Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Redirect to gimmeanswers.org et al. in Firefox


  • This topic is locked This topic is locked
20 replies to this topic

#1 boxthirteen

boxthirteen

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 18 March 2012 - 10:13 AM

I have a persistent problem with searches in Firefox (and perhaps other installed browsers) being redirected to pseudo-search sites such as gimmeanswers.org and happili.com. Usually the first click redirects, then retrying the link produces the correct linked site. I am receiving a warning from Win7 that I need to find an anti-virus program online. (Avira, which has been installed on all of my PCs, seems to have disappeared, along with CCleaner.) I have tried other routines for removal posted in reputable forums, but they have not been successful. Expert help would be greatly appreciated!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Tom at 11:02:03 on 2012-03-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3344 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIBIA.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [EPSON Stylus CX6000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBIA.EXE /FU "C:\Users\Tom\AppData\Local\Temp\E_S7BA3.tmp" /EF "HKCU"
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SNM] C:\Program Files (x86)\SpyNoMore\SNM.exe /startup
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C6C8B07C-9287-4153-93A8-B5AF406BC374} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C6C8B07C-9287-4153-93A8-B5AF406BC374}\46C696E6B6 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: GamesBarBHO Class: {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB-X64: GamesBar: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SNM] C:\Program Files (x86)\SpyNoMore\SNM.exe /startup
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\uy9vmnln.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://mlb.mlb.com/index.jsp|http://forums.mocksports.com/phpbb/index.php|http://news.cincinnati.com/|http://us.mc319.mail.yahoo.com/mc/welcome?.gx=1&.tm=1269948851&.rand=8qf94jgjpa4fr#_pg=showFolder;_ylc=X3oDMTBuZWpiMG10BF9TAzM5ODMwMTAxNARhYwNkZWxNc2dz&&filterBy=&fid=Inbox&.rand=74136321&nsc&hash=bf7ba494d4f4dfac8e627b106fba291d&.jsrand=4844542
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\uy9vmnln.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Tom\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE [2012-2-20 240408]
R3 EuDisk;EASEUS Disk Enumerator;C:\Windows\system32\DRIVERS\EuDisk.sys --> C:\Windows\system32\DRIVERS\EuDisk.sys [?]
R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\Dnetr28ux.sys --> C:\Windows\system32\DRIVERS\Dnetr28ux.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TotRec8;Total Recorder WDM audio filter driver;\??\C:\Windows\system32\drivers\TotRec8.sys --> C:\Windows\system32\drivers\TotRec8.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE [2012-2-20 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S3 EUDSKACS;EUDSKACS;C:\Windows\SysWOW64\drivers\eudskacs.sys [2010-7-25 17800]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-18 13:14:53 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D9A0EB03-857B-4DD0-B8A6-225BE6AFC934}\offreg.dll
2012-03-18 13:04:21 1152 ----a-w- C:\Windows\SysWow64\windrv.sys
2012-03-18 13:04:12 -------- d-----w- C:\Program Files (x86)\SpyNoMore
2012-03-18 05:27:45 -------- d-----w- C:\Users\Tom\AppData\Roaming\SUPERAntiSpyware.com
2012-03-18 05:27:12 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-18 05:27:12 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-17 17:20:28 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 17:20:28 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 16:08:32 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D9A0EB03-857B-4DD0-B8A6-225BE6AFC934}\mpengine.dll
2012-03-15 20:15:33 5679896 ----a-w- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.364.0oemBingBarSetup-Partner.EXE
2012-03-15 07:02:48 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 07:02:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 07:02:47 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 07:20:57 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 07:20:56 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 07:20:56 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 07:20:13 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 07:20:13 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 07:20:13 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 07:20:04 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 07:20:04 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 07:20:04 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 07:20:04 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2012-03-15 11:15:45 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-20 14:58:12 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 11:02:21.86 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:28 PM

Posted 18 March 2012 - 01:48 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Backup The Computer!!

If you have not done it yet spend a few minutes to backup the computer. Removing malware can be unpredictable and this may save you and me allot of grief later.

There is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the computer backed up you may do the following.


Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 boxthirteen

boxthirteen
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 19 March 2012 - 06:08 AM

ComboFix log follows:

ComboFix 12-03-17.01 - Tom 03/18/2012 19:39:05.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4502 [GMT -4:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SysWoW32
c:\programdata\SysWoW32\wu916076738v0
c:\programdata\SysWoW32\wu916076738v0.kwd
c:\programdata\unrar.exe
c:\users\Alex\AppData\Roaming\inst.exe
c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fg05840o.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}
c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fg05840o.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\chrome.manifest
c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fg05840o.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\chrome\xulcache.jar
c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fg05840o.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\defaults\preferences\xulcache.js
c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fg05840o.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\install.rdf
c:\users\Alex\AppData\Roaming\vso_ts_preview.xml
c:\users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\dcsq9s7w.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}
c:\users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\dcsq9s7w.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\chrome.manifest
c:\users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\dcsq9s7w.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\chrome\xulcache.jar
c:\users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\dcsq9s7w.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\defaults\preferences\xulcache.js
c:\users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\dcsq9s7w.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\install.rdf
c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8vk1vs38.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}
c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8vk1vs38.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\chrome.manifest
c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8vk1vs38.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\chrome\xulcache.jar
c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8vk1vs38.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\defaults\preferences\xulcache.js
c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8vk1vs38.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\install.rdf
c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\uy9vmnln.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}
c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\uy9vmnln.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\chrome.manifest
c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\uy9vmnln.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\chrome\xulcache.jar
c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\uy9vmnln.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\defaults\preferences\xulcache.js
c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\uy9vmnln.default\extensions\{267af1e6-4e2b-4122-8eff-02498d5cea29}\install.rdf
c:\windows\SysWow64\windrv.sys
D:\Autorun.inf
E:\update.exe
M:\Autorun.inf
M:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-19 to 2012-03-19 )))))))))))))))))))))))))))))))
.
.
2012-03-18 23:54 . 2012-03-19 00:04 -------- d-----w- c:\users\Alex\AppData\Local\temp
2012-03-18 23:54 . 2012-03-18 23:54 -------- d-----w- c:\users\Stephanie\AppData\Local\temp
2012-03-18 19:05 . 2012-03-18 19:05 -------- d-----w- c:\program files (x86)\Runtime Software
2012-03-18 13:04 . 2012-03-18 13:04 -------- d-----w- c:\program files (x86)\SpyNoMore
2012-03-18 05:27 . 2012-03-18 05:27 -------- d-----w- c:\users\Tom\AppData\Roaming\SUPERAntiSpyware.com
2012-03-18 05:27 . 2012-03-18 05:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-18 05:27 . 2012-03-18 05:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-17 17:20 . 2012-03-17 17:20 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 17:20 . 2012-03-17 17:20 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 16:08 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9A0EB03-857B-4DD0-B8A6-225BE6AFC934}\mpengine.dll
2012-03-16 05:19 . 2012-03-16 05:20 -------- d-----w- c:\users\Alex\AppData\Roaming\TS3Client
2012-03-16 05:19 . 2012-03-16 05:19 -------- d-----w- c:\users\Alex\AppData\Local\TeamSpeak 3 Client
2012-03-15 20:15 . 2012-03-15 20:15 5679896 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.364.0oemBingBarSetup-Partner.EXE
2012-03-15 07:02 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 07:02 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 07:02 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 07:20 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:20 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:20 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 07:20 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 07:20 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:20 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:20 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 07:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 07:20 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:20 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-20 14:58 . 2012-02-20 14:58 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 11:15 . 2011-05-18 10:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2010-02-06 04:55 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 14:58 . 2010-06-11 01:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44 . 2012-02-15 23:19 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 23:19 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 23:19 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 23:19 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 23:19 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-10-28 273528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SNM"="c:\program files (x86)\SpyNoMore\SNM.exe" [2011-12-23 1003856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R3 EUDSKACS;EUDSKACS;c:\windows\sysWow64\drivers\eudskacs.sys [2009-12-02 17800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 EUBAKUP;EUBAKUP;c:\windows\sysWow64\drivers\eubakup.sys [2009-12-02 30600]
S0 EUFS;EUFS;c:\windows\sysWow64\drivers\eufs.sys [2009-12-02 26504]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe [2012-02-20 193816]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe [2012-02-20 240408]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [x]
S3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28ux.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Installer.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\shell\AutoRun\command - L:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3925274407-2279627853-2444153687-1004Core.job
- c:\users\Nora\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 14:32]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3925274407-2279627853-2444153687-1004UA.job
- c:\users\Nora\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 14:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fg05840o.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://cincinnati.reds.mlb.com/index.jsp?c_id=cin
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-03-18 20:15:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-19 00:15
.
Pre-Run: 420,894,044,160 bytes free
Post-Run: 422,364,348,416 bytes free
.
- - End Of File - - 2D9330EBA578465307768C651CB35EEE

