23 02:19:31 -------- dc-h--w- C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2012-01-23 02:19:29 -------- d-----w- C:\Program Files\Native Instruments
2012-01-23 02:19:29 -------- d-----w- C:\Program Files\Common Files\Native Instruments
2012-01-23 02:17:12 -------- d-----w- C:\Program Files (x86)\Guitar Rig
2012-01-17 21:54:27 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-01-17 21:54:13 -------- d-----w- C:\ProgramData\HP Photo Creations
2012-01-17 21:54:13 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2012-01-17 21:54:10 -------- d-----w- C:\Program Files (x86)\Coupons
2012-01-17 21:53:40 -------- d-----w- C:\Users\Dustin\AppData\Roaming\HpUpdate
2012-01-17 21:53:19 750440 ------w- C:\Windows\System32\HPDiscoPM8e11.dll
2012-01-17 21:52:55 -------- d-----w- C:\Program Files (x86)\HP
2012-01-17 21:52:13 -------- d-----w- C:\Program Files\HP
2012-01-17 21:46:20 -------- d-----w- C:\Users\Dustin\AppData\Local\HP
2012-01-17 19:15:55 -------- d-----w- C:\Windows\en
2012-01-17 19:14:26 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-01-17 19:12:10 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e932b4041ccd54b07\DSETUP.dll
2012-01-17 19:12:10 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e932b4041ccd54b07\DXSETUP.exe
2012-01-17 19:12:10 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e932b4041ccd54b07\dsetup32.dll
2012-01-17 19:12:04 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e52a3c061ccd54b06\DSETUP.dll
2012-01-17 19:12:04 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e52a3c061ccd54b06\DXSETUP.exe
2012-01-17 19:12:04 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e52a3c061ccd54b06\dsetup32.dll
2012-01-17 19:11:06 -------- d-----w- C:\Users\Dustin\AppData\Local\Windows Live
2012-01-17 19:11:04 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-01-17 18:55:06 -------- d-----w- C:\Users\Dustin\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2012-02-10 17:41:52 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-02-10 17:41:52 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-02-10 17:41:37 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-01-05 00:54:40 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-06 04:04:06 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-12-06 04:04:00 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-12-06 04:03:54 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-12-06 04:03:52 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-12-06 04:03:42 17580544 ----a-w- C:\Windows\System32\amdocl64.dll
2011-12-06 04:03:04 14499328 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-12-06 03:45:40 10720256 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-12-06 03:18:38 25371136 ----a-w- C:\Windows\System32\atio6axx.dll
2011-12-06 03:17:50 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-12-06 03:17:36 778752 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-12-06 03:16:00 933888 ----a-w- C:\Windows\System32\aticfx64.dll
2011-12-06 03:12:52 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-12-06 03:12:36 494080 ----a-w- C:\Windows\System32\atieclxx.exe
2011-12-06 03:11:56 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-12-06 03:10:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-12-06 03:10:20 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-12-06 03:10:12 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-12-06 03:10:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-12-06 03:09:56 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-12-06 03:09:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-12-06 03:09:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-12-06 03:06:38 6159872 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-12-06 02:56:40 19125760 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-12-06 02:51:22 7520768 ----a-w- C:\Windows\System32\atidxx64.dll
2011-12-06 02:39:58 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-12-06 02:39:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-12-06 02:39:12 4072960 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-12-06 02:34:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-12-06 02:34:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-12-06 02:34:16 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-12-06 02:34:14 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-12-06 02:34:00 13738496 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-12-06 02:33:36 5919232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-12-06 02:29:30 11484672 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-12-06 02:28:50 4206592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-12-06 02:24:02 7511040 ----a-w- C:\Windows\System32\atiumd64.dll
2011-12-06 02:18:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-12-06 02:13:02 509952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-12-06 02:12:52 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-12-06 02:12:38 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-12-06 02:12:34 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-12-06 02:12:34 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-12-06 02:12:30 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-12-06 02:12:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-12-06 02:12:14 327168 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-12-06 02:11:24 42496 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-12-06 02:11:16 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-12-06 02:11:10 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-12-06 02:11:02 29696 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-12-06 02:10:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 14:11:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-15 23:58:56 146432 ----a-w- C:\Windows\System32\SlotMaximizerAg.dll
2011-11-15 23:58:54 3507712 ----a-w- C:\Windows\System32\SlotMaximizerBe.dll
2011-11-15 23:57:06 2463744 ----a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll
2011-11-15 23:57:02 122880 ----a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll
.
============= FINISH: 0:22:08.30 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 15 February 2012 - 11:55 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Futurebababooey

Futurebababooey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 15 February 2012 - 02:01 PM

First off, thank you Gringo for taking the time to help me.

Secondly, before you managed to reply a few things happened. My AVG trial ran out, and I've converted it to the free edition. Next, the redirects happened, so I ran the AVG free scan and it detected and deleted 5 or 6 files associated with Cryptic.dxb. However that didn't stop the redirects from coming back. Eventually when I tried to search anything on Google, I was taken to Google's page to enter a CAPTCHA because it thought I was a robot. Fantastic. I switched the search engine on Firefox to Google (SSL) and that works now, but with the same redirect problem. Anyway, on to the ComboFix log:




