Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Trojan


  • This topic is locked This topic is locked
32 replies to this topic

#1 MasterBroshi

MasterBroshi

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 25 March 2012 - 10:11 PM

Hi Bleeping Computers Team,

A few months ago I got the windows redirect virus. And I thought I had removed it when it came back. Again I thought I had removed it and it just showed up again this weekend. I am assuming my last two attempts have been only partial removals that have returned.
So far I have tried Malware Bytes, SuperAntivirus Free, CCCleaner, TDSSKiller, Stopzilla, deleting the random registry entrys and a few one click quick fixes that havent work. So you can see my frustration that I still cannot get rid of this thing.
Hopefully someone will be able to walk me through a permanent fix.

Thanks,

Kevin

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Kevin McGreen at 23:02:54 on 2012-03-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6132.4289 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Kevin McGreen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com/
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/splitcam/{1B958291-62D8-445C-BAB3-0F21E446489C}
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Face recognition web login for FastAccess: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "C:\Users\Kevin McGreen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\Kevin McGreen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [FAStartup]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\KEVINM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - C:\Users\Kevin McGreen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{02BFACED-AB00-4BC5-B36B-A3CB750E653E} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{02BFACED-AB00-4BC5-B36B-A3CB750E653E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{02BFACED-AB00-4BC5-B36B-A3CB750E653E}\2556460244F676D27657563747 : DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{02BFACED-AB00-4BC5-B36B-A3CB750E653E}\4586560245572747C656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{02BFACED-AB00-4BC5-B36B-A3CB750E653E}\636433142463 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{02BFACED-AB00-4BC5-B36B-A3CB750E653E}\7455543545 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{02BFACED-AB00-4BC5-B36B-A3CB750E653E}\7455543545 : DhcpNameServer = 10.98.1.1 10.98.1.2 167.206.1.103
TCP: Interfaces\{02BFACED-AB00-4BC5-B36B-A3CB750E653E}\D416272796F64747F57457563747 : DhcpNameServer = 172.16.6.1
TCP: Interfaces\{0F71005D-D15F-4A4E-A5E8-B7185137E3CD} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{0F71005D-D15F-4A4E-A5E8-B7185137E3CD} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2BD7343E-E0D2-436D-A13F-FBA5B141BAA6} : NameServer = 208.67.222.222,208.67.220.220
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: AC-Pro: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
BHO-X64: SuggestMeYesBHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [FAStartup]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kevin McGreen\AppData\Roaming\Mozilla\Firefox\Profiles\jzwntgqm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http_port - 57354
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kevin McGreen\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kevin McGreen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kevin McGreen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-4-29 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-4-23 2412728]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-24 652360]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2011-9-3 91456]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-14 1692480]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
S2 SessionLauncher;SessionLauncher; [x]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-6-15 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-6-15 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-2-1 25072]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-6-14 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-26 02:48:25 388096 ----a-r- C:\Users\Kevin McGreen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-26 02:48:25 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-03-26 02:40:48 -------- d-----w- C:\ProgramData\PC Tools
2012-03-25 19:12:55 -------- d-----w- C:\Users\Kevin McGreen\AppData\Roaming\SUPERAntiSpyware.com
2012-03-25 19:12:18 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-25 19:12:18 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-24 16:34:10 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-24 16:33:03 -------- d-----we C:\Windows\system64
2012-03-15 07:03:07 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 07:03:06 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 07:03:06 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 23:49:45 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 23:49:44 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 23:49:44 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 23:47:56 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 23:47:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 23:47:56 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 23:47:56 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 23:47:55 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 23:47:55 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 23:47:55 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-25 18:42:13 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2012-02-25 18:42:13 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2012-02-25 18:42:12 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-02-25 18:42:12 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-02-25 18:42:10 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
.
==================== Find3M ====================
.
2012-03-24 17:03:01 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 04:13:09 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 23:03:37.14 ===============

Also I feel I should mention I am running a Windows 7 64 bit machine.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 26 March 2012 - 08:36 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MasterBroshi

MasterBroshi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 26 March 2012 - 09:50 PM

Hi Gringo,

Thank you for your very quick response.