The search redirection appears to have been stopped. I've tried searches using both Yahoo! and Google and results I've tested link to the actual sites listed, not the pseudo-sites. No new problems have surfaced that I have experienced.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:28 PM

Posted 19 March 2012 - 07:07 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 boxthirteen

boxthirteen
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 19 March 2012 - 10:35 PM

From TDSSKiller:

22:51:00.0699 1252 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
22:51:00.0964 1252 ============================================================
22:51:00.0964 1252 Current date / time: 2012/03/19 22:51:00.0964
22:51:00.0964 1252 SystemInfo:
22:51:00.0964 1252
22:51:00.0964 1252 OS Version: 6.1.7601 ServicePack: 1.0
22:51:00.0964 1252 Product type: Workstation
22:51:00.0964 1252 ComputerName: AUG012009
22:51:00.0964 1252 UserName: Tom
22:51:00.0964 1252 Windows directory: C:\Windows
22:51:00.0964 1252 System windows directory: C:\Windows
22:51:00.0964 1252 Running under WOW64
22:51:00.0964 1252 Processor architecture: Intel x64
22:51:00.0964 1252 Number of processors: 4
22:51:00.0964 1252 Page size: 0x1000
22:51:00.0964 1252 Boot type: Normal boot
22:51:00.0964 1252 ============================================================
22:51:02.0118 1252 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:51:02.0149 1252 Drive \Device\Harddisk5\DR5 - Size: 0x77800000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:51:02.0212 1252 \Device\Harddisk0\DR0:
22:51:02.0259 1252 MBR used
22:51:02.0259 1252 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x1E00000
22:51:02.0259 1252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E23800, BlocksNum 0x411ED7AD
22:51:02.0259 1252 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x43010FEB, BlocksNum 0x7842015
22:51:02.0259 1252 \Device\Harddisk5\DR5:
22:51:02.0259 1252 MBR used
22:51:02.0259 1252 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BBFE0
22:51:02.0368 1252 Initialize success
22:51:02.0368 1252 ============================================================
22:51:04.0552 4644 ============================================================
22:51:04.0552 4644 Scan started
22:51:04.0552 4644 Mode: Manual;
22:51:04.0552 4644 ============================================================
22:51:05.0238 4644 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:51:05.0238 4644 1394ohci - ok
22:51:05.0269 4644 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:51:05.0285 4644 ACPI - ok
22:51:05.0316 4644 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:51:05.0316 4644 AcpiPmi - ok
22:51:05.0363 4644 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:51:05.0394 4644 adp94xx - ok
22:51:05.0410 4644 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:51:05.0425 4644 adpahci - ok
22:51:05.0441 4644 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:51:05.0457 4644 adpu320 - ok
22:51:05.0503 4644 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:51:05.0519 4644 AFD - ok
22:51:05.0535 4644 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:51:05.0535 4644 agp440 - ok
22:51:05.0581 4644 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:51:05.0581 4644 aliide - ok
22:51:05.0628 4644 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:51:05.0628 4644 amdide - ok
22:51:05.0644 4644 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:51:05.0659 4644 AmdK8 - ok
22:51:05.0940 4644 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
22:51:06.0112 4644 amdkmdag - ok
22:51:06.0127 4644 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
22:51:06.0143 4644 amdkmdap - ok
22:51:06.0143 4644 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:51:06.0159 4644 AmdPPM - ok
22:51:06.0205 4644 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:51:06.0221 4644 amdsata - ok
22:51:06.0237 4644 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:51:06.0237 4644 amdsbs - ok
22:51:06.0268 4644 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:51:06.0268 4644 amdxata - ok
22:51:06.0330 4644 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:51:06.0330 4644 AppID - ok
22:51:06.0377 4644 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:51:06.0377 4644 arc - ok
22:51:06.0408 4644 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:51:06.0408 4644 arcsas - ok
22:51:06.0439 4644 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:51:06.0439 4644 AsyncMac - ok
22:51:06.0486 4644 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:51:06.0486 4644 atapi - ok
22:51:06.0673 4644 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
22:51:06.0736 4644 atikmdag - ok
22:51:06.0783 4644 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
22:51:06.0798 4644 avgntflt - ok
22:51:06.0814 4644 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
22:51:06.0814 4644 avipbb - ok
22:51:06.0845 4644 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:51:06.0845 4644 avkmgr - ok
22:51:06.0876 4644 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:51:06.0907 4644 b06bdrv - ok
22:51:06.0939 4644 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:51:06.0954 4644 b57nd60a - ok
22:51:07.0001 4644 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:51:07.0001 4644 Beep - ok
22:51:07.0048 4644 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:51:07.0048 4644 blbdrive - ok
22:51:07.0079 4644 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:51:07.0079 4644 bowser - ok
22:51:07.0095 4644 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:51:07.0110 4644 BrFiltLo - ok
22:51:07.0126 4644 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:51:07.0126 4644 BrFiltUp - ok
22:51:07.0157 4644 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:51:07.0157 4644 BridgeMP - ok
22:51:07.0188 4644 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:51:07.0204 4644 Brserid - ok
22:51:07.0219 4644 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:51:07.0235 4644 BrSerWdm - ok
22:51:07.0251 4644 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:51:07.0251 4644 BrUsbMdm - ok
22:51:07.0251 4644 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:51:07.0266 4644 BrUsbSer - ok
22:51:07.0391 4644 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:51:07.0391 4644 BTHMODEM - ok
22:51:07.0407 4644 catchme - ok
22:51:07.0422 4644 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:51:07.0438 4644 cdfs - ok
22:51:07.0485 4644 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:51:07.0485 4644 cdrom - ok
22:51:07.0516 4644 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:51:07.0531 4644 circlass - ok
22:51:07.0578 4644 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:51:07.0578 4644 CLFS - ok
22:51:07.0625 4644 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:51:07.0625 4644 CmBatt - ok
22:51:07.0672 4644 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:51:07.0672 4644 cmdide - ok
22:51:07.0719 4644 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:51:07.0734 4644 CNG - ok
22:51:07.0750 4644 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:51:07.0750 4644 Compbatt - ok
22:51:07.0812 4644 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:51:07.0812 4644 CompositeBus - ok
22:51:07.0828 4644 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:51:07.0843 4644 crcdisk - ok
22:51:07.0921 4644 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
22:51:07.0921 4644 dc3d - ok
22:51:07.0968 4644 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:51:07.0984 4644 DfsC - ok
22:51:07.0999 4644 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:51:07.0999 4644 discache - ok
22:51:08.0031 4644 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:51:08.0031 4644 Disk - ok
22:51:08.0077 4644 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:51:08.0077 4644 drmkaud - ok
22:51:08.0124 4644 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:51:08.0140 4644 DXGKrnl - ok
22:51:08.0218 4644 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:51:08.0296 4644 ebdrv - ok
22:51:08.0327 4644 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:51:08.0343 4644 elxstor - ok
22:51:08.0389 4644 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:51:08.0389 4644 ErrDev - ok
22:51:08.0421 4644 EUBAKUP - ok
22:51:08.0467 4644 EuDisk (ce1f5cdcd1df4b0b574033b37784b57f) C:\Windows\system32\DRIVERS\EuDisk.sys
22:51:08.0467 4644 EuDisk - ok
22:51:08.0545 4644 EUDSKACS (081a23848c5c2c3076e55047321b28cd) C:\Windows\sysWow64\drivers\eudskacs.sys
22:51:08.0561 4644 EUDSKACS - ok
22:51:08.0561 4644 EUFS - ok
22:51:08.0592 4644 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:51:08.0592 4644 exfat - ok
22:51:08.0639 4644 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:51:08.0639 4644 fastfat - ok
22:51:08.0670 4644 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:51:08.0670 4644 fdc - ok
22:51:08.0686 4644 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:51:08.0686 4644 FileInfo - ok
22:51:08.0701 4644 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:51:08.0717 4644 Filetrace - ok
22:51:08.0733 4644 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:51:08.0748 4644 flpydisk - ok
22:51:08.0795 4644 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:51:08.0811 4644 FltMgr - ok
22:51:08.0826 4644 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:51:08.0826 4644 FsDepends - ok
22:51:08.0873 4644 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
22:51:08.0889 4644 fssfltr - ok
22:51:08.0904 4644 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:51:08.0904 4644 Fs_Rec - ok
22:51:08.0935 4644 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:51:08.0967 4644 fvevol - ok
22:51:08.0982 4644 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:51:08.0998 4644 gagp30kx - ok