ComboFix 12-02-15.01 - Dustin 02/15/2012 12:38:43.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6116 [GMT -6:00]
Running from: c:\malware tools\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))
.
.
2012-02-15 18:43 . 2012-02-15 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-14 20:01 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 20:01 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 20:01 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 20:01 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 19:43 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 19:43 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 19:43 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 19:43 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-13 06:25 . 2012-02-13 06:25 -------- d-----w- c:\program files\Core Temp
2012-02-13 05:54 . 2012-02-13 05:54 -------- d-----w- c:\users\Dustin\AppData\Roaming\WinPatrol
2012-02-13 05:54 . 2012-02-13 05:54 -------- d-----w- c:\program files (x86)\BillP Studios
2012-02-13 05:54 . 2012-02-13 05:54 -------- d-----w- c:\programdata\InstallMate
2012-02-13 02:24 . 2012-02-13 02:24 -------- d-----w- c:\users\Dustin\AppData\Roaming\Runiter
2012-02-09 00:41 . 2012-02-15 18:33 -------- d-----w- C:\Malware Tools
2012-02-09 00:09 . 2012-02-09 00:09 -------- d-----w- c:\program files (x86)\Process Explorer
2012-02-04 16:38 . 2012-02-04 16:38 -------- d-----w- c:\program files\iTunes
2012-02-04 16:38 . 2012-02-04 16:38 -------- d-----w- c:\program files\iPod
2012-01-31 18:51 . 2012-01-31 18:51 -------- d-----w- c:\programdata\ATI
2012-01-31 18:48 . 2012-01-31 18:48 -------- d-----w- c:\program files (x86)\AMD APP
2012-01-31 18:48 . 2012-01-31 18:48 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-01-31 18:48 . 2012-01-31 18:48 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-01-31 18:46 . 2012-01-31 18:46 -------- d-----w- c:\program files\ATI
2012-01-31 18:46 . 2012-01-31 18:48 -------- d-----w- c:\program files\ATI Technologies
2012-01-31 18:45 . 2012-01-31 18:45 -------- d-----w- C:\AMD
2012-01-23 05:01 . 2012-01-23 05:01 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-01-23 04:42 . 2012-01-23 04:58 -------- dc-h--w- c:\programdata\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2012-01-23 04:41 . 2012-01-23 04:41 -------- d-----w- c:\program files (x86)\Common Files\Digidesign
2012-01-23 02:22 . 2012-01-23 02:22 -------- d-----w- c:\programdata\Native Instruments
2012-01-23 02:22 . 2012-01-23 02:22 -------- dc-h--w- c:\programdata\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
2012-01-23 02:21 . 2012-01-23 02:21 -------- dc-h--w- c:\programdata\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}
2012-01-23 02:20 . 2012-01-23 02:20 -------- dc-h--w- c:\programdata\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}
2012-01-23 02:19 . 2012-01-23 02:19 -------- dc-h--w- c:\programdata\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
2012-01-23 02:19 . 2012-01-23 02:19 -------- dc-h--w- c:\programdata\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2012-01-23 02:19 . 2012-01-23 02:22 -------- d-----w- c:\program files\Common Files\Native Instruments
2012-01-23 02:19 . 2012-01-23 02:22 -------- d-----w- c:\program files\Native Instruments
2012-01-23 02:17 . 2012-01-23 02:17 -------- d-----w- c:\program files (x86)\Guitar Rig
2012-01-17 21:54 . 2012-01-31 03:58 -------- d-----w- c:\program files (x86)\Microsoft
2012-01-17 21:54 . 2012-01-17 22:34 -------- d-----w- c:\programdata\HP Photo Creations
2012-01-17 21:54 . 2012-01-17 21:54 -------- d-----w- c:\program files (x86)\HP Photo Creations
2012-01-17 21:54 . 2012-01-17 21:54 -------- d-----w- c:\program files (x86)\Coupons
2012-01-17 21:53 . 2012-01-17 21:53 -------- d-----w- c:\users\Dustin\AppData\Roaming\HpUpdate
2012-01-17 21:53 . 2010-11-17 03:24 750440 ------w- c:\windows\system32\HPDiscoPM8e11.dll
2012-01-17 21:52 . 2012-01-17 21:52 -------- d-----w- c:\programdata\HP
2012-01-17 21:52 . 2012-01-17 21:53 -------- d-----w- c:\program files (x86)\HP
2012-01-17 21:52 . 2012-01-17 21:52 -------- d-----w- c:\program files\HP
2012-01-17 21:46 . 2012-01-17 21:46 -------- d-----w- c:\users\Dustin\AppData\Local\HP
2012-01-17 19:15 . 2012-01-17 19:15 -------- d-----w- c:\windows\en
2012-01-17 19:14 . 2012-01-17 19:14 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-01-17 19:13 . 2012-01-17 19:14 -------- d-----w- c:\program files (x86)\Windows Live
2012-01-17 19:11 . 2012-01-17 19:11 -------- d-----w- c:\users\Dustin\AppData\Local\Windows Live
2012-01-17 19:11 . 2012-01-17 19:11 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-01-17 18:55 . 2012-02-09 00:40 -------- d-----w- c:\users\Dustin\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-14 18:42 . 2011-02-23 01:18 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-14 18:41 . 2011-02-23 01:18 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-13 22:03 . 2011-03-28 22:13 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-13 22:03 . 2011-02-23 01:18 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-01-17 19:13 . 2011-03-29 00:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-07 02:54 . 2012-01-07 02:54 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64C9871E-1A56-46C3-8F01-4726C272AEF3}\offreg.dll
2011-12-10 21:24 . 2011-11-25 06:30 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 04:04 . 2011-12-06 04:04 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-12-06 04:04 . 2011-12-06 04:04 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-12-06 04:03 . 2011-12-06 04:03 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-12-06 04:03 . 2011-12-06 04:03 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-12-06 04:03 . 2011-12-06 04:03 17580544 ----a-w- c:\windows\system32\amdocl64.dll
2011-12-06 04:03 . 2011-12-06 04:03 14499328 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-12-06 03:45 . 2011-12-06 03:45 10720256 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:18 . 2011-12-06 03:18 25371136 ----a-w- c:\windows\system32\atio6axx.dll
2011-12-06 03:17 . 2011-12-06 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-12-06 03:17 778752 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-12-06 03:16 . 2011-12-06 03:16 933888 ----a-w- c:\windows\system32\aticfx64.dll
2011-12-06 03:12 . 2011-12-06 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12 494080 ----a-w- c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-12-06 03:10 . 2011-12-06 03:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-12-06 03:10 . 2011-12-06 03:10 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-12-06 03:09 . 2011-12-06 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-12-06 03:06 . 2011-12-06 03:06 6159872 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-12-06 02:56 . 2011-12-06 02:56 19125760 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-12-06 02:51 . 2011-12-06 02:51 7520768 ----a-w- c:\windows\system32\atidxx64.dll
2011-12-06 02:39 . 2011-12-06 02:39 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-12-06 02:39 . 2011-12-06 02:39 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-12-06 02:39 . 2011-12-06 02:39 4072960 ----a-w- c:\windows\system32\atiumd6a.dll
2011-12-06 02:34 . 2011-12-06 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-12-06 02:34 . 2011-12-06 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-12-06 02:34 . 2011-12-06 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-12-06 02:34 . 2011-12-06 02:34 13738496 ----a-w- c:\windows\system32\aticaldd64.dll
2011-12-06 02:33 . 2011-12-06 02:33 5919232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29 11484672 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-12-06 02:28 . 2011-12-06 02:28 4206592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-12-06 02:24 . 2011-12-06 02:24 7511040 ----a-w- c:\windows\system32\atiumd64.dll
2011-12-06 02:18 . 2010-09-29 01:23 58880 ----a-w- c:\windows\system32\coinst.dll
2011-12-06 02:13 . 2011-07-08 02:47 509952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-12-06 02:12 . 2011-12-06 02:12 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-12-06 02:12 . 2011-12-06 02:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 327168 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2011-12-06 02:11 42496 ----a-w- c:\windows\system32\atiuxp64.dll
2011-12-06 02:11 . 2011-12-06 02:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-12-06 02:11 . 2011-12-06 02:11 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2011-12-06 02:11 . 2011-12-06 02:11 29696 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-21 11:40 . 2012-01-06 02:19 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64C9871E-1A56-46C3-8F01-4726C272AEF3}\mpengine.dll
2011-11-21 11:40 . 2010-11-28 23:50 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-19 14:58 . 2012-01-11 06:39 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 06:39 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Dustin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Dustin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Dustin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Dustin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"AVG_TRAY"="c:\program files (x86)\AVG\avgtray.exe" [2012-01-24 2416480]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-01-30 400480]
.
c:\users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 178688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Dustin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/06/28 17:28];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-20 20:31 148976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\avgwdsvc.exe [2011-08-02 192776]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI\RTCore64.sys [2010-05-27 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SCTDriverV1011;SCTDriverV1011;c:\windows\system32\drivers\SCTDriverV1011.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-648952850-2766432230-3566814371-1001Core.job
- c:\users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 01:30]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-648952850-2766432230-3566814371-1001UA.job
- c:\users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 01:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Dustin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Dustin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Dustin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Dustin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{5DA76360-02C9-43C3-BB5F-AA85B6A64E1E}: NameServer = 208.180.42.100,208.180.42.68
FF - ProfilePath - c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\nv822wdh.default\
FF - prefs.js: browser.search.selectedEngine - Google (SSL)
FF - prefs.js: browser.startup.homepage - about:blank
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
SafeBoot-06965451.sys
SafeBoot-MsMpSvc
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\MSI\MSIAfterburner.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
.
**************************************************************************
.
Completion time: 2012-02-15 12:53:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-15 18:53
.
Pre-Run: 218,334,834,688 bytes free
Post-Run: 218,240,000,000 bytes free
.
- - End Of File - - 8C0C84DA27BA2374196B411BD59E2DC4

