Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AOL phishing pop-up


  • This topic is locked This topic is locked
17 replies to this topic

#1 Moocowman

Moocowman

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 27 February 2012 - 11:00 PM

Hey, When I go to AOL mail and try to sign in I get a pop-up which looks genuine, but obviously isn't saying I need to fill in my credit card and PIN number etc. I have detected a few viruses over the last day or two, not sure exactly where they have come from, but I have removed them all. MSE and TDSS both come up clean yet the problem continues and web browsing is slower. <_<
Thanks in advance, been reading the forum and you guys do a great job.
Josh

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Administrator at 1:43:23 on 2012-02-28
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Wireless\Ath_CoexAgent.exe
C:\Program Files\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\system32\CxAudMsg32.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell\duo Stage\duoStage.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Spotify] "c:\users\administrator\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [AtherosBtStack] "c:\program files\dell wireless\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "c:\program files\dell wireless\bluetooth suite\AthBtTray.exe"
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [Dell Magneto Popup] c:\program files\stmicroelectronics\accelerometer-magnetometer\PopUp_DM.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Syncables] c:\program files\syncables\syncables desktop\syncables.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRunOnce: [Launcher] c:\program files\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files\dell datasafe local backup\components\dsupdate" /runas "c:\program files\dell datasafe local backup\components\dsupdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] c:\program files\dell datasafe local backup\toasterLauncher.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{53E63C2E-10B5-415E-B108-F38B0BA7AC21} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{53E63C2E-10B5-415E-B108-F38B0BA7AC21}\244584572633D223936345 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{53E63C2E-10B5-415E-B108-F38B0BA7AC21}\35B4957354839383 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{53E63C2E-10B5-415E-B108-F38B0BA7AC21}\44D455D22556769637475627 : DhcpNameServer = 146.227.1.1 146.227.1.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\windows\system32\wscript.exe "c:\program files\dell\duo stage\PinItem.vbs"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\blppyiuv.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R? AthBTPort;Atheros Virtual Bluetooth Class
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? BTATH_A2DP;Bluetooth A2DP Audio Driver
R? BTATH_HCRP;Bluetooth HCRP Server driver
R? BTATH_RCP;Bluetooth AVRCP Device
R? BtFilter;BtFilter
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? CtAudDrv;Provides advanced audio effects for audio devices.
R? CxUSBDock;Conexant USB Audio Dock Service
R? MpKslbe407e65;MpKslbe407e65
R? MpNWMon;Microsoft Malware Protection Network Driver
R? osppsvc;Office Software Protection Platform
R? PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? acpials;ALS Sensor Filter
S? Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent
S? AtherosSvc;AtherosSvc
S? BTATH_BUS;Atheros Bluetooth Bus
S? CtClsFlt;Creative Camera Class Upper Filter Driver
S? CxAudMsg;Conexant Audio Message Service
S? IAStorDataMgrSvc;Intel® Rapid Storage Technology
S? LSM303DLH;STMicroelectronicsT 3-Axis Accelerometer/Magnetometer
S? MEMSWEEP2;MEMSWEEP2
S? mfewfpk;McAfee Inc. mfewfpk
S? MpFilter;Microsoft Malware Protection Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? QWARQNet;Qwarq Virtual Miniport
S? SBSDWSCService;SBSD Security Center Service
S? SftService;SoftThinks Agent Service
S? vwififlt;Virtual WiFi Filter Driver
.
=============== Created Last 30 ================
.
2012-02-28 00:16:03 -------- d-----w- c:\program files\Sophos
2012-02-27 21:43:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-27 21:43:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-27 03:01:57 -------- d-----w- c:\programdata\Windows
2012-02-27 00:18:02 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7da7fb28-9dc6-449e-8920-f1e0a511a8b5}\mpengine.dll
2012-02-18 03:08:59 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-16 03:00:37 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 03:00:17 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 02:54:16 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 02:53:42 2340864 ----a-w- c:\windows\system32\win32k.sys
2012-02-10 21:04:10 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2012-02-10 21:03:57 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1190b73e-e3a5-4ab4-93c6-5068f2e60e36}\gapaengine.dll
.
==================== Find3M ====================
.
2012-02-18 03:09:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-18 03:09:03 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-18 03:09:03 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-18 03:09:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-18 03:09:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-18 03:09:01 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-18 03:09:01 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-18 03:09:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-18 03:09:00 367104 ----a-w- c:\windows\system32\html.iec
2012-02-18 03:08:59 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-18 03:08:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-18 03:08:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-18 03:08:58 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-18 03:08:58 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-18 03:08:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-18 03:08:57 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-18 03:08:57 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-18 03:08:57 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-18 03:08:57 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-18 03:08:56 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 1:44:20.30 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:58 PM

Posted 28 February 2012 - 02:03 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Moocowman

Moocowman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 28 February 2012 - 08:39 AM

Hello Gringo,
Thank you for your help. Have run Combofix and the AOL pop up has stopped and performance is improved. Just out of question I don't really download anything on this laptop so I can't understand how I got the malware, is there anything I can do to prevent it? I have MSE and Spybot.
Thanks,
Josh