22:51:09.0013 4644 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:51:09.0013 4644 hcw85cir - ok
22:51:09.0060 4644 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:51:09.0076 4644 HdAudAddService - ok
22:51:09.0123 4644 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:51:09.0123 4644 HDAudBus - ok
22:51:09.0138 4644 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:51:09.0138 4644 HidBatt - ok
22:51:09.0169 4644 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:51:09.0169 4644 HidBth - ok
22:51:09.0185 4644 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:51:09.0185 4644 HidIr - ok
22:51:09.0216 4644 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:51:09.0232 4644 HidUsb - ok
22:51:09.0247 4644 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:51:09.0247 4644 HpSAMD - ok
22:51:09.0310 4644 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:51:09.0341 4644 HTTP - ok
22:51:09.0372 4644 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:51:09.0372 4644 hwpolicy - ok
22:51:09.0388 4644 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:51:09.0403 4644 i8042prt - ok
22:51:09.0450 4644 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:51:09.0466 4644 iaStorV - ok
22:51:09.0513 4644 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:51:09.0513 4644 iirsp - ok
22:51:09.0559 4644 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:51:09.0559 4644 intelide - ok
22:51:09.0622 4644 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:51:09.0622 4644 intelppm - ok
22:51:09.0684 4644 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:51:09.0684 4644 IpFilterDriver - ok
22:51:09.0731 4644 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:51:09.0762 4644 IPMIDRV - ok
22:51:09.0825 4644 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:51:09.0825 4644 IPNAT - ok
22:51:09.0949 4644 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:51:09.0965 4644 IRENUM - ok
22:51:09.0981 4644 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:51:10.0012 4644 isapnp - ok
22:51:10.0090 4644 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:51:10.0105 4644 iScsiPrt - ok
22:51:10.0168 4644 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:51:10.0168 4644 kbdclass - ok
22:51:10.0183 4644 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:51:10.0183 4644 kbdhid - ok
22:51:10.0230 4644 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:51:10.0230 4644 KSecDD - ok
22:51:10.0277 4644 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:51:10.0277 4644 KSecPkg - ok
22:51:10.0293 4644 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:51:10.0293 4644 ksthunk - ok
22:51:10.0339 4644 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:51:10.0339 4644 lltdio - ok
22:51:10.0402 4644 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:51:10.0417 4644 LSI_FC - ok
22:51:10.0464 4644 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:51:10.0464 4644 LSI_SAS - ok
22:51:10.0480 4644 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:51:10.0480 4644 LSI_SAS2 - ok
22:51:10.0495 4644 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:51:10.0511 4644 LSI_SCSI - ok
22:51:10.0542 4644 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:51:10.0542 4644 luafv - ok
22:51:10.0558 4644 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:51:10.0573 4644 megasas - ok
22:51:10.0605 4644 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:51:10.0620 4644 MegaSR - ok
22:51:10.0651 4644 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:51:10.0667 4644 Modem - ok
22:51:10.0714 4644 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:51:10.0714 4644 monitor - ok
22:51:10.0745 4644 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:51:10.0761 4644 mouclass - ok
22:51:10.0776 4644 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:51:10.0792 4644 mouhid - ok
22:51:10.0823 4644 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:51:10.0823 4644 mountmgr - ok
22:51:10.0870 4644 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
22:51:10.0870 4644 MpFilter - ok
22:51:10.0917 4644 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:51:10.0917 4644 mpio - ok
22:51:10.0932 4644 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
22:51:10.0948 4644 MpNWMon - ok
22:51:10.0963 4644 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:51:10.0963 4644 mpsdrv - ok
22:51:11.0010 4644 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:51:11.0010 4644 MRxDAV - ok
22:51:11.0041 4644 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:51:11.0041 4644 mrxsmb - ok
22:51:11.0073 4644 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:51:11.0088 4644 mrxsmb10 - ok
22:51:11.0119 4644 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:51:11.0119 4644 mrxsmb20 - ok
22:51:11.0135 4644 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:51:11.0135 4644 msahci - ok
22:51:11.0166 4644 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:51:11.0166 4644 msdsm - ok
22:51:11.0182 4644 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:51:11.0182 4644 Msfs - ok
22:51:11.0197 4644 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:51:11.0213 4644 mshidkmdf - ok
22:51:11.0229 4644 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:51:11.0229 4644 msisadrv - ok
22:51:11.0275 4644 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:51:11.0275 4644 MSKSSRV - ok
22:51:11.0291 4644 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:51:11.0291 4644 MSPCLOCK - ok
22:51:11.0307 4644 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:51:11.0307 4644 MSPQM - ok
22:51:11.0353 4644 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:51:11.0353 4644 MsRPC - ok
22:51:11.0369 4644 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:51:11.0369 4644 mssmbios - ok
22:51:11.0385 4644 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:51:11.0385 4644 MSTEE - ok
22:51:11.0400 4644 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:51:11.0400 4644 MTConfig - ok
22:51:11.0431 4644 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:51:11.0431 4644 Mup - ok
22:51:11.0478 4644 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:51:11.0494 4644 NativeWifiP - ok
22:51:11.0541 4644 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:51:11.0556 4644 NDIS - ok
22:51:11.0603 4644 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:51:11.0603 4644 NdisCap - ok
22:51:11.0634 4644 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:51:11.0634 4644 NdisTapi - ok
22:51:11.0697 4644 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:51:11.0697 4644 Ndisuio - ok
22:51:11.0728 4644 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:51:11.0743 4644 NdisWan - ok
22:51:11.0775 4644 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:51:11.0775 4644 NDProxy - ok
22:51:11.0790 4644 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:51:11.0790 4644 NetBIOS - ok
22:51:11.0821 4644 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:51:11.0837 4644 NetBT - ok
22:51:11.0931 4644 netr28ux (26672f93749ac9fd28da1b0f94efa78d) C:\Windows\system32\DRIVERS\Dnetr28ux.sys
22:51:11.0946 4644 netr28ux - ok
22:51:11.0977 4644 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:51:11.0977 4644 nfrd960 - ok
22:51:12.0024 4644 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:51:12.0024 4644 NisDrv - ok
22:51:12.0055 4644 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:51:12.0055 4644 Npfs - ok
22:51:12.0071 4644 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:51:12.0071 4644 nsiproxy - ok
22:51:12.0133 4644 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:51:12.0149 4644 Ntfs - ok
22:51:12.0196 4644 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:51:12.0196 4644 Null - ok
22:51:12.0258 4644 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:51:12.0258 4644 nvraid - ok
22:51:12.0305 4644 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:51:12.0305 4644 nvstor - ok
22:51:12.0352 4644 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:51:12.0367 4644 nv_agp - ok
22:51:12.0414 4644 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:51:12.0414 4644 ohci1394 - ok
22:51:12.0445 4644 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:51:12.0461 4644 Parport - ok
22:51:12.0492 4644 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:51:12.0492 4644 partmgr - ok
22:51:12.0508 4644 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:51:12.0508 4644 pci - ok
22:51:12.0539 4644 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:51:12.0539 4644 pciide - ok
22:51:12.0570 4644 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:51:12.0586 4644 pcmcia - ok
22:51:12.0633 4644 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
22:51:12.0633 4644 pcouffin - ok
22:51:12.0648 4644 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:51:12.0648 4644 pcw - ok
22:51:12.0695 4644 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:51:12.0711 4644 PEAUTH - ok
22:51:12.0804 4644 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
22:51:12.0804 4644 Point64 - ok
22:51:12.0867 4644 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:51:12.0882 4644 PptpMiniport - ok
22:51:12.0898 4644 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:51:12.0898 4644 Processor - ok
22:51:12.0960 4644 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:51:12.0960 4644 Psched - ok
22:51:13.0007 4644 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
22:51:13.0007 4644 PxHlpa64 - ok
22:51:13.0069 4644 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:51:13.0101 4644 ql2300 - ok
22:51:13.0147 4644 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:51:13.0147 4644 ql40xx - ok
22:51:13.0210 4644 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:51:13.0210 4644 QWAVEdrv - ok