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 15 February 2012 - 02:35 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo




Code:
Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Futurebababooey

Futurebababooey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 15 February 2012 - 02:55 PM

Here are the two logs you've requested:

13:38:12.0302 4800 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
13:38:12.0791 4800 ============================================================
13:38:12.0791 4800 Current date / time: 2012/02/15 13:38:12.0791
13:38:12.0791 4800 SystemInfo:
13:38:12.0791 4800
13:38:12.0791 4800 OS Version: 6.1.7601 ServicePack: 1.0
13:38:12.0791 4800 Product type: Workstation
13:38:12.0791 4800 ComputerName: DUSTIN-WIN7
13:38:12.0791 4800 UserName: Dustin
13:38:12.0791 4800 Windows directory: C:\Windows
13:38:12.0791 4800 System windows directory: C:\Windows
13:38:12.0791 4800 Running under WOW64
13:38:12.0791 4800 Processor architecture: Intel x64
13:38:12.0791 4800 Number of processors: 4
13:38:12.0791 4800 Page size: 0x1000
13:38:12.0791 4800 Boot type: Normal boot
13:38:12.0791 4800 ============================================================
13:38:17.0402 4800 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:38:17.0413 4800 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:38:17.0419 4800 \Device\Harddisk0\DR0:
13:38:17.0419 4800 MBR used
13:38:17.0419 4800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x8EE9870
13:38:17.0419 4800 \Device\Harddisk1\DR1:
13:38:17.0419 4800 MBR used
13:38:17.0419 4800 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A856374
13:38:17.0463 4800 Initialize success
13:38:17.0463 4800 ============================================================
13:38:30.0934 1216 ============================================================
13:38:30.0934 1216 Scan started
13:38:30.0934 1216 Mode: Manual;
13:38:30.0934 1216 ============================================================
13:38:31.0358 1216 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:38:31.0361 1216 1394ohci - ok
13:38:31.0391 1216 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:38:31.0393 1216 ACPI - ok
13:38:31.0426 1216 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:38:31.0427 1216 AcpiPmi - ok
13:38:31.0464 1216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:38:31.0468 1216 adp94xx - ok
13:38:31.0486 1216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:38:31.0489 1216 adpahci - ok
13:38:31.0507 1216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:38:31.0509 1216 adpu320 - ok
13:38:31.0550 1216 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:38:31.0552 1216 AFD - ok
13:38:31.0577 1216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:38:31.0578 1216 agp440 - ok
13:38:31.0595 1216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:38:31.0596 1216 aliide - ok
13:38:31.0645 1216 ALSysIO - ok
13:38:31.0672 1216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:38:31.0673 1216 amdide - ok
13:38:31.0694 1216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:38:31.0695 1216 AmdK8 - ok
13:38:31.0894 1216 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
13:38:32.0042 1216 amdkmdag - ok
13:38:32.0079 1216 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
13:38:32.0082 1216 amdkmdap - ok
13:38:32.0095 1216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:38:32.0095 1216 AmdPPM - ok
13:38:32.0127 1216 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:38:32.0128 1216 amdsata - ok
13:38:32.0145 1216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:38:32.0146 1216 amdsbs - ok
13:38:32.0162 1216 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:38:32.0163 1216 amdxata - ok
13:38:32.0205 1216 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:38:32.0206 1216 AppID - ok
13:38:32.0251 1216 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:38:32.0252 1216 arc - ok
13:38:32.0263 1216 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:38:32.0264 1216 arcsas - ok
13:38:32.0283 1216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:38:32.0284 1216 AsyncMac - ok
13:38:32.0311 1216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:38:32.0312 1216 atapi - ok
13:38:32.0345 1216 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
13:38:32.0346 1216 AtiHDAudioService - ok
13:38:32.0406 1216 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
13:38:32.0407 1216 AVGIDSDriver - ok
13:38:32.0428 1216 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
13:38:32.0429 1216 AVGIDSEH - ok
13:38:32.0444 1216 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
13:38:32.0444 1216 AVGIDSFilter - ok
13:38:32.0487 1216 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
13:38:32.0490 1216 Avgldx64 - ok
13:38:32.0516 1216 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:38:32.0517 1216 Avgmfx64 - ok
13:38:32.0559 1216 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:38:32.0560 1216 Avgrkx64 - ok
13:38:32.0584 1216 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
13:38:32.0586 1216 Avgtdia - ok
13:38:32.0661 1216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:38:32.0665 1216 b06bdrv - ok
13:38:32.0697 1216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:38:32.0701 1216 b57nd60a - ok
13:38:32.0724 1216 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:38:32.0731 1216 Beep - ok
13:38:32.0758 1216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:38:32.0759 1216 blbdrive - ok
13:38:32.0826 1216 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:38:32.0827 1216 bowser - ok
13:38:32.0838 1216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:38:32.0839 1216 BrFiltLo - ok
13:38:32.0850 1216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:38:32.0851 1216 BrFiltUp - ok
13:38:32.0877 1216 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:38:32.0878 1216 BridgeMP - ok
13:38:32.0895 1216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:38:32.0898 1216 Brserid - ok
13:38:32.0915 1216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:38:32.0916 1216 BrSerWdm - ok
13:38:32.0933 1216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:38:32.0934 1216 BrUsbMdm - ok
13:38:32.0941 1216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:38:32.0941 1216 BrUsbSer - ok
13:38:32.0961 1216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:38:32.0962 1216 BTHMODEM - ok
13:38:32.0991 1216 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:38:32.0992 1216 cdfs - ok
13:38:33.0021 1216 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:38:33.0023 1216 cdrom - ok
13:38:33.0045 1216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:38:33.0045 1216 circlass - ok
13:38:33.0074 1216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:38:33.0077 1216 CLFS - ok
13:38:33.0106 1216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:38:33.0107 1216 CmBatt - ok
13:38:33.0118 1216 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:38:33.0118 1216 cmdide - ok
13:38:33.0149 1216 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:38:33.0152 1216 CNG - ok
13:38:33.0165 1216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:38:33.0166 1216 Compbatt - ok