ComboFix 12-02-27.02 - Administrator 28/02/2012 13:14:43.1.4 - x86
Running from: c:\users\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Windows
c:\programdata\windows\dumd.dat
c:\programdata\Windows\wsse.dll
c:\programdata\Windows\xdor.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 13:27 . 2012-02-28 13:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-28 04:40 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73F148AF-107F-46D8-B9F7-C33148A6305F}\mpengine.dll
2012-02-28 00:16 . 2012-02-28 01:01 -------- d-----w- c:\program files\Sophos
2012-02-27 21:43 . 2012-02-27 22:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-27 21:43 . 2012-02-27 22:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-18 03:08 . 2012-02-18 03:08 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-16 03:00 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 03:00 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 02:54 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 02:53 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
2012-02-10 21:04 . 2011-11-13 19:38 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 21:03 . 2012-02-10 21:03 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1190B73E-E3A5-4AB4-93C6-5068F2E60E36}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 06:03 . 2011-11-14 21:19 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-11-13 19:38 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 00:15 . 2011-11-13 14:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Administrator\AppData\Roaming\Spotify\Spotify.exe" [2012-01-31 4009648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-08-12 1873192]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"AtherosBtStack"="c:\program files\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2010-07-30 470176]
"AthBtTray"="c:\program files\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2010-07-30 289952]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Dell Magneto Popup"="c:\program files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe" [2010-11-03 111216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Syncables"="c:\program files\syncables\syncables desktop\syncables.exe" [2010-01-20 370480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
"DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]
"STToasterLauncher"="c:\program files\Dell DataSafe Local Backup\toasterLauncher.exe" [2010-08-12 120032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKslbe407e65;MpKslbe407e65;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DA7FB28-9DC6-449E-8920-F1E0A511A8B5}\MpKslbe407e65.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-07-30 37224]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-07-30 256360]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-07-30 177704]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-07-30 143080]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-07-31 230760]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2010-09-23 123008]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-03-24 191008]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-07 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-01-06 160720]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Dell Wireless\Ath_CoexAgent.exe [2010-05-24 151552]
S2 AtherosSvc;AtherosSvc;c:\program files\Dell Wireless\Bluetooth Suite\adminservice.exe [2010-07-30 38560]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-09-23 190592]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-07-30 28200]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]
S3 LSM303DLH;STMicroelectronics™ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\DRIVERS\LSM303DLH.sys [2010-09-21 28272]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\ECDE.tmp [x]
S3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\DRIVERS\QWARQNet.sys [2010-02-23 10624]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 26168585
*NewlyCreated* - 63297620
*NewlyCreated* - MEMSWEEP2
*NewlyCreated* - PXLDAPOD
*Deregistered* - 26168585
*Deregistered* - 63297620
*Deregistered* - pxldapod
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 07:47]
.
2012-02-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 07:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\blppyiuv.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\ECDE.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b0,e4,
a8,12,5f,30,07,ae,2e,1d,ed,08,cc,42,ea
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,3b,1b,72,61,67,
4f,47,3e,3a,63,32,48,7f,33,71,00,08,5a
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:d5,8f,9e,ce,71,f5,cc,01
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,46,5a,a7,fb,e8,de,4f,8a,2d,86,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,46,5a,a7,fb,e8,de,4f,8a,2d,86,\
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-28 13:32:30
ComboFix-quarantined-files.txt 2012-02-28 13:32
.
Pre-Run: 273,541,402,624 bytes free
Post-Run: 273,492,832,256 bytes free
.
- - End Of File - - 48739A6530916FFAF4BB29F7827FD74A

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:58 PM

Posted 28 February 2012 - 08:59 AM

Greetings

Just out of question I don't really download anything on this laptop so I can't understand how I got the malware, is there anything I can do to prevent it? I have MSE and Spybot.

we will get into that a little bit later


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Moocowman

Moocowman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 28 February 2012 - 12:07 PM

Hey, TDSS report is as follows:

Thanks, here is the TDSS report: 16:55:26.0227 4220 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
16:55:26.0495 4220 ============================================================
16:55:26.0495 4220 Current date / time: 2012/02/28 16:55:26.0495
16:55:26.0495 4220 SystemInfo:
16:55:26.0495 4220
16:55:26.0496 4220 OS Version: 6.1.7600 ServicePack: 0.0
16:55:26.0496 4220 Product type: Workstation
16:55:26.0496 4220 ComputerName: DELL-PC
16:55:26.0497 4220 UserName: Administrator
16:55:26.0497 4220 Windows directory: C:\Windows
16:55:26.0497 4220 System windows directory: C:\Windows
16:55:26.0497 4220 Processor architecture: Intel x86
16:55:26.0497 4220 Number of processors: 4
16:55:26.0497 4220 Page size: 0x1000
16:55:26.0497 4220 Boot type: Normal boot
16:55:26.0497 4220 ============================================================
16:55:31.0925 4220 !crdlk
16:55:31.0985 4220 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
16:55:32.0012 4220 \Device\Harddisk0\DR0:
16:55:32.0012 4220 MBR used
16:55:32.0012 4220 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
16:55:32.0012 4220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE000
16:55:32.0055 4220 Initialize success
16:55:32.0055 4220 ============================================================
16:55:33.0995 4768 ============================================================
16:55:33.0995 4768 Scan started
16:55:33.0995 4768 Mode: Manual;
16:55:33.0995 4768 ============================================================
16:55:34.0533 4768 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys
16:55:34.0541 4768 1394ohci - ok
16:55:34.0662 4768 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
16:55:34.0672 4768 ACPI - ok
16:55:34.0800 4768 acpials (79d6b28027c398b728ce7cd0570248b0) C:\Windows\system32\DRIVERS\acpials.sys
16:55:34.0803 4768 acpials - ok
16:55:34.0939 4768 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
16:55:34.0941 4768 AcpiPmi - ok
16:55:35.0019 4768 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:55:35.0031 4768 adp94xx - ok
16:55:35.0163 4768 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:55:35.0173 4768 adpahci - ok
16:55:35.0299 4768 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:55:35.0305 4768 adpu320 - ok
16:55:35.0497 4768 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
16:55:35.0507 4768 AFD - ok
16:55:35.0626 4768 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
16:55:35.0628 4768 agp440 - ok
16:55:35.0762 4768 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:55:35.0766 4768 aic78xx - ok
16:55:35.0940 4768 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
16:55:35.0943 4768 aliide - ok
16:55:36.0066 4768 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
16:55:36.0070 4768 amdagp - ok
16:55:36.0142 4768 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
16:55:36.0145 4768 amdide - ok
16:55:36.0287 4768 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:55:36.0290 4768 AmdK8 - ok
16:55:36.0414 4768 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:55:36.0417 4768 AmdPPM - ok
16:55:36.0518 4768 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
16:55:36.0522 4768 amdsata - ok
16:55:36.0625 4768 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:55:36.0631 4768 amdsbs - ok
16:55:36.0751 4768 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
16:55:36.0754 4768 amdxata - ok
16:55:36.0901 4768 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
16:55:36.0905 4768 AppID - ok
16:55:37.0189 4768 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:55:37.0193 4768 arc - ok
16:55:37.0319 4768 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:55:37.0323 4768 arcsas - ok
16:55:37.0445 4768 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:55:37.0448 4768 AsyncMac - ok
16:55:37.0606 4768 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
16:55:37.0608 4768 atapi - ok
16:55:37.0763 4768 AthBTPort (c71f8c212cbd7254dce59c168890da63) C:\Windows\system32\DRIVERS\btath_flt.sys
16:55:37.0767 4768 AthBTPort - ok
16:55:38.0015 4768 athr (30a3f6ec0aa3470f71f52255d9e9c681) C:\Windows\system32\DRIVERS\athr.sys
16:55:38.0059 4768 athr - ok
16:55:38.0304 4768 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:55:38.0323 4768 b06bdrv - ok
16:55:38.0446 4768 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:55:38.0453 4768 b57nd60x - ok
16:55:38.0641 4768 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:55:38.0643 4768 Beep - ok
16:55:38.0858 4768 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:55:38.0862 4768 blbdrive - ok
16:55:39.0039 4768 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
16:55:39.0045 4768 bowser - ok
16:55:39.0179 4768 BRCMDECO (a829cae879189857448f0e05c982f592) C:\Windows\system32\DRIVERS\BRCMHD32.sys
16:55:39.0188 4768 BRCMDECO - ok
16:55:39.0313 4768 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:55:39.0316 4768 BrFiltLo - ok
16:55:39.0403 4768 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:55:39.0405 4768 BrFiltUp - ok
16:55:39.0540 4768 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
16:55:39.0545 4768 BridgeMP - ok
16:55:39.0749 4768 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:55:39.0761 4768 Brserid - ok
16:55:39.0888 4768 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:55:39.0890 4768 BrSerWdm - ok
16:55:40.0017 4768 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:55:40.0020 4768 BrUsbMdm - ok
16:55:40.0123 4768 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:55:40.0126 4768 BrUsbSer - ok
16:55:40.0249 4768 BTATH_A2DP (414909ecaa306519ca9bb5cab34a4dee) C:\Windows\system32\drivers\btath_a2dp.sys
16:55:40.0259 4768 BTATH_A2DP - ok
16:55:40.0384 4768 BTATH_BUS (1386d2a1e0bc3f95e5492272f6aaec29) C:\Windows\system32\DRIVERS\btath_bus.sys
16:55:40.0387 4768 BTATH_BUS - ok
16:55:40.0526 4768 BTATH_HCRP (4d4ce30cbc8048ba630b62e35b4bb020) C:\Windows\system32\DRIVERS\btath_hcrp.sys
16:55:40.0533 4768 BTATH_HCRP - ok