22:51:13.0272 4644 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:51:13.0272 4644 RasAcd - ok
22:51:13.0319 4644 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:51:13.0319 4644 RasAgileVpn - ok
22:51:13.0366 4644 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:51:13.0366 4644 Rasl2tp - ok
22:51:13.0397 4644 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:51:13.0397 4644 RasPppoe - ok
22:51:13.0428 4644 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:51:13.0428 4644 RasSstp - ok
22:51:13.0475 4644 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:51:13.0475 4644 rdbss - ok
22:51:13.0491 4644 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:51:13.0491 4644 rdpbus - ok
22:51:13.0522 4644 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:51:13.0522 4644 RDPCDD - ok
22:51:13.0553 4644 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:51:13.0553 4644 RDPENCDD - ok
22:51:13.0600 4644 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:51:13.0600 4644 RDPREFMP - ok
22:51:13.0631 4644 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:51:13.0647 4644 RDPWD - ok
22:51:13.0693 4644 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:51:13.0709 4644 rdyboost - ok
22:51:13.0771 4644 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:51:13.0771 4644 rspndr - ok
22:51:13.0818 4644 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:51:13.0834 4644 RTL8167 - ok
22:51:13.0912 4644 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:51:13.0927 4644 SASDIFSV - ok
22:51:13.0959 4644 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:51:13.0959 4644 SASKUTIL - ok
22:51:13.0990 4644 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:51:14.0005 4644 sbp2port - ok
22:51:14.0052 4644 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
22:51:14.0068 4644 SCDEmu - ok
22:51:14.0099 4644 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:51:14.0099 4644 scfilter - ok
22:51:14.0130 4644 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:51:14.0130 4644 secdrv - ok
22:51:14.0146 4644 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:51:14.0161 4644 Serenum - ok
22:51:14.0177 4644 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:51:14.0193 4644 Serial - ok
22:51:14.0239 4644 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:51:14.0239 4644 sermouse - ok
22:51:14.0271 4644 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:51:14.0286 4644 sffdisk - ok
22:51:14.0302 4644 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:51:14.0302 4644 sffp_mmc - ok
22:51:14.0317 4644 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:51:14.0317 4644 sffp_sd - ok
22:51:14.0333 4644 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:51:14.0333 4644 sfloppy - ok
22:51:14.0364 4644 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:51:14.0380 4644 SiSRaid2 - ok
22:51:14.0411 4644 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:51:14.0411 4644 SiSRaid4 - ok
22:51:14.0427 4644 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:51:14.0442 4644 Smb - ok
22:51:14.0505 4644 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:51:14.0505 4644 spldr - ok
22:51:14.0567 4644 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:51:14.0583 4644 srv - ok
22:51:14.0598 4644 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:51:14.0598 4644 srv2 - ok
22:51:14.0614 4644 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:51:14.0614 4644 srvnet - ok
22:51:14.0676 4644 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:51:14.0676 4644 stexstor - ok
22:51:14.0723 4644 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:51:14.0723 4644 swenum - ok
22:51:14.0895 4644 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:51:14.0926 4644 Tcpip - ok
22:51:15.0004 4644 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:51:15.0019 4644 TCPIP6 - ok
22:51:15.0066 4644 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:51:15.0066 4644 tcpipreg - ok
22:51:15.0097 4644 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:51:15.0097 4644 TDPIPE - ok
22:51:15.0129 4644 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:51:15.0144 4644 TDTCP - ok
22:51:15.0191 4644 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:51:15.0191 4644 tdx - ok
22:51:15.0207 4644 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:51:15.0222 4644 TermDD - ok
22:51:15.0269 4644 TotRec8 (f2df165148b58b89713851aa0769e8d8) C:\Windows\system32\drivers\TotRec8.sys
22:51:15.0285 4644 TotRec8 - ok
22:51:15.0331 4644 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:51:15.0331 4644 tssecsrv - ok
22:51:15.0378 4644 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:51:15.0394 4644 TsUsbFlt - ok
22:51:15.0441 4644 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:51:15.0441 4644 tunnel - ok
22:51:15.0456 4644 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:51:15.0472 4644 uagp35 - ok
22:51:15.0503 4644 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:51:15.0519 4644 udfs - ok
22:51:15.0550 4644 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:51:15.0565 4644 uliagpkx - ok
22:51:15.0612 4644 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:51:15.0628 4644 umbus - ok
22:51:15.0643 4644 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:51:15.0643 4644 UmPass - ok
22:51:15.0690 4644 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:51:15.0706 4644 usbccgp - ok
22:51:15.0737 4644 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:51:15.0737 4644 usbcir - ok
22:51:15.0768 4644 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:51:15.0784 4644 usbehci - ok
22:51:15.0815 4644 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:51:15.0831 4644 usbhub - ok
22:51:15.0862 4644 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
22:51:15.0862 4644 usbohci - ok
22:51:15.0893 4644 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:51:15.0893 4644 usbprint - ok
22:51:15.0940 4644 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:51:15.0955 4644 usbscan - ok
22:51:15.0987 4644 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:51:16.0002 4644 USBSTOR - ok
22:51:16.0033 4644 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
22:51:16.0033 4644 usbuhci - ok
22:51:16.0065 4644 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:51:16.0065 4644 vdrvroot - ok
22:51:16.0080 4644 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:51:16.0096 4644 vga - ok
22:51:16.0111 4644 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:51:16.0111 4644 VgaSave - ok
22:51:16.0127 4644 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:51:16.0143 4644 vhdmp - ok
22:51:16.0174 4644 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:51:16.0174 4644 viaide - ok
22:51:16.0189 4644 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:51:16.0189 4644 volmgr - ok
22:51:16.0236 4644 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:51:16.0236 4644 volmgrx - ok
22:51:16.0252 4644 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:51:16.0267 4644 volsnap - ok
22:51:16.0299 4644 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:51:16.0299 4644 vsmraid - ok
22:51:16.0330 4644 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:51:16.0330 4644 vwifibus - ok
22:51:16.0361 4644 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:51:16.0361 4644 vwififlt - ok
22:51:16.0392 4644 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:51:16.0392 4644 vwifimp - ok
22:51:16.0423 4644 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:51:16.0423 4644 WacomPen - ok
22:51:16.0439 4644 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:51:16.0455 4644 WANARP - ok
22:51:16.0470 4644 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:51:16.0470 4644 Wanarpv6 - ok
22:51:16.0501 4644 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:51:16.0517 4644 Wd - ok
22:51:16.0533 4644 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:51:16.0564 4644 Wdf01000 - ok
22:51:16.0611 4644 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:51:16.0611 4644 WfpLwf - ok
22:51:16.0626 4644 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:51:16.0642 4644 WIMMount - ok
22:51:16.0689 4644 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:51:16.0704 4644 WinUsb - ok
22:51:16.0735 4644 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:51:16.0735 4644 WmiAcpi - ok
22:51:16.0767 4644 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:51:16.0767 4644 ws2ifsl - ok
22:51:16.0813 4644 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:51:16.0813 4644 WudfPf - ok
22:51:16.0829 4644 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:51:16.0845 4644 WUDFRd - ok
22:51:16.0891 4644 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:51:16.0954 4644 \Device\Harddisk0\DR0 - ok
22:51:16.0954 4644 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
22:51:19.0294 4644 \Device\Harddisk5\DR5 - ok
22:51:19.0309 4644 Boot (0x1200) (68b8e053331a5d11decc8a461627cd17) \Device\Harddisk0\DR0\Partition0
22:51:19.0309 4644 \Device\Harddisk0\DR0\Partition0 - ok
22:51:19.0309 4644 Boot (0x1200) (bdc9467f114432322d5a673390e0d430) \Device\Harddisk0\DR0\Partition1
22:51:19.0309 4644 \Device\Harddisk0\DR0\Partition1 - ok
22:51:19.0341 4644 Boot (0x1200) (3e3d08bb549a0529f7d6cb13fec273ea) \Device\Harddisk0\DR0\Partition2
22:51:19.0341 4644 \Device\Harddisk0\DR0\Partition2 - ok
22:51:19.0341 4644 Boot (0x1200) (b57b4764da8edead3c63b0764d3a8be5) \Device\Harddisk5\DR5\Partition0
22:51:19.0341 4644 \Device\Harddisk5\DR5\Partition0 - ok
22:51:19.0341 4644 ============================================================
22:51:19.0341 4644 Scan finished
22:51:19.0341 4644 ============================================================
22:51:19.0356 4668 Detected object count: 0
22:51:19.0356 4668 Actual detected object count: 0