13:38:33.0204 1216 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:38:33.0205 1216 CompositeBus - ok
13:38:33.0224 1216 cpuz132 - ok
13:38:33.0269 1216 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
13:38:33.0269 1216 cpuz135 - ok
13:38:33.0287 1216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:38:33.0287 1216 crcdisk - ok
13:38:33.0345 1216 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:38:33.0347 1216 DfsC - ok
13:38:33.0358 1216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:38:33.0358 1216 discache - ok
13:38:33.0384 1216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:38:33.0385 1216 Disk - ok
13:38:33.0426 1216 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:38:33.0427 1216 drmkaud - ok
13:38:33.0466 1216 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:38:33.0473 1216 DXGKrnl - ok
13:38:33.0543 1216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:38:33.0559 1216 ebdrv - ok
13:38:33.0590 1216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:38:33.0593 1216 elxstor - ok
13:38:33.0619 1216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:38:33.0620 1216 ErrDev - ok
13:38:33.0643 1216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:38:33.0645 1216 exfat - ok
13:38:33.0664 1216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:38:33.0666 1216 fastfat - ok
13:38:33.0680 1216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:38:33.0680 1216 fdc - ok
13:38:33.0702 1216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:38:33.0702 1216 FileInfo - ok
13:38:33.0717 1216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:38:33.0718 1216 Filetrace - ok
13:38:33.0767 1216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:38:33.0768 1216 flpydisk - ok
13:38:33.0794 1216 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:38:33.0796 1216 FltMgr - ok
13:38:33.0811 1216 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:38:33.0812 1216 FsDepends - ok
13:38:33.0825 1216 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:38:33.0825 1216 Fs_Rec - ok
13:38:33.0867 1216 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:38:33.0868 1216 fvevol - ok
13:38:33.0890 1216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:38:33.0891 1216 gagp30kx - ok
13:38:33.0922 1216 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:38:33.0923 1216 GEARAspiWDM - ok
13:38:33.0940 1216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:38:33.0941 1216 hcw85cir - ok
13:38:33.0988 1216 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:38:33.0991 1216 HdAudAddService - ok
13:38:34.0018 1216 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:38:34.0020 1216 HDAudBus - ok
13:38:34.0044 1216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:38:34.0044 1216 HidBatt - ok
13:38:34.0056 1216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:38:34.0057 1216 HidBth - ok
13:38:34.0069 1216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:38:34.0070 1216 HidIr - ok
13:38:34.0094 1216 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
13:38:34.0094 1216 HidUsb - ok
13:38:34.0123 1216 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:38:34.0124 1216 HpSAMD - ok
13:38:34.0167 1216 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:38:34.0185 1216 HTTP - ok
13:38:34.0214 1216 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:38:34.0215 1216 hwpolicy - ok
13:38:34.0233 1216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:38:34.0234 1216 i8042prt - ok
13:38:34.0266 1216 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:38:34.0268 1216 iaStorV - ok
13:38:34.0315 1216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:38:34.0316 1216 iirsp - ok
13:38:34.0389 1216 IntcAzAudAddService (dcf6afba140af3f880a427c2656be44d) C:\Windows\system32\drivers\RTKVHD64.sys
13:38:34.0402 1216 IntcAzAudAddService - ok
13:38:34.0414 1216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:38:34.0415 1216 intelide - ok
13:38:34.0430 1216 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:38:34.0431 1216 intelppm - ok
13:38:34.0460 1216 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:38:34.0461 1216 IpFilterDriver - ok
13:38:34.0484 1216 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:38:34.0485 1216 IPMIDRV - ok
13:38:34.0502 1216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:38:34.0504 1216 IPNAT - ok
13:38:34.0524 1216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:38:34.0525 1216 IRENUM - ok
13:38:34.0541 1216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:38:34.0542 1216 isapnp - ok
13:38:34.0572 1216 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:38:34.0574 1216 iScsiPrt - ok
13:38:34.0600 1216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:38:34.0601 1216 kbdclass - ok
13:38:34.0612 1216 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:38:34.0613 1216 kbdhid - ok
13:38:34.0644 1216 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:38:34.0645 1216 KSecDD - ok
13:38:34.0663 1216 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:38:34.0664 1216 KSecPkg - ok
13:38:34.0679 1216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:38:34.0679 1216 ksthunk - ok
13:38:34.0716 1216 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:38:34.0718 1216 lltdio - ok
13:38:34.0762 1216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:38:34.0763 1216 LSI_FC - ok
13:38:34.0778 1216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:38:34.0779 1216 LSI_SAS - ok
13:38:34.0794 1216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:38:34.0795 1216 LSI_SAS2 - ok
13:38:34.0812 1216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:38:34.0813 1216 LSI_SCSI - ok
13:38:34.0838 1216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:38:34.0839 1216 luafv - ok
13:38:34.0865 1216 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
13:38:34.0866 1216 MBAMProtector - ok
13:38:34.0888 1216 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
13:38:34.0889 1216 MBfilt - ok
13:38:34.0908 1216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:38:34.0909 1216 megasas - ok
13:38:34.0921 1216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:38:34.0923 1216 MegaSR - ok
13:38:34.0940 1216 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:38:34.0941 1216 Modem - ok
13:38:34.0977 1216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:38:34.0978 1216 monitor - ok
13:38:35.0005 1216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:38:35.0006 1216 mouclass - ok
13:38:35.0032 1216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:38:35.0034 1216 mouhid - ok
13:38:35.0059 1216 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:38:35.0061 1216 mountmgr - ok
13:38:35.0103 1216 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
13:38:35.0104 1216 MpFilter - ok
13:38:35.0133 1216 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:38:35.0134 1216 mpio - ok
13:38:35.0152 1216 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:38:35.0154 1216 MpNWMon - ok
13:38:35.0169 1216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:38:35.0170 1216 mpsdrv - ok
13:38:35.0199 1216 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:38:35.0201 1216 MRxDAV - ok
13:38:35.0231 1216 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:38:35.0233 1216 mrxsmb - ok