16:55:40.0709 4768 BTATH_RCP (f7784f58b05838af42a0574ac701e4f6) C:\Windows\system32\DRIVERS\btath_rcp.sys
16:55:40.0720 4768 BTATH_RCP - ok
16:55:40.0902 4768 BtFilter (c75aa634a9f7bde0264f17507a15322a) C:\Windows\system32\DRIVERS\btfilter.sys
16:55:40.0910 4768 BtFilter - ok
16:55:41.0083 4768 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
16:55:41.0088 4768 BthEnum - ok
16:55:41.0208 4768 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:55:41.0213 4768 BTHMODEM - ok
16:55:41.0366 4768 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
16:55:41.0373 4768 BthPan - ok
16:55:41.0524 4768 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
16:55:41.0539 4768 BTHPORT - ok
16:55:41.0732 4768 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
16:55:41.0737 4768 BTHUSB - ok
16:55:41.0817 4768 catchme - ok
16:55:41.0944 4768 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:55:41.0950 4768 cdfs - ok
16:55:42.0089 4768 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
16:55:42.0097 4768 cdrom - ok
16:55:42.0263 4768 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:55:42.0266 4768 circlass - ok
16:55:42.0375 4768 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:55:42.0387 4768 CLFS - ok
16:55:42.0609 4768 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:55:42.0619 4768 CmBatt - ok
16:55:42.0749 4768 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
16:55:42.0752 4768 cmdide - ok
16:55:42.0873 4768 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
16:55:42.0889 4768 CNG - ok
16:55:43.0020 4768 CnxtHdAudService (a08d9a4eb4f9d2faa1d4e10bc91b695c) C:\Windows\system32\drivers\CHDRT32.sys
16:55:43.0037 4768 CnxtHdAudService - ok
16:55:43.0167 4768 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:55:43.0170 4768 Compbatt - ok
16:55:43.0284 4768 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:55:43.0290 4768 CompositeBus - ok
16:55:43.0450 4768 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:55:43.0452 4768 crcdisk - ok
16:55:43.0658 4768 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
16:55:43.0667 4768 CtAudDrv - ok
16:55:43.0802 4768 CtClsFlt (ceba8413f9b2c73a4e9e16dbd127dc25) C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:55:43.0807 4768 CtClsFlt - ok
16:55:44.0131 4768 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
16:55:44.0138 4768 DfsC - ok
16:55:44.0313 4768 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:55:44.0316 4768 discache - ok
16:55:44.0471 4768 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:55:44.0474 4768 Disk - ok
16:55:44.0696 4768 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:55:44.0701 4768 drmkaud - ok
16:55:44.0857 4768 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
16:55:44.0876 4768 DXGKrnl - ok
16:55:45.0181 4768 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:55:45.0229 4768 ebdrv - ok
16:55:45.0493 4768 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:55:45.0503 4768 elxstor - ok
16:55:45.0637 4768 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
16:55:45.0639 4768 ErrDev - ok
16:55:45.0895 4768 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:55:45.0912 4768 exfat - ok
16:55:46.0084 4768 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:55:46.0093 4768 fastfat - ok
16:55:46.0273 4768 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:55:46.0274 4768 fdc - ok
16:55:46.0475 4768 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:55:46.0479 4768 FileInfo - ok
16:55:46.0621 4768 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:55:46.0625 4768 Filetrace - ok
16:55:46.0758 4768 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:55:46.0760 4768 flpydisk - ok
16:55:46.0862 4768 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:55:46.0870 4768 FltMgr - ok
16:55:47.0108 4768 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:55:47.0113 4768 FsDepends - ok
16:55:47.0255 4768 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
16:55:47.0259 4768 Fs_Rec - ok
16:55:47.0392 4768 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
16:55:47.0399 4768 fvevol - ok
16:55:47.0546 4768 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:55:47.0549 4768 gagp30kx - ok
16:55:47.0716 4768 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:55:47.0719 4768 hcw85cir - ok
16:55:47.0873 4768 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:55:47.0880 4768 HDAudBus - ok
16:55:48.0018 4768 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:55:48.0020 4768 HidBatt - ok
16:55:48.0145 4768 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:55:48.0149 4768 HidBth - ok
16:55:48.0280 4768 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:55:48.0282 4768 HidIr - ok
16:55:48.0472 4768 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
16:55:48.0477 4768 HidUsb - ok
16:55:48.0692 4768 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:55:48.0694 4768 HpSAMD - ok
16:55:48.0809 4768 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
16:55:48.0824 4768 HTTP - ok
16:55:48.0947 4768 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
16:55:48.0951 4768 hwpolicy - ok
16:55:49.0114 4768 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
16:55:49.0118 4768 i8042prt - ok
16:55:49.0264 4768 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
16:55:49.0272 4768 iaStor - ok
16:55:49.0438 4768 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
16:55:49.0455 4768 iaStorV - ok
16:55:49.0751 4768 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:55:49.0820 4768 igfx - ok
16:55:49.0943 4768 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:55:49.0945 4768 iirsp - ok
16:55:50.0160 4768 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
16:55:50.0162 4768 intelide - ok
16:55:50.0303 4768 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:55:50.0306 4768 intelppm - ok
16:55:50.0486 4768 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:55:50.0490 4768 IpFilterDriver - ok
16:55:50.0671 4768 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:55:50.0674 4768 IPMIDRV - ok