And from aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-19 23:06:42
-----------------------------
23:06:42.770 OS Version: Windows x64 6.1.7601 Service Pack 1
23:06:42.772 Number of processors: 4 586 0x170A
23:06:42.773 ComputerName: AUG012009 UserName: Tom
23:06:44.178 Initialize success
23:07:25.292 AVAST engine defs: 12031700
23:07:33.851 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:07:33.853 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
23:07:33.892 Disk 0 MBR read successfully
23:07:33.894 Disk 0 MBR scan
23:07:33.900 Disk 0 Windows 7 default MBR code
23:07:33.917 Disk 0 Partition 1 00 DE Dell Utility MSDOS5.0 70 MB offset 2048
23:07:33.936 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 145408
23:07:33.969 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 533466 MB offset 31602688
23:07:34.017 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 61572 MB offset 1124143083
23:07:34.102 Disk 0 scanning C:\Windows\system32\drivers
23:08:01.230 Service scanning
23:08:27.384 Modules scanning
23:08:27.392 Disk 0 trace - called modules:
23:08:27.414 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:08:27.419 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800629e060]
23:08:27.424 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8005ff1520]
23:08:27.429 5 ACPI.sys[fffff88000f2a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005ff3060]
23:08:28.792 AVAST engine scan C:\Windows
23:09:06.703 AVAST engine scan C:\Windows\system32
23:14:30.930 AVAST engine scan C:\Windows\system32\drivers
23:14:46.705 AVAST engine scan C:\Users\Tom
23:27:31.973 AVAST engine scan C:\ProgramData
23:30:33.448 Scan finished successfully
23:33:34.968 Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\MBR.dat"
23:33:35.037 The log file has been saved successfully to "C:\Users\Tom\Desktop\aswMBR.txt"