13:38:35.0264 1216 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:38:35.0269 1216 mrxsmb10 - ok
13:38:35.0286 1216 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:38:35.0288 1216 mrxsmb20 - ok
13:38:35.0318 1216 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:38:35.0319 1216 msahci - ok
13:38:35.0347 1216 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:38:35.0349 1216 msdsm - ok
13:38:35.0371 1216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:38:35.0372 1216 Msfs - ok
13:38:35.0383 1216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:38:35.0384 1216 mshidkmdf - ok
13:38:35.0393 1216 MSICDSetup - ok
13:38:35.0408 1216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:38:35.0408 1216 msisadrv - ok
13:38:35.0437 1216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:38:35.0438 1216 MSKSSRV - ok
13:38:35.0448 1216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:38:35.0448 1216 MSPCLOCK - ok
13:38:35.0463 1216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:38:35.0464 1216 MSPQM - ok
13:38:35.0496 1216 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:38:35.0499 1216 MsRPC - ok
13:38:35.0518 1216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:38:35.0519 1216 mssmbios - ok
13:38:35.0537 1216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:38:35.0538 1216 MSTEE - ok
13:38:35.0554 1216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:38:35.0555 1216 MTConfig - ok
13:38:35.0573 1216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:38:35.0574 1216 Mup - ok
13:38:35.0605 1216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:38:35.0609 1216 NativeWifiP - ok
13:38:35.0659 1216 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:38:35.0666 1216 NDIS - ok
13:38:35.0680 1216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:38:35.0682 1216 NdisCap - ok
13:38:35.0710 1216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:38:35.0711 1216 NdisTapi - ok
13:38:35.0768 1216 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:38:35.0769 1216 Ndisuio - ok
13:38:35.0801 1216 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:38:35.0804 1216 NdisWan - ok
13:38:35.0838 1216 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:38:35.0839 1216 NDProxy - ok
13:38:35.0869 1216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:38:35.0870 1216 NetBIOS - ok
13:38:35.0905 1216 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:38:35.0909 1216 NetBT - ok
13:38:35.0948 1216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:38:35.0949 1216 nfrd960 - ok
13:38:35.0994 1216 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:38:35.0996 1216 NisDrv - ok
13:38:36.0015 1216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:38:36.0017 1216 Npfs - ok
13:38:36.0028 1216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:38:36.0029 1216 nsiproxy - ok
13:38:36.0090 1216 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:38:36.0101 1216 Ntfs - ok
13:38:36.0186 1216 ntk_PowerDVD (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
13:38:36.0188 1216 ntk_PowerDVD - ok
13:38:36.0200 1216 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:38:36.0201 1216 Null - ok
13:38:36.0232 1216 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:38:36.0233 1216 nvraid - ok
13:38:36.0261 1216 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:38:36.0263 1216 nvstor - ok
13:38:36.0290 1216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:38:36.0292 1216 nv_agp - ok
13:38:36.0321 1216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:38:36.0322 1216 ohci1394 - ok
13:38:36.0352 1216 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:38:36.0353 1216 Parport - ok
13:38:36.0385 1216 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:38:36.0386 1216 partmgr - ok
13:38:36.0473 1216 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys
13:38:36.0474 1216 pbfilter - ok
13:38:36.0495 1216 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:38:36.0497 1216 pci - ok
13:38:36.0508 1216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:38:36.0508 1216 pciide - ok
13:38:36.0528 1216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:38:36.0530 1216 pcmcia - ok
13:38:36.0547 1216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:38:36.0548 1216 pcw - ok
13:38:36.0569 1216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:38:36.0584 1216 PEAUTH - ok
13:38:36.0648 1216 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:38:36.0649 1216 PptpMiniport - ok
13:38:36.0660 1216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:38:36.0660 1216 Processor - ok
13:38:36.0697 1216 PROCEXP151 - ok
13:38:36.0747 1216 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:38:36.0749 1216 Psched - ok
13:38:36.0784 1216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:38:36.0795 1216 ql2300 - ok
13:38:36.0813 1216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:38:36.0815 1216 ql40xx - ok
13:38:36.0827 1216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:38:36.0827 1216 QWAVEdrv - ok
13:38:36.0847 1216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:38:36.0848 1216 RasAcd - ok
13:38:36.0870 1216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:38:36.0871 1216 RasAgileVpn - ok
13:38:36.0898 1216 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:38:36.0901 1216 Rasl2tp - ok
13:38:36.0917 1216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:38:36.0919 1216 RasPppoe - ok
13:38:36.0931 1216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:38:36.0932 1216 RasSstp - ok
13:38:36.0968 1216 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:38:36.0972 1216 rdbss - ok
13:38:36.0984 1216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:38:36.0985 1216 rdpbus - ok
13:38:36.0997 1216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:38:36.0998 1216 RDPCDD - ok
13:38:37.0021 1216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:38:37.0022 1216 RDPENCDD - ok
13:38:37.0035 1216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:38:37.0036 1216 RDPREFMP - ok
13:38:37.0069 1216 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:38:37.0072 1216 RDPWD - ok
13:38:37.0106 1216 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:38:37.0107 1216 rdyboost - ok
13:38:37.0141 1216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:38:37.0142 1216 rspndr - ok
13:38:37.0200 1216 RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI\RTCore64.sys
13:38:37.0201 1216 RTCore64 - ok
13:38:37.0242 1216 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:38:37.0246 1216 RTL8167 - ok
13:38:37.0271 1216 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:38:37.0272 1216 sbp2port - ok
13:38:37.0300 1216 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:38:37.0301 1216 scfilter - ok
13:38:37.0349 1216 SCTDriverV1011 (932a176e4a8b9e94cd8633dc4926cb06) C:\Windows\system32\drivers\SCTDriverV1011.sys
13:38:37.0351 1216 SCTDriverV1011 - ok
13:38:37.0374 1216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:38:37.0375 1216 secdrv - ok
13:38:37.0402 1216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:38:37.0403 1216 Serenum - ok
13:38:37.0420 1216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:38:37.0422 1216 Serial - ok