16:55:50.0807 4768 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:55:50.0814 4768 IPNAT - ok
16:55:50.0959 4768 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:55:50.0962 4768 IRENUM - ok
16:55:51.0084 4768 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
16:55:51.0087 4768 isapnp - ok
16:55:51.0225 4768 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
16:55:51.0230 4768 iScsiPrt - ok
16:55:51.0370 4768 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:55:51.0377 4768 kbdclass - ok
16:55:51.0518 4768 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
16:55:51.0521 4768 kbdhid - ok
16:55:51.0725 4768 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
16:55:51.0730 4768 KSecDD - ok
16:55:51.0879 4768 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
16:55:51.0885 4768 KSecPkg - ok
16:55:52.0157 4768 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:55:52.0162 4768 lltdio - ok
16:55:52.0391 4768 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:55:52.0395 4768 LSI_FC - ok
16:55:52.0523 4768 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:55:52.0531 4768 LSI_SAS - ok
16:55:52.0665 4768 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:55:52.0667 4768 LSI_SAS2 - ok
16:55:52.0795 4768 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:55:52.0799 4768 LSI_SCSI - ok
16:55:52.0944 4768 LSM303DLH (558c83bcfb81950d91a607997d177288) C:\Windows\system32\DRIVERS\LSM303DLH.sys
16:55:52.0947 4768 LSM303DLH - ok
16:55:53.0131 4768 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:55:53.0136 4768 luafv - ok
16:55:53.0329 4768 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:55:53.0332 4768 megasas - ok
16:55:53.0493 4768 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:55:53.0497 4768 MegaSR - ok
16:55:53.0623 4768 MEMSWEEP2 - ok
16:55:53.0769 4768 mfewfpk (13e2f035cdfa0c4729fbcb3a47c20d66) C:\Windows\system32\drivers\mfewfpk.sys
16:55:53.0774 4768 mfewfpk - ok
16:55:53.0951 4768 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:55:53.0958 4768 Modem - ok
16:55:54.0091 4768 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:55:54.0094 4768 monitor - ok
16:55:54.0225 4768 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:55:54.0230 4768 mouclass - ok
16:55:54.0359 4768 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:55:54.0361 4768 mouhid - ok
16:55:54.0446 4768 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
16:55:54.0449 4768 mountmgr - ok
16:55:54.0581 4768 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
16:55:54.0587 4768 MpFilter - ok
16:55:54.0733 4768 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
16:55:54.0738 4768 mpio - ok
16:55:54.0873 4768 MpKslbe407e65 - ok
16:55:55.0022 4768 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:55:55.0024 4768 MpNWMon - ok
16:55:55.0185 4768 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:55:55.0190 4768 mpsdrv - ok
16:55:55.0368 4768 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
16:55:55.0374 4768 MRxDAV - ok
16:55:55.0529 4768 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:55:55.0542 4768 mrxsmb - ok
16:55:55.0701 4768 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:55:55.0709 4768 mrxsmb10 - ok
16:55:55.0848 4768 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:55:55.0855 4768 mrxsmb20 - ok
16:55:55.0982 4768 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
16:55:55.0985 4768 msahci - ok
16:55:56.0129 4768 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
16:55:56.0132 4768 msdsm - ok
16:55:56.0324 4768 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:55:56.0328 4768 Msfs - ok
16:55:56.0449 4768 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:55:56.0454 4768 mshidkmdf - ok
16:55:56.0577 4768 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
16:55:56.0581 4768 msisadrv - ok
16:55:56.0794 4768 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:55:56.0797 4768 MSKSSRV - ok
16:55:57.0024 4768 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:55:57.0029 4768 MSPCLOCK - ok
16:55:57.0133 4768 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:55:57.0136 4768 MSPQM - ok
16:55:57.0269 4768 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:55:57.0276 4768 MsRPC - ok
16:55:57.0409 4768 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
16:55:57.0414 4768 mssmbios - ok
16:55:57.0550 4768 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:55:57.0554 4768 MSTEE - ok
16:55:57.0696 4768 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:55:57.0698 4768 MTConfig - ok
16:55:57.0835 4768 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:55:57.0840 4768 Mup - ok
16:55:58.0063 4768 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:55:58.0072 4768 NativeWifiP - ok
16:55:58.0219 4768 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
16:55:58.0242 4768 NDIS - ok
16:55:58.0370 4768 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:55:58.0374 4768 NdisCap - ok
16:55:58.0493 4768 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:55:58.0498 4768 NdisTapi - ok
16:55:58.0637 4768 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
16:55:58.0641 4768 Ndisuio - ok
16:55:58.0770 4768 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
16:55:58.0776 4768 NdisWan - ok
16:55:58.0912 4768 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
16:55:58.0917 4768 NDProxy - ok
16:55:59.0053 4768 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:55:59.0057 4768 NetBIOS - ok
16:55:59.0192 4768 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
16:55:59.0203 4768 NetBT - ok
16:55:59.0502 4768 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:55:59.0506 4768 nfrd960 - ok
16:55:59.0639 4768 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:55:59.0643 4768 NisDrv - ok
16:55:59.0857 4768 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:55:59.0862 4768 Npfs - ok
16:56:00.0040 4768 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:56:00.0044 4768 nsiproxy - ok