There has so far been no recurrence of the search behavior. Both my daughter and I have used this PC since the ComboFix scan without either new or old issues arising.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:28 PM

Posted 19 March 2012 - 10:41 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 boxthirteen

boxthirteen
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 20 March 2012 - 05:29 AM

Here is the ComboFix log:

ComboFix 12-03-17.01 - Tom 03/20/2012 0:54.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4134 [GMT -4:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
Command switches used :: c:\users\Tom\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alex\AppData\Local\temp\Z@S2531.tmp
c:\users\Alex\AppData\Local\temp\Z@S25FE.tmp
c:\users\Alex\AppData\Local\temp\Z@S268C.tmp
c:\users\Alex\AppData\Local\temp\Z@S26BD.tmp
c:\users\Alex\AppData\Local\temp\Z@S26EE.tmp
c:\users\Alex\AppData\Local\temp\Z@S270F.tmp
c:\users\Alex\AppData\Local\temp\Z@S28D5.tmp
c:\users\Alex\AppData\Local\temp\Z@S28E7.tmp
c:\users\Alex\AppData\Local\temp\Z@S2908.tmp
c:\windows\SysWow64\csftxctl.ocx
c:\windows\SysWow64\windrv.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 05:06 . 2012-03-20 05:06 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-20 05:06 . 2012-03-20 05:06 -------- d-----w- c:\users\Stephanie\AppData\Local\temp
2012-03-20 05:06 . 2012-03-20 05:06 -------- d-----w- c:\users\Nora\AppData\Local\temp
2012-03-20 05:06 . 2012-03-20 05:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 05:06 . 2012-03-20 05:06 -------- d-----w- c:\users\Alex\AppData\Local\temp
2012-03-20 03:36 . 2012-03-20 04:46 -------- d-----w- c:\programdata\InsiderBaseball 2012
2012-03-20 03:32 . 2012-03-20 03:32 -------- d-----w- c:\program files (x86)\Insiderbaseball 2012
2012-03-20 02:51 . 2012-03-20 02:51 116016 ----a-w- c:\windows\system32\drivers\81667813.sys
2012-03-19 17:49 . 2012-03-19 17:48 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64037D86-FB37-481B-8836-5E45A01987B0}\gapaengine.dll
2012-03-19 17:48 . 2012-02-08 03:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{00986D8E-FACC-46D0-8689-24CA4F470BBD}\mpengine.dll
2012-03-19 17:46 . 2012-03-19 17:46 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-19 17:46 . 2012-03-19 17:47 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-19 17:38 . 2012-03-19 17:38 -------- d-----w- c:\users\Alex\AppData\Roaming\Avira
2012-03-19 11:23 . 2012-03-19 11:23 -------- d-----w- c:\users\Tom\AppData\Roaming\Avira
2012-03-19 11:21 . 2012-03-19 11:21 -------- d-----w- c:\programdata\Avira
2012-03-19 11:21 . 2012-03-19 11:21 -------- d-----w- c:\program files (x86)\Avira
2012-03-19 11:21 . 2012-01-31 12:57 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-19 11:21 . 2012-01-31 12:57 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-19 11:21 . 2011-09-16 20:09 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-19 00:16 . 2012-03-20 05:25 -------- d-----w- c:\users\Tom\AppData\Local\temp
2012-03-18 19:05 . 2012-03-18 19:05 -------- d-----w- c:\program files (x86)\Runtime Software
2012-03-18 13:04 . 2012-03-19 07:01 -------- d-----w- c:\program files (x86)\SpyNoMore
2012-03-18 05:27 . 2012-03-18 05:27 -------- d-----w- c:\users\Tom\AppData\Roaming\SUPERAntiSpyware.com
2012-03-18 05:27 . 2012-03-18 05:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-18 05:27 . 2012-03-18 05:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-17 17:20 . 2012-03-17 17:20 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 17:20 . 2012-03-17 17:20 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 16:08 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9A0EB03-857B-4DD0-B8A6-225BE6AFC934}\mpengine.dll
2012-03-16 05:19 . 2012-03-16 05:20 -------- d-----w- c:\users\Alex\AppData\Roaming\TS3Client
2012-03-16 05:19 . 2012-03-16 05:19 -------- d-----w- c:\users\Alex\AppData\Local\TeamSpeak 3 Client
2012-03-15 20:15 . 2012-03-15 20:15 5679896 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.364.0oemBingBarSetup-Partner.EXE
2012-03-15 07:02 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 07:02 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 07:02 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 07:20 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:20 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:20 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 07:20 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 07:20 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:20 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:20 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 07:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 07:20 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:20 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-20 14:58 . 2012-02-20 14:58 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 11:15 . 2011-05-18 10:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-20 14:58 . 2010-06-11 01:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-31 12:44 . 2010-02-06 04:55 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-15 23:19 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 23:19 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 23:19 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 23:19 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 23:19 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-19_00.04.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-03-19 00:03 . 2012-03-18 23:55 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-20 05:15 . 2012-03-20 05:07 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-19 00:03 . 2012-03-18 23:55 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2012-03-20 05:15 . 2012-03-20 05:07 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2012-03-20 05:15 . 2012-03-20 05:07 16384 c:\windows\temp\Cookies\index.dat
- 2012-03-19 00:03 . 2012-03-18 23:55 16384 c:\windows\temp\Cookies\index.dat
+ 1998-06-18 07:00 . 1998-06-18 07:00 89360 c:\windows\SysWOW64\VB5DB.DLL
+ 2010-05-14 02:50 . 2012-03-19 00:19 31338 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-19 00:19 29388 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2011-08-16 21:30 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-03-19 11:21 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-04-27 19:25 . 2011-04-27 19:25 84864 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2011-04-18 17:18 . 2011-04-18 17:18 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2001-05-04 19:05 . 2001-05-04 19:05 30992 c:\windows\Installer\$PatchCache$\Managed\EABF917BB56E50B4D81E1CA75E4684A8\14.1.4\vbajet32.dll
+ 2001-05-04 19:05 . 2001-05-04 19:05 53520 c:\windows\Installer\$PatchCache$\Managed\EABF917BB56E50B4D81E1CA75E4684A8\14.1.4\msjter40.dll
+ 2010-02-11 04:45 . 2012-03-19 00:19 6004 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3925274407-2279627853-2444153687-1005_UserData.bin
+ 2012-03-20 05:07 . 2012-03-20 05:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-18 23:55 . 2012-03-18 23:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-18 23:55 . 2012-03-18 23:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-20 05:07 . 2012-03-20 05:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2000-07-15 05:00 . 2000-07-15 05:00 101888 c:\windows\SysWOW64\VB6STKIT.DLL
+ 2000-03-14 04:00 . 2000-03-14 04:00 118784 c:\windows\SysWOW64\MSSTDFMT.DLL
+ 2009-07-14 02:36 . 2012-03-20 05:11 626162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-20 05:11 107438 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2011-08-16 21:30 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-03-19 11:21 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-03-19 11:21 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-08-16 21:30 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-04-18 17:18 . 2011-04-18 17:18 189440 c:\windows\system32\drivers\MpFilter.sys
- 2009-07-14 05:01 . 2012-03-18 23:54 398684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-20 05:06 398684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 1998-05-07 04:00 . 1998-05-07 04:00 174352 c:\windows\Installer\$PatchCache$\Managed\EABF917BB56E50B4D81E1CA75E4684A8\14.1.4\RICHED32.DLL
+ 2001-05-04 19:05 . 2001-05-04 19:05 614672 c:\windows\Installer\$PatchCache$\Managed\EABF917BB56E50B4D81E1CA75E4684A8\14.1.4\mswstr10.dll
+ 2001-05-04 19:05 . 2001-05-04 19:05 831760 c:\windows\Installer\$PatchCache$\Managed\EABF917BB56E50B4D81E1CA75E4684A8\14.1.4\mswdat10.dll
+ 2001-05-04 19:05 . 2001-05-04 19:05 553232 c:\windows\Installer\$PatchCache$\Managed\EABF917BB56E50B4D81E1CA75E4684A8\14.1.4\msrepl40.dll
+ 2001-05-04 19:05 . 2001-05-04 19:05 315664 c:\windows\Installer\$PatchCache$\Managed\EABF917BB56E50B4D81E1CA75E4684A8\14.1.4\msrd3x40.dll
+ 2001-05-04 19:05 . 2001-05-04 19:05 422160 c:\windows\Installer\$PatchCache$\Managed\EABF917BB56E50B4D81E1CA75E4684A8\14.1.4\msrd2x40.dll
+ 2001-05-04 19:05 . 2001-05-04 19:05 241936 c:\windows\Installer\$PatchCache$\Managed\EABF917BB56E50B4D81E1CA75E4684A8\14.1.4\msjtes40.dll
+ 2001-05-04 19:05 . 2001-05-04 19:05 151824 c:\windows\Installer\$PatchCache$\Managed\EABF917BB56E50B4D81E1CA75E4684A8\14.1.4\msjint40.dll
+ 2001-05-04 19:05 . 2001-05-04 19:05 379152 c:\windows\Installer\$PatchCache$\Managed\EABF917BB56E50B4D81E1CA75E4684A8\14.1.4\expsrv.dll
+ 2001-05-04 19:05 . 2001-05-04 19:05 557328 c:\windows\Installer\$PatchCache$\Managed\EABF917BB56E50B4D81E1CA75E4684A8\14.1.4\dao360.dll
+ 2011-05-19 21:23 . 2011-05-19 21:23 2708992 c:\windows\Installer\3c09760.msi
+ 2011-06-15 18:51 . 2011-06-15 18:51 1911808 c:\windows\Installer\3c09758.msi
+ 2001-05-04 19:05 . 2001-05-04 19:05 1503504 c:\windows\Installer\$PatchCache$\Managed\EABF917BB56E50B4D81E1CA75E4684A8\14.1.4\msjet40.dll
+ 2010-09-29 11:10 . 2012-03-19 18:40 20896944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3925274407-2279627853-2444153687-1005-8192.dat
- 2010-10-06 12:25 . 2012-03-18 23:54 20879128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3925274407-2279627853-2444153687-1001-8192.dat
+ 2010-10-06 12:25 . 2012-03-20 05:06 20879128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3925274407-2279627853-2444153687-1001-8192.dat
+ 2012-03-20 03:32 . 2012-03-20 03:32 17106944 c:\windows\Installer\1e6d141.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-10-28 273528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SNM"="c:\program files (x86)\SpyNoMore\SNM.exe" [2011-12-23 1003856]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe [2012-02-20 193816]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R3 EUDSKACS;EUDSKACS;c:\windows\sysWow64\drivers\eudskacs.sys [2009-12-02 17800]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 EUBAKUP;EUBAKUP;c:\windows\sysWow64\drivers\eubakup.sys [2009-12-02 30600]
S0 EUFS;EUFS;c:\windows\sysWow64\drivers\eufs.sys [2009-12-02 26504]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe [2012-02-20 240408]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [x]
S3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28ux.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3925274407-2279627853-2444153687-1004Core.job
- c:\users\Nora\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 14:32]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3925274407-2279627853-2444153687-1004UA.job
- c:\users\Nora\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 14:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fg05840o.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://cincinnati.reds.mlb.com/index.jsp?c_id=cin
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-03-20 01:38:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-20 05:38
ComboFix2.txt 2012-03-19 00:15
.
Pre-Run: 420,276,723,712 bytes free
Post-Run: 421,196,099,584 bytes free
.
- - End Of File - - 5143F7B1CF97F901E4FBCF26B03B7FAB

Other than being unable to open a browser after this script finished - I finally had to restart - the computer is acting normally. There has been no sign of the search misdirection recurring.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:28 PM

Posted 20 March 2012 - 07:30 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.3.3
Bing Bar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 boxthirteen

boxthirteen
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 20 March 2012 - 06:48 PM

MBAM:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tom :: AUG012009 [administrator]

3/20/2012 7:38:09 PM
mbam-log-2012-03-20 (19-38-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253809
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hijack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:46:59 PM, on 3/20/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windows.microsoft.com/en-us/internet-explorer/products/ie-9/welcome-upgrade2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files (x86)\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11395 bytes

I did have to go into the properties of the desktop icon for HT to set it to 'Run As Administrator' in order to get a log - just something to pass along to others.