13:38:37.0434 1216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:38:37.0434 1216 sermouse - ok
13:38:37.0465 1216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:38:37.0466 1216 sffdisk - ok
13:38:37.0477 1216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:38:37.0478 1216 sffp_mmc - ok
13:38:37.0492 1216 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:38:37.0493 1216 sffp_sd - ok
13:38:37.0503 1216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:38:37.0504 1216 sfloppy - ok
13:38:37.0531 1216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:38:37.0532 1216 SiSRaid2 - ok
13:38:37.0542 1216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:38:37.0543 1216 SiSRaid4 - ok
13:38:37.0563 1216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:38:37.0565 1216 Smb - ok
13:38:37.0590 1216 speedfan - ok
13:38:37.0602 1216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:38:37.0603 1216 spldr - ok
13:38:37.0633 1216 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:38:37.0638 1216 srv - ok
13:38:37.0652 1216 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:38:37.0656 1216 srv2 - ok
13:38:37.0668 1216 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:38:37.0670 1216 srvnet - ok
13:38:37.0699 1216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:38:37.0700 1216 stexstor - ok
13:38:37.0769 1216 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
13:38:37.0769 1216 StillCam - ok
13:38:37.0810 1216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:38:37.0811 1216 swenum - ok
13:38:37.0884 1216 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:38:37.0892 1216 Tcpip - ok
13:38:37.0938 1216 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:38:37.0951 1216 TCPIP6 - ok
13:38:37.0984 1216 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:38:37.0985 1216 tcpipreg - ok
13:38:38.0000 1216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:38:38.0001 1216 TDPIPE - ok
13:38:38.0009 1216 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:38:38.0010 1216 TDTCP - ok
13:38:38.0036 1216 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:38:38.0038 1216 tdx - ok
13:38:38.0059 1216 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:38:38.0060 1216 TermDD - ok
13:38:38.0099 1216 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:38:38.0100 1216 tssecsrv - ok
13:38:38.0135 1216 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:38:38.0136 1216 TsUsbFlt - ok
13:38:38.0173 1216 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:38:38.0175 1216 tunnel - ok
13:38:38.0190 1216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:38:38.0191 1216 uagp35 - ok
13:38:38.0227 1216 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:38:38.0231 1216 udfs - ok
13:38:38.0258 1216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:38:38.0259 1216 uliagpkx - ok
13:38:38.0290 1216 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:38:38.0291 1216 umbus - ok
13:38:38.0307 1216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:38:38.0308 1216 UmPass - ok
13:38:38.0345 1216 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:38:38.0347 1216 USBAAPL64 - ok
13:38:38.0379 1216 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:38:38.0380 1216 usbccgp - ok
13:38:38.0414 1216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:38:38.0415 1216 usbcir - ok
13:38:38.0431 1216 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:38:38.0432 1216 usbehci - ok
13:38:38.0450 1216 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:38:38.0454 1216 usbhub - ok
13:38:38.0479 1216 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:38:38.0479 1216 usbohci - ok
13:38:38.0491 1216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:38:38.0491 1216 usbprint - ok
13:38:38.0526 1216 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:38:38.0528 1216 USBSTOR - ok
13:38:38.0542 1216 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:38:38.0543 1216 usbuhci - ok
13:38:38.0577 1216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:38:38.0578 1216 vdrvroot - ok
13:38:38.0595 1216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:38:38.0597 1216 vga - ok
13:38:38.0613 1216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:38:38.0614 1216 VgaSave - ok
13:38:38.0631 1216 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:38:38.0633 1216 vhdmp - ok
13:38:38.0647 1216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:38:38.0648 1216 viaide - ok
13:38:38.0677 1216 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:38:38.0678 1216 volmgr - ok
13:38:38.0708 1216 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:38:38.0711 1216 volmgrx - ok
13:38:38.0746 1216 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:38:38.0749 1216 volsnap - ok
13:38:38.0778 1216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:38:38.0780 1216 vsmraid - ok
13:38:38.0797 1216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:38:38.0798 1216 vwifibus - ok
13:38:38.0818 1216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:38:38.0819 1216 WacomPen - ok
13:38:38.0859 1216 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:38:38.0861 1216 WANARP - ok
13:38:38.0864 1216 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:38:38.0865 1216 Wanarpv6 - ok
13:38:38.0892 1216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:38:38.0892 1216 Wd - ok
13:38:38.0910 1216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:38:38.0913 1216 Wdf01000 - ok
13:38:38.0935 1216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:38:38.0936 1216 WfpLwf - ok
13:38:38.0952 1216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:38:38.0953 1216 WIMMount - ok
13:38:39.0002 1216 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:38:39.0003 1216 WinUsb - ok
13:38:39.0026 1216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:38:39.0027 1216 WmiAcpi - ok
13:38:39.0044 1216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:38:39.0045 1216 ws2ifsl - ok
13:38:39.0088 1216 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:38:39.0090 1216 WudfPf - ok
13:38:39.0117 1216 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:38:39.0119 1216 WUDFRd - ok
13:38:39.0212 1216 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
13:38:39.0213 1216 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
13:38:39.0239 1216 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:38:39.0288 1216 \Device\Harddisk0\DR0 - ok
13:38:39.0296 1216 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
13:38:39.0337 1216 \Device\Harddisk1\DR1 - ok
13:38:39.0347 1216 Boot (0x1200) (7f083f8bcb573a4067e4f2fdbbca13c9) \Device\Harddisk0\DR0\Partition0
13:38:39.0348 1216 \Device\Harddisk0\DR0\Partition0 - ok
13:38:39.0350 1216 Boot (0x1200) (bb2c0a357e986ae4477b245afd308b51) \Device\Harddisk1\DR1\Partition0
13:38:39.0351 1216 \Device\Harddisk1\DR1\Partition0 - ok
13:38:39.0352 1216 ============================================================
13:38:39.0352 1216 Scan finished
13:38:39.0352 1216 ============================================================
13:38:39.0361 4260 Detected object count: 0
13:38:39.0361 4260 Actual detected object count: 0
13:40:55.0645 1112 Deinitialize success








aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-15 13:40:15
-----------------------------
13:40:15.659 OS Version: Windows x64 6.1.7601 Service Pack 1
13:40:15.659 Number of processors: 4 586 0x1E05
13:40:15.660 ComputerName: DUSTIN-WIN7 UserName: Dustin
13:40:16.823 Initialize success
13:41:13.064 AVAST engine defs: 12021501
13:41:19.679 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:41:19.682 Disk 0 Vendor: SAMSUNG_SP0802N/P TK300-08 Size: 76293MB BusType: 3
13:41:19.684 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
13:41:19.687 Disk 1 Vendor: WDC_WD6400AAKS-75A7B0 01.03B01 Size: 610480MB BusType: 3
13:41:19.705 Disk 1 MBR read successfully
13:41:19.708 Disk 1 MBR scan
13:41:19.712 Disk 1 Windows 7 default MBR code
13:41:19.721 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610476 MB offset 2048
13:41:19.724 Service scanning
13:41:20.780 Service MSICDSetup E:\CDriver64.sys **LOCKED** 21
13:41:21.356 Modules scanning
13:41:21.360 Disk 1 trace - called modules:
13:41:21.367 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:41:21.373 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007ae9060]
13:41:21.378 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80069a6d10]
13:41:21.383 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8007805680]
13:41:23.932 AVAST engine scan C:\Windows
13:41:27.023 AVAST engine scan C:\Windows\system32
13:43:26.699 AVAST engine scan C:\Windows\system32\drivers
13:43:34.565 AVAST engine scan C:\Users\Dustin
13:50:40.416 AVAST engine scan C:\ProgramData
13:51:53.529 Scan finished successfully
13:53:18.953 Disk 1 MBR has been saved successfully to "C:\Users\Dustin\Desktop\MBR.dat"
13:53:18.956 The log file has been saved successfully to "C:\Users\Dustin\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 15 February 2012 - 03:01 PM