16:56:00.0237 4768 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
16:56:00.0271 4768 Ntfs - ok
16:56:00.0417 4768 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:56:00.0419 4768 Null - ok
16:56:00.0554 4768 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
16:56:00.0560 4768 nvraid - ok
16:56:00.0701 4768 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
16:56:00.0705 4768 nvstor - ok
16:56:00.0804 4768 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
16:56:00.0808 4768 nv_agp - ok
16:56:00.0906 4768 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
16:56:00.0910 4768 ohci1394 - ok
16:56:01.0252 4768 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:56:01.0255 4768 Parport - ok
16:56:01.0372 4768 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
16:56:01.0376 4768 partmgr - ok
16:56:01.0462 4768 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:56:01.0464 4768 Parvdm - ok
16:56:01.0638 4768 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
16:56:01.0646 4768 pci - ok
16:56:01.0782 4768 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
16:56:01.0783 4768 pciide - ok
16:56:01.0930 4768 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:56:01.0934 4768 pcmcia - ok
16:56:02.0063 4768 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:56:02.0066 4768 pcw - ok
16:56:02.0216 4768 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:56:02.0234 4768 PEAUTH - ok
16:56:02.0756 4768 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:56:02.0760 4768 PptpMiniport - ok
16:56:02.0851 4768 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:56:02.0854 4768 Processor - ok
16:56:03.0103 4768 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:56:03.0108 4768 Psched - ok
16:56:03.0259 4768 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:56:03.0282 4768 ql2300 - ok
16:56:03.0422 4768 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:56:03.0425 4768 ql40xx - ok
16:56:03.0549 4768 QWARQNet (03a79a2cf1fd2caf00ccafaa55d01da1) C:\Windows\system32\DRIVERS\QWARQNet.sys
16:56:03.0552 4768 QWARQNet - ok
16:56:03.0725 4768 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:56:03.0731 4768 QWAVEdrv - ok
16:56:03.0822 4768 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:56:03.0826 4768 RasAcd - ok
16:56:03.0948 4768 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:56:03.0951 4768 RasAgileVpn - ok
16:56:04.0112 4768 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:56:04.0117 4768 Rasl2tp - ok
16:56:04.0297 4768 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:56:04.0302 4768 RasPppoe - ok
16:56:04.0417 4768 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:56:04.0422 4768 RasSstp - ok
16:56:04.0568 4768 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
16:56:04.0575 4768 rdbss - ok
16:56:04.0708 4768 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:56:04.0710 4768 rdpbus - ok
16:56:04.0825 4768 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:56:04.0829 4768 RDPCDD - ok
16:56:04.0962 4768 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:56:04.0965 4768 RDPENCDD - ok
16:56:05.0125 4768 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:56:05.0129 4768 RDPREFMP - ok
16:56:05.0212 4768 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
16:56:05.0221 4768 RDPWD - ok
16:56:05.0345 4768 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
16:56:05.0352 4768 rdyboost - ok
16:56:05.0557 4768 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
16:56:05.0562 4768 RFCOMM - ok
16:56:05.0676 4768 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
16:56:05.0679 4768 RimUsb - ok
16:56:05.0799 4768 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
16:56:05.0802 4768 RimVSerPort - ok
16:56:05.0890 4768 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
16:56:05.0893 4768 ROOTMODEM - ok
16:56:06.0144 4768 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:56:06.0150 4768 rspndr - ok
16:56:06.0285 4768 RSUSBSTOR (a633399432491bb173bb3cf3b41b9c55) C:\Windows\System32\Drivers\RtsUStor.sys
16:56:06.0289 4768 RSUSBSTOR - ok
16:56:06.0453 4768 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
16:56:06.0456 4768 sbp2port - ok
16:56:06.0661 4768 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
16:56:06.0668 4768 scfilter - ok
16:56:06.0912 4768 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:56:06.0914 4768 secdrv - ok
16:56:07.0189 4768 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:56:07.0193 4768 Serenum - ok
16:56:07.0325 4768 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:56:07.0328 4768 Serial - ok
16:56:07.0459 4768 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:56:07.0463 4768 sermouse - ok
16:56:07.0693 4768 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
16:56:07.0695 4768 sffdisk - ok
16:56:07.0781 4768 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:56:07.0783 4768 sffp_mmc - ok
16:56:07.0910 4768 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:56:07.0912 4768 sffp_sd - ok
16:56:08.0052 4768 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:56:08.0053 4768 sfloppy - ok
16:56:08.0336 4768 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
16:56:08.0340 4768 sisagp - ok
16:56:08.0422 4768 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:56:08.0426 4768 SiSRaid2 - ok
16:56:08.0539 4768 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:56:08.0545 4768 SiSRaid4 - ok
16:56:08.0648 4768 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:56:08.0654 4768 Smb - ok
16:56:08.0878 4768 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:56:08.0881 4768 spldr - ok
16:56:09.0174 4768 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
16:56:09.0184 4768 srv - ok
16:56:09.0318 4768 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
16:56:09.0326 4768 srv2 - ok
16:56:09.0415 4768 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
16:56:09.0420 4768 srvnet - ok