Since the first step in this process, the bad behavior in browser searches has been gone and I have not experienced other problems. Good to know the bad info about Adobe Reader and uTorrent.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:28 PM

Posted 20 March 2012 - 08:06 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
      O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 boxthirteen

boxthirteen
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 21 March 2012 - 06:08 AM

I've been unable to run the ESET scan. I tried it twice through IE with the same error message at step 2 of the scan: "Can not get update. Is proxy configured?" I don't connect through a proxy and the Custom Proxy box was unchecked in step 1. I also tried the scan in Firefox after installing the plugin with the same result.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:28 PM

Posted 21 March 2012 - 03:02 PM

Hello

try resetting IE - go here and scroll down and click on show all and click on the fix-it button - http://windows.microsoft.com/en-US/windows-vista/Reset-Internet-Explorer-8-settings


if that does not work then try this one

F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go HERE to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new window

    In Interner Explorer
  • It will require an activex control, please install it
  • Click Accept

  • In Firefox
  • It will require an Add-on to be installed, please install it
  • Order to install the Add-on Firefox needs to be restarted, please do so
[*]Click Full System Scan
[*]It will now download the scanner this may take a while please be patient
[*]It will then start scanning wait for the scan to finish
[*]Click Automatic cleaning (recommended)
[*]Wait for it finish the cleaning process
[*]Click show report
[*]This will open up a window with the results of the scan copy and paste those results as a reply to this topic[/list]

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 boxthirteen

boxthirteen
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 22 March 2012 - 07:34 AM

Had to use F-Secure; the other would not get past the same error message in either IE or Firefox:

Scanning Report
Thursday, March 22, 2012 07:30:38 - 08:32:44

Computer name: AUG012009
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\ E:\
3 malware found
TrackingCookie.Questionmarket (spyware)

System (Disinfected)

TrackingCookie.Fastclick (spyware)

System (Disinfected)

TrackingCookie.Webtrends (spyware)

System (Disinfected)

Statistics
Scanned:

Files: 187423
System: 5913
Not scanned: 255

Actions:

Disinfected: 3
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0

Files not scanned:

C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\3C3957C009C9E32C49D5D3E088CBC2599B5A1813.HOMEGROUPCLASSIFIER\10D970439D6532185BC17682EE48070C\GROUPING\DB.MDB
C:\USERS\TOM\APPDATA\LOCAL\TEMP\HSPERFDATA_TOM\4844
C:\USERS\STEPHANIE\APPDATA\ROAMING\REAL\UPDATE\UPGRADEHELPER\REALPLAYER\9.01\RNUPGAGENT.EXE
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{57E36AAD-7340-11E1-82EB-0021705D5D5E}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{D4163DB5-7276-11E1-B7FF-0021705D5D5E}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{D4163D55-7276-11E1-B7FF-0021705D5D5E}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{D4163DC7-7276-11E1-B7FF-0021705D5D5E}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\PROGRAMDATA\REAL\REALUPGRADE\UPGRADECONFIGINFO_9633795.XML
C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPDIAG.BIN
C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER\MPSCANCACHE-1.BIN
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00177B7DC8E05642CC0C3D2CFDA5B8D6_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\01280889D07FFB419E0A3CF5DE3B760C_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\01C3459720ACCCDE79A2D44A846523C5_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\021949DAEC6638E7FFDDA96ED2110975_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\022796434AFD23259403C329BAAFEA3E_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03B6C0966C52EDFB6A9FA8603A8D8236_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\043C8C2BDA67E7F1AF6F7635FB7076E6_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\061C3BEE43986D9AF5B9737F71120328_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\062EADDE0F40249051EF304DDCE22D71_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0857AA4B90D037CE5E84A0CA2A21BBAD_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\094E9C0504A8B09262A53A3E56084256_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A39A745DE8E93E1947566D039855A10_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C15E49983F2F09625D8DCC8C1D4EAE7_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0AE3EB8599C864F0BBF4E2DDCD9C2954_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\030DF8C100EF2247EE3E7DDB769D38B5_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0CC7BCAF62EF3A7B7CA0B20F24D2AC4C_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DA0A60F64FFF60876E4F5E9CE1BE713_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0AF679D93FB37969B82A73169A41D685_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1079A83DE042E7268DF5A433DB2F477B_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\105AD7D958BF0F15E1C7DC4906C9EB56_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\11CBDA8B70147391C5CEC6C6F0D6B371_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\138CAC95975ED6FB2CA26470182612EA_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\143420D957E07DD074CC8C83EAC13886_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\143C1984A7D5D021540B60C36A3B3E82_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\172A168714D74766CEB35EEC09F07C68_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AE6C408FE2174D6BB624A07F732F68B_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B47C48BDF5F936A7AA8189BF3BD029C_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C445C235D75072F18DF7EF42E4C37C1_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C95F2718B308F43C2AAB46619721AB0_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D308370C43EDF98486FBD205E0796F4_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E8E1BABE90A96EFBE5F61BEB8E72106_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\21721DEBFCF73588B1A88E24FBC41355_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22E8E6DD9B7452EBFB4E28F2020B2AFA_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\237F79789E92E8069505EB6ECD659E06_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23E65E2373448DFBAF969B458D22B987_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2672C10E5145C638DF0C66D3912C50C9_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2680099DCB5395994B1386FB9B2F03AA_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26E4622ADB78C610A598634A5733F11D_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2958AB2BDAFF6D53F35C76B71E0573EC_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2885CF28774D9F2824065A5951995E50_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29281791D9E4E663E744FD3C7E77717D_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A38E3F4F6BD354F107020C924AB6BBC_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A69167DE3DC12B762FBF30AFC04E4BB_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2AC6AEBC2464E8DBE2D08AF5106FC1C7_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2AC9F617409E300E3B2BED80DCE2A15D_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2BAC88AEEA2367D3DEA2CDD67719BF94_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\300AB5F6F803828949717114D7189191_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C41D0D0EFB3005BA174BA36AF20272D_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3013579198D6953A8F2B41D6DD693A6A_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31CCD5437AEB514C5FC91424E9E0C885_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\324BF49AA805DC419352DF0F6A94637E_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32F197E603744A195DF6C08C247299B7_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\339AC9689FB23F7C4EC5F589017DE994_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\33A46B84290453AD2F497D1E9433E155_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\374725AD4D4C64E59440CF4E81F00A11_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37C44BCC7817273CA898826E36C34F73_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AF685B9C7F6D4A0EFEE8487491687A1_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AA577D2BDFB5D69EEA503712F25DE36_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C451FE21191B723114D0AB7B1BC4359_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\391F4869E8BE4E2EAC4A09A244AE6D33_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3CEA3531709F272FA5812E28B852828C_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3D3ECFCBCA5AAF5E24FDCC01F259A4CF_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3D6B21E559F48CC0B4507570004DCFE0_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3D6E3490019CC21F9C2E5053E2DF4FBE_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EDC00B041A7FEC3C7980C13BDEF940D_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3FBB928FE068F3F339F837EEA8DC5C8F_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40BB9307F6540C061ACD6A03252ECBBC_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4096D2FCEEA51E4E83832101C305CD6D_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4043566EE724DE344F2D28160E2C46BC_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42C47F0E24D4D224B1E1AEA8F9DB262C_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44C52C1234023FB801F23DE480E89FE1_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49FC1735E15BFF1EB9453346F8D3A198_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4AFC30F8131010E520EE78496A0CBFC4_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4BFE6890BC9C0F2AF050712637DD49EF_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4C68A1278BC5CF29A7D6D97CF6B8DA60_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F68E861A9E6C1D75436ECE91727C6A9_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F80A66A7999A7FEA5253BF43347D209_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D634ED904F1E2D599AA7FB566A3483C_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4FCEFE0AC8633084122A662BA7CF8A8D_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50535D0F31D508E2678CC7EC4738CD05_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50B208D1F521C8533702A3C1B7835ABA_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50EDD816DEE37478955DAF2334EADFBF_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5186F470BE7584768F79D92391EBDA81_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\526E930D110FCCA8DE09AA401DF4B77B_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\533FACAABB480556558D4CEF4EAB1967_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\555B37000AE26DB4AB96BD8C8C319374_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54D7CE579D0D60915879882BF9E37BE5_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\572F1543F45539F4238B742C47334E81_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\57D942CD48445E25DE25DAC322B7C22F_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59B2E44F0B008FFA01937562EA0EBCDC_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E06A77F297147432C3B52CC4153E79E_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5BBD50DA38906FB90389A6E6EBE6A23F_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E06EDA4C1A86BEB4CA78D9C500E5F9A_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F1F4510F4DD0577F5EB34FEEF43EAE9_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F7E0673A901F6C0A2250D9B2CCD37F2_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E4EF43313E373194EAA596C4152769D_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F7EDD94EBD3A473937076F84066D423_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5FF0B2E59C7C4F5C45250CB8AF3932BC_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\60F1652A639404731919519F4D809C5F_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6171AE6406D73B10A31B80768157CBCB_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\630BBA3054295A5371240DF23A355216_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\629DBA7EB721B285649CFC8A90D32D6B_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\664221B87CF4CD2DF66C58DEEDCABA25_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\665414B30EE931CC686E97EBACE05CF1_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\666DD15012649E6BD582DCFFE3E61DCA_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6694E554E55963FAF3E517173F1E9372_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71613DB716083FD73B74670A51061432_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\669857AE10BCC52B22B9F165C0834991_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F5431D7712C7C30A40FA42823A1F1A0_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\74F2F0F860C71C73BA7E30CF909DDAC9_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\75BD649E2B27661CC42D1B56D361478D_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7646DA71F140BF150EB6240F38DE8D12_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\766639C0DB4E53754E48AEB0059BC4A8_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76834FBAFB8083432F19FEE3C9C9CCF0_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77E6EE4021CAE30D3B8B77251C930D93_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7821041CA4F2751B008F5161F49550E3_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\79995D217C23DD204938145F59C81AA4_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\79857EEC3E817E3D5BEECF9C23B40CC4_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7828681A728E56E09C160C492C551207_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\799C06CDA6125AB00FC4959E238D49A5_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D75391126A5CEC8A0ACAB89E85622E1_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8138AF72F029732812938250C5C505CA_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E3147381EFF742D07702D10BADEF17C_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E8A8C12492CF37D481720675AD6167A_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8228D6053112D4307B935F288BEA73BA_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\831D62E60868ACE2FC90D585D91AFF5A_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87C18B476F463A68247AA5602EA7B24C_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\83D332C09540BE19AE0B90C77C5CB0E9_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\845C388274CFC9044CEAEB42EFB8A7C6_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8802EEC8802F91414AD1AC3136642735_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E5B234F4465A15D07871C87EDA57DCE_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8C72D5CD2A0CE05267DD2A66E26738FB_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F1BB59B954645780B6D06D6CFE573B1_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\91648D35E87000B8384CA4B1DB835E52_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87D79ABC780382EBCE5DAB432CBF4977_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\91F45B3B5BDA745845778B5542597971_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9519EFF958175B681CC0CAF3DA418CD5_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\948FF364678F0E05B07F4AECCA0BE8F2_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94671A8FCAC415D8B8D31E1CA4FE1651_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9750BE3E0F63613EB0FD8A1CFCAFBA38_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9794C909717B6E8910FB2376A9D0123C_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CFBE40A9D9E3378EDCBFB1E190EB943_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\994CB04BF7EB36858AEDF22EAF9ACDD4_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\97BD5BFF9A6729515EF91C26EDB51C9D_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D09D15C298219BA91BC1B161D1605AD_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F3A4D953EF2B84EF6A56CEF58343506_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D7C3AD1823CD035EDE78217461A6892_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F62E0F85B64E831919240349A2E310C_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0E1D10780F19ED4FEBCFB42F20AD118_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9ABC66247DB0E91A3BF54B627009E081_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A093D7EC6B9767E410A6744F02663777_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1060E6F64CD9819C26A1023A2594403_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A137FD3FD9A64FF7BDEBFE1F278F4011_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4F4B18D812AC851C8D23E428477E5A6_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A53293296A01F66BBDC74B6077D16A3E_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A19BA386B5AB6BDD3E86135567F71F37_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A785C080081C8A01D7A885ECD09EAA09_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A957BCE73C0847CDF58884682CB1D796_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB3DBDBFDF85A8EE19B934D8CAE5EBED_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ABA29F5A3D5CB62F65B7ACECA32FA993_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ABD002ED8398F2B60DD7B924FE6F91C6_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ADA685F5A16B12941DE8E628FAA8420C_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF12DDDDA419C3693C0383059A7E10F8_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B14A43518196FFC2C37E92857F0B64F1_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B333740F5786F79B6D2030F06BFBC86F_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B1B4AF3FAF4F6943B4A0F42415162C18_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B34778557F4F5570D2975EE9D638C3DC_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B35AC333DC894A7F09D2A0651EFC11A1_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B596F20860FCD4E1FFED026546E0CF14_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6012240E36FD65D3DC71D8944F9E74F_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5C9BF48801DB25EF6FC9F5E009720C5_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5A9C30C47BBBF7137CE73553B13D5F5_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B416649948F59AAB6C338769A14B20D6_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9D85D083B69BB643EC0E1EE733B25CC_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C223FF5463DD78A168FE902B4046F153_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C129D24697601915BBC2A0104C2F08A5_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B99517FC5B1AF1E855804C107DD159FC_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C23FF73FFD7B41702E48D149C9AC14EC_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C699272DADF5383CCB5E5C292C2819D7_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C765B3A8FBC62A03AF4F9262A173FCA6_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C719FFC186B68CFFA9183F2192804EFD_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C755EF321D44ED9065AA9005B26180C1_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8768715DD60FD30E0E7DCBD4F415624_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8A29DE94A9E5D70A4B8899DFC0E4AEF_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CCCD3AAB079667C852798D15ED5D2728_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CB84DC57288D2C74B3EE588C6B297696_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CDAF0F37128E0DB3B8809F0E6389A146_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8DBFD976802A9B74530B32088DE1DAE_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D0937B9082D40ED11567ED0B56F33479_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D3DA6F33C85FFCC50F6C4034A9AA6BC9_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CEF652F7CA93C36C796103E7051C1A65_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D4576A1D5C92CD3E718E4A52082ADE0F_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1DFB6EBF3BAA56ABDE7D26F11B658D9_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6070E7E08EBE1CF01AEC99A2A0F3AE9_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D74FFB432502FAD1651D4D9190A5127E_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D8A5AF17DC3C504E145C3091C18C3E20_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D4F2CC33040EE142C45EAB80CDE83374_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD4FCBFB20E71B0746A6A2FC6B18E577_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DCCD7E691EB5331F161B973773D86C7B_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC7DBC2D12A9645C8D963A7C60642017_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB42244FE1AB3212E72650E2971E4494_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE10E8C66C6D0526065DAC6C54E1A945_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DEB71D9030DE4A5A49B57C73249B852F_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E37B0B8ABC7A8FBD33A4C063DD915A67_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3FEE5CA7A539FFAED40B75AC983B8CA_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E53D407E698BF9EAFEFDE83CCF97F0CF_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E729DEC3C7B14845695D713F6510BF7B_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED1FE2EEA27BCCE62F47EEA5655D633D_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E7FE35B98F3BCE331C05965236EE7872_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE4AADBDACF61EB097D9E05DFC7DCD69_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ECC34201C6904FED3F12EAD58A161D0C_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFF3A8536321F3E4555249E679061DAE_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F034D4D7710FE7B97B324E7D362B189A_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F07F31E73E52BC60CE26390A2570E7DC_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0D0F7BE9906AA36A7C2FB9450F25A61_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0FFAEEF44FC8431B6E241FC10C1B495_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F28B6333C66DA088694AC2C99E713BD1_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F826050293E731BB41B1B871640F7231_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F66E03F2AF3283E2234BE065BE06BFED_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5EDCA01EFD0BB4D60444BA502855301_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F97E9E69A0D57EB87871CC35F90F7B76_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD386198CEB83F7F4A7D089B08A3FA5D_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE2AA4608EDC10B85726A0B9E785769E_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE3725229A234CF43C9860D55D593802_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF2AE2F04F48815872D97E25642F4031_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF318A0FE6E0D1051B579431A8FE3B5B_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFA6509703EE8039C692635A22588F5A_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFA5F48AB231C1BB1631046D41EA143D_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFFAAA99EE0E9CEC5AEB09812909A17F_FD274CE4-53D0-4C0C-BF49-3BD64D3FC236
C:\BOOT\BCD

Options
Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


No new symptoms of problems and no recurrence of the original problem...

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:28 PM

Posted 22 March 2012 - 03:30 PM

Hello

The Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop.

:DeFogger:

Note** This only needs to be run if it was run before - If not then skip it.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 boxthirteen

boxthirteen
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 23 March 2012 - 08:12 AM

I am not at the affected computer right now, but I will work through those last steps later today and give you an update!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users