How are things running right now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Futurebababooey

Futurebababooey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 15 February 2012 - 03:12 PM

So far so good! Nothing is being redirected to the "Vipsearches.net" site or anything for that matter. I hope it's finally taken care of, but I'm always waiting for it to go ahead and redirect it. One thing I noticed is that before when it would redirect me, the link you would click on that Google returned was "http...google.com/xxxxxxxx" (Replaced the obvious part with ... so the link wouldn't actually work) where the x's are a random string of numbers. I thought that was just a fancy way Google did their search results, but now it's a link "http...google.com/url?=giantencryptedmess". I don't know if any of that information is of any use, but I figured I'd tell you incase it might.

Thank you very much Gringo! You've been an amazing help! If I have anymore problems I'll be sure to tell you.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 15 February 2012 - 04:48 PM

Hello Futurebababooey

we are not done yet - just wanted to be sure that we did not have to dig deeper

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Futurebababooey

Futurebababooey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 15 February 2012 - 05:04 PM

Update for Microsoft Office 2007 (KB2508958)
µTorrent
3DMark 11
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.6
Aiseesoft Blu-ray Ripper
Apple Application Support
Apple Software Update
ASIO4ALL
Audacity 1.3.12 (Unicode)
AviSynth 2.5
Battlefield 3™
Battlefield: Bad Company 2
Battlelog Web Plugins
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ControlCenter
Coupon Printer for Windows
Crysis 2
CyberLink PowerDVD 11
D3DX10
Driver Sweeper 2.1.0
Dropbox
DVDFab 8.1.3.2 (31/10/2011) Qt
ESN Sonar
Fallout 3
Fallout Mod Manager 0.13.21
Fallout: New Vegas
ffdshow v1.1.3984 [2011-09-22]
FFmpeg for Audacity on Windows
File Uploader
Fraps (remove only)
Futuremark SystemInfo
GameSpy Comrade
Geeks3D.com FurMark 1.9.0
Google Chrome
Haali Media Splitter
HP Photo Creations
HP Photosmart Plus B210 series Help
HP Update
InstaCodecs
Internet TV for Windows Media Center
Java Auto Updater
Java™ 6 Update 24
LAME v3.98.3 for Audacity
Left 4 Dead 2
Logitech Touch Mouse Server 1.0
Malwarebytes Anti-Malware version 1.60.1.1000
Metro 2033
Microsoft Flight Simulator X
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 10.0.1 (x86 en-US)
MSI Afterburner 2.1.0
MSI Kombustor 2.0.0
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Native Instruments Controller Editor
Native Instruments Guitar Rig 4
Native Instruments GuitarRig Mobile IO Driver
Native Instruments Rig Kontrol 3 Driver
Native Instruments Service Center
Native Instruments Session IO Driver
Nikon Message Center
Notepad++
NVIDIA PhysX
OpenAL
Origin
PDF Settings CS5
Portal
Portal 2
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
SCT Device Updater
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skype Toolbars
SpeedFan (remove only)
Steam
TeamViewer 6
Ubisoft Game Launcher
Unigine Heaven DX11 Benchmark 2.5 version 2.5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
WampServer 2.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 15 February 2012 - 05:15 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.4.6
Java™ 6 Update 24
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Futurebababooey

Futurebababooey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 15 February 2012 - 05:42 PM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.15.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dustin :: DUSTIN-WIN7 [administrator]

Protection: Disabled

2/15/2012 4:32:44 PM
mbam-log-2012-02-15 (16-32-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188081
Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)








Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:37:57 PM, on 2/15/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSI\MSIAfterburner.exe
C:\Program Files (x86)\MSI\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\AVG\avgtray.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\avgtray.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Logitech Touch Mouse Server.lnk = C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DA76360-02C9-43C3-BB5F-AA85B6A64E1E}: NameServer = 208.180.42.100,208.180.42.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{5DA76360-02C9-43C3-BB5F-AA85B6A64E1E}: NameServer = 208.180.42.100,208.180.42.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{5DA76360-02C9-43C3-BB5F-AA85B6A64E1E}: NameServer = 208.180.42.100,208.180.42.68
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7096 bytes



Everything seems fine, no more redirects. One question though you may be able to help with. I've noticed the free space on my C:\ drive has gone from 220gb to 206gb in a few days. I haven't done anything that required 14gb worth of space since I downloaded Battlefield 3?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 15 February 2012 - 06:06 PM

Greetings

check it after we clear all our backups and see if it goes down

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Futurebababooey

Futurebababooey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 15 February 2012 - 09:32 PM

ESET Online Scanner found 6 threats:

C:\Program Files (x86)\RipBot\Tools\Process\Process.exe Win32/PrcView application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-26c2f88f a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\4a34b027-1681d6b6 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-26c2f88f a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\4a34b027-1681d6b6 a variant of Java/TrojanDownloader.Agent.NDJ trojan
D:\DUSTIN-WIN7\Backup Set 2012-01-15 190004\Backup Files 2012-01-15 190004\Backup files 17.zip multiple threats

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 15 February 2012 - 09:53 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Program Files (x86)\RipBot\Tools\Process\Process.exe"
    rd /s /q "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\"
    rd /s /q "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\"
    del /f /s /q "D:\DUSTIN-WIN7\Backup Set 2012-01-15 190004\Backup Files 2012-01-15 190004\Backup files 17.zip"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Futurebababooey

Futurebababooey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 15 February 2012 - 10:20 PM

Followed all the steps and all is looking good, even got a chunk of hard drive space back. Thank you very much Gringo for all your help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users