16:56:09.0624 4768 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:56:09.0626 4768 stexstor - ok
16:56:09.0806 4768 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
16:56:09.0809 4768 swenum - ok
16:56:10.0011 4768 SynTP (957539e35bcd76d4ef08df5136c6d382) C:\Windows\system32\DRIVERS\SynTP.sys
16:56:10.0028 4768 SynTP - ok
16:56:10.0317 4768 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
16:56:10.0340 4768 Tcpip - ok
16:56:10.0497 4768 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
16:56:10.0519 4768 TCPIP6 - ok
16:56:10.0676 4768 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
16:56:10.0681 4768 tcpipreg - ok
16:56:10.0841 4768 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
16:56:10.0845 4768 TDPIPE - ok
16:56:10.0922 4768 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
16:56:10.0929 4768 TDTCP - ok
16:56:11.0047 4768 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
16:56:11.0053 4768 tdx - ok
16:56:11.0174 4768 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
16:56:11.0178 4768 TermDD - ok
16:56:11.0517 4768 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:56:11.0521 4768 tssecsrv - ok
16:56:11.0657 4768 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
16:56:11.0663 4768 tunnel - ok
16:56:11.0748 4768 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:56:11.0753 4768 uagp35 - ok
16:56:11.0879 4768 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
16:56:11.0890 4768 udfs - ok
16:56:12.0097 4768 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:56:12.0100 4768 uliagpkx - ok
16:56:12.0223 4768 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
16:56:12.0226 4768 umbus - ok
16:56:12.0338 4768 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:56:12.0343 4768 UmPass - ok
16:56:12.0499 4768 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
16:56:12.0505 4768 usbccgp - ok
16:56:12.0642 4768 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
16:56:12.0646 4768 usbcir - ok
16:56:12.0750 4768 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys
16:56:12.0754 4768 usbehci - ok
16:56:12.0887 4768 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
16:56:12.0894 4768 usbhub - ok
16:56:13.0012 4768 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
16:56:13.0016 4768 usbohci - ok
16:56:13.0113 4768 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:56:13.0116 4768 usbprint - ok
16:56:13.0251 4768 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:56:13.0256 4768 USBSTOR - ok
16:56:13.0359 4768 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys
16:56:13.0365 4768 usbuhci - ok
16:56:13.0476 4768 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
16:56:13.0481 4768 usbvideo - ok
16:56:13.0702 4768 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:56:13.0705 4768 vdrvroot - ok
16:56:13.0898 4768 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:56:13.0901 4768 vga - ok
16:56:14.0033 4768 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:56:14.0038 4768 VgaSave - ok
16:56:14.0124 4768 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
16:56:14.0127 4768 vhdmp - ok
16:56:14.0233 4768 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
16:56:14.0237 4768 viaagp - ok
16:56:14.0343 4768 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:56:14.0347 4768 ViaC7 - ok
16:56:14.0457 4768 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
16:56:14.0460 4768 viaide - ok
16:56:14.0602 4768 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
16:56:14.0609 4768 volmgr - ok
16:56:14.0750 4768 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:56:14.0757 4768 volmgrx - ok
16:56:14.0886 4768 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
16:56:14.0894 4768 volsnap - ok
16:56:15.0026 4768 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:56:15.0031 4768 vsmraid - ok
16:56:15.0250 4768 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
16:56:15.0254 4768 vwifibus - ok
16:56:15.0384 4768 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
16:56:15.0388 4768 vwififlt - ok
16:56:15.0592 4768 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:56:15.0595 4768 WacomPen - ok
16:56:15.0735 4768 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:56:15.0738 4768 WANARP - ok
16:56:15.0787 4768 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:56:15.0789 4768 Wanarpv6 - ok
16:56:16.0084 4768 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:56:16.0087 4768 Wd - ok
16:56:16.0174 4768 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:56:16.0185 4768 Wdf01000 - ok
16:56:16.0522 4768 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:56:16.0526 4768 WfpLwf - ok
16:56:16.0718 4768 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
16:56:16.0723 4768 WimFltr - ok
16:56:16.0875 4768 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:56:16.0879 4768 WIMMount - ok
16:56:17.0397 4768 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:56:17.0405 4768 WmiAcpi - ok
16:56:17.0744 4768 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:56:17.0746 4768 ws2ifsl - ok
16:56:18.0026 4768 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
16:56:18.0030 4768 WudfPf - ok
16:56:18.0169 4768 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:56:18.0173 4768 WUDFRd - ok
16:56:18.0397 4768 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:56:18.0494 4768 \Device\Harddisk0\DR0 - ok
16:56:18.0504 4768 Boot (0x1200) (7d6555d08b9a43be1cf1e7d774f459a4) \Device\Harddisk0\DR0\Partition0
16:56:18.0509 4768 \Device\Harddisk0\DR0\Partition0 - ok
16:56:18.0537 4768 Boot (0x1200) (4fdbdc15148ef8be6155a1c049842490) \Device\Harddisk0\DR0\Partition1
16:56:18.0540 4768 \Device\Harddisk0\DR0\Partition1 - ok
16:56:18.0542 4768 ============================================================
16:56:18.0542 4768 Scan finished
16:56:18.0542 4768 ============================================================
16:56:18.0608 4160 Detected object count: 0
16:56:18.0608 4160 Actual detected object count: 0



------------------------------------------------------------------------------------------------

ASWMBR, however, came back with this when I tried to run a scan:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-28 17:02:28
-----------------------------
17:02:28.640 OS Version: Windows 6.1.7600
17:02:28.640 Number of processors: 4 586 0x1C0A
17:02:28.650 ComputerName: DELL-PC UserName:
17:02:31.260 Initialze error C0000017 - driver not loaded
17:02:42.930 AVAST engine defs: 12022801
17:02:50.180 Scan error: Incorrect function.
17:03:48.074 The log file has been saved successfully to "C:\Users\Administrator\Documents\aswMBR-error.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:58 PM

Posted 28 February 2012 - 07:24 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Moocowman

Moocowman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 29 February 2012 - 08:30 AM

Computer is running fine, no problems to report. Was the ASWMBR error I got anything to worryabout?
Here is the Combofix log:



ComboFix 12-02-27.02 - Administrator 29/02/2012 12:43:18.3.4 - x86
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 12:55 . 2012-02-29 12:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-29 05:16 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C92AA52D-0923-4AF9-933A-D46BC2574F26}\mpengine.dll
2012-02-28 00:16 . 2012-02-28 01:01 -------- d-----w- c:\program files\Sophos
2012-02-27 21:43 . 2012-02-27 22:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-27 21:43 . 2012-02-27 22:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-18 03:08 . 2012-02-18 03:08 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-16 03:00 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 03:00 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 02:54 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 02:53 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
2012-02-10 21:04 . 2011-11-13 19:38 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 21:03 . 2012-02-10 21:03 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1190B73E-E3A5-4AB4-93C6-5068F2E60E36}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 06:03 . 2011-11-14 21:19 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-11-13 19:38 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 00:15 . 2011-11-13 14:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Administrator\AppData\Roaming\Spotify\Spotify.exe" [2012-01-31 4009648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-08-12 1873192]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"AtherosBtStack"="c:\program files\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2010-07-30 470176]
"AthBtTray"="c:\program files\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2010-07-30 289952]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Dell Magneto Popup"="c:\program files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe" [2010-11-03 111216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Syncables"="c:\program files\syncables\syncables desktop\syncables.exe" [2010-01-20 370480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
"DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]
"STToasterLauncher"="c:\program files\Dell DataSafe Local Backup\toasterLauncher.exe" [2010-08-12 120032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKslbe407e65;MpKslbe407e65;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DA7FB28-9DC6-449E-8920-F1E0A511A8B5}\MpKslbe407e65.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-07-30 37224]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-07-30 256360]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-07-30 177704]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-07-30 143080]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-07-31 230760]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2010-09-23 123008]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-03-24 191008]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-07 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-01-06 160720]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Dell Wireless\Ath_CoexAgent.exe [2010-05-24 151552]
S2 AtherosSvc;AtherosSvc;c:\program files\Dell Wireless\Bluetooth Suite\adminservice.exe [2010-07-30 38560]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-09-23 190592]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-07-30 28200]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]
S3 LSM303DLH;STMicroelectronics™ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\DRIVERS\LSM303DLH.sys [2010-09-21 28272]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\ECDE.tmp [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\DRIVERS\QWARQNet.sys [2010-02-23 10624]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 26168585
*NewlyCreated* - 63297620
*NewlyCreated* - MEMSWEEP2
*NewlyCreated* - PXLDAPOD
*Deregistered* - 26168585
*Deregistered* - 63297620
*Deregistered* - pxldapod
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 07:47]
.
2012-02-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 07:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\blppyiuv.default\
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\ECDE.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b0,e4,
a8,12,5f,30,07,ae,2e,1d,ed,08,cc,42,ea
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,3b,1b,72,61,67,
4f,47,3e,3a,63,32,48,7f,33,71,00,08,5a
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:d5,8f,9e,ce,71,f5,cc,01
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,46,5a,a7,fb,e8,de,4f,8a,2d,86,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,46,5a,a7,fb,e8,de,4f,8a,2d,86,\
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-655426387-3815968238-2466293906-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-29 13:00:18
ComboFix-quarantined-files.txt 2012-02-29 13:00
ComboFix2.txt 2012-02-28 13:32
.
Pre-Run: 273,281,454,080 bytes free
Post-Run: 273,342,734,336 bytes free
.
- - End Of File - - EB02745274C659785A9B68DC90A9719E

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:58 PM

Posted 29 February 2012 - 10:31 AM

Hello

No it is nothing to worry about


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.1.2
Java™ 6 Update 22
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Moocowman

Moocowman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 29 February 2012 - 04:05 PM

Hey, Computer is still running fine. MBAM Log:


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.29.04

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: DELL-PC [administrator]

Protection: Enabled

29/02/2012 20:46:56
mbam-log-2012-02-29 (20-46-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 177891
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

----------------------------------------

(end)

HiJack this log:


-----------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:58:11, on 29/02/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\duo Stage\duoStage.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Dell Magneto Popup] C:\Program Files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
O4 - HKLM\..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\syncables.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Spotify] "C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - Global Startup: Dell duo Stage.lnk = C:\Program Files\Dell\duo Stage\duoStage.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Dell Wireless\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: @C:\Windows\system32\CxAudMsg32.exe,-100 (CxAudMsg) - Conexant Systems Inc. - C:\Windows\system32\CxAudMsg32.exe
O23 - Service: @C:\Windows\system32\CxUSBDock32.exe,-100 (CxUSBDock) - Conexant Systems Inc. - C:\Windows\system32\CxUSBDock32.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE

--
End of file - 9724 bytes

#10 Moocowman

Moocowman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 29 February 2012 - 06:17 PM

Just to update, I realised now none of the function keys that F1-F12 double up as are working like they used to after those last fixes, this includes the screen brightness and volume controls etc. Basically, I have to hold down the function key and the one of the F1-11 keys to get the function, whereas I never used to hold the function key aswell. Not massive I know, but just noticed it.

Edited by Moocowman, 29 February 2012 - 06:37 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:58 PM

Posted 01 March 2012 - 12:18 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Dell Magneto Popup] C:\Program Files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Spotify] "C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
      O4 - Global Startup: Dell duo Stage.lnk = C:\Program Files\Dell\duo Stage\duoStage.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:58 PM

Posted 03 March 2012 - 11:36 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Moocowman

Moocowman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 07 March 2012 - 08:04 AM

Hey, sorry, just doing the fixes now, not had chance so Please don't remove thread.
Josh

#14 Moocowman

Moocowman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 07 March 2012 - 08:34 AM

I decided not to fix any of the stuff on HiJack, just out of paranoia. ESET scanner won't work, i get after the agreement page and it doesn't load I just get a small icon in the top left hand corner of the page.
Josh

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:58 PM

Posted 07 March 2012 - 09:07 AM

Hello

try resetting IE - go here and scroll down and click on show all and click on the fix-it button - http://windows.microsoft.com/en-US/windows-vista/Reset-Internet-Explorer-8-settings


if that does not work then try this one

F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go HERE to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new window

    In Interner Explorer
  • It will require an activex control, please install it
  • Click Accept

  • In Firefox
  • It will require an Add-on to be installed, please install it
  • Order to install the Add-on Firefox needs to be restarted, please do so
[*]Click Full System Scan
[*]It will now download the scanner this may take a while please be patient
[*]It will then start scanning wait for the scan to finish
[*]Click Automatic cleaning (recommended)
[*]Wait for it finish the cleaning process
[*]Click show report
[*]This will open up a window with the results of the scan copy and paste those results as a reply to this topic[/list]

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users