I am still being redirected.

I ran combofix and hit a few problems.

First it told me Mcafee antivirus and antispyware are running and to turn them off. I do not know how to turn these off as I thought I had uninstalled and removed them from my computer a while ago. I even ran a Mcafee removal tool provided by Mcafee to no avail. The guide offered by you does not help because I do not have a Mcafee icon to click on anywhere.

Second after running combofix I was unable to click on any icons on my screen or start menu. They all had the same message along the lines of "marked for deletion would you like to remove". I saved the log to a flash drive so I could still present it to you. I restarted my computer after being unable to do anything and it said windows was unable to start and asked to recover from my last backup point. Which I proceeded to do. It appears as though the last backup point was made prior to my combofix download, as that is no longer on my screen.

Whether combofix removed the trojan or not is uncertain as I was unable to test a search engine after running .

Please find my combofix log below


.
..
.
Thank you,
MasterBroshi

.
..
.

ComboFix 12-03-26.02 - Kevin McGreen 03/26/2012 22:02:02.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6132.4720 [GMT -4:00]
Running from: c:\users\Kevin McGreen\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\AcRemoteUpdate.exe
c:\program files (x86)\AutocompletePro\AutocompletePro.dll
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf
c:\program files (x86)\AutocompletePro\TaskScheduler.dll
c:\program files (x86)\AutocompletePro\unins000.dat
c:\program files (x86)\AutocompletePro\unins000.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
c:\windows\SysWow64\scvideo.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-26 02:48 . 2012-03-26 02:48 388096 ----a-r- c:\users\Kevin McGreen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-26 02:48 . 2012-03-26 02:48 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-26 02:40 . 2012-03-26 02:40 -------- d-----w- c:\programdata\PC Tools
2012-03-25 19:12 . 2012-03-25 19:12 -------- d-----w- c:\users\Kevin McGreen\AppData\Roaming\SUPERAntiSpyware.com
2012-03-25 19:12 . 2012-03-25 19:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-25 19:12 . 2012-03-25 19:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-21 00:06 . 2012-03-25 01:20 -------- d-----w- c:\program files (x86)\Warcraft III
2012-03-15 07:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 07:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 07:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 23:49 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:49 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:49 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 23:47 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:47 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:47 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:47 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:47 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 23:47 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 23:47 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-01 04:13 . 2012-03-01 04:13 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-24 17:03 . 2011-10-09 04:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 04:13 . 2010-06-22 20:36 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44 . 2012-02-18 01:14 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-18 01:14 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-18 01:14 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-18 01:14 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-18 01:13 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\Kevin McGreen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-03-20 13324288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-24 98488]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616]
.
c:\users\Kevin McGreen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2011-04-24 02:17 147640 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 136176]
R2 SessionLauncher;SessionLauncher; [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-15 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-15 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 136176]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-02-01 25072]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-06-15 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-08 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-08 61712]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-04-24 2412728]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-04-29 91456]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 02:26]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 02:26]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1278296332-2420123301-964966345-1000Core.job
- c:\users\Kevin McGreen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 19:31]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1278296332-2420123301-964966345-1000UA.job
- c:\users\Kevin McGreen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 19:31]
.
2012-03-24 c:\windows\Tasks\Norton Security Scan for Kevin McGreen.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-17 14:06]
.
2012-03-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-03-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-03-27 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-08-07 3179088]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"combofix"="c:\combofix\CF31405.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hpwirelessmgr
yediex
i2omgmt
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/splitcam/{1B958291-62D8-445C-BAB3-0F21E446489C}
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Kevin McGreen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{02BFACED-AB00-4BC5-B36B-A3CB750E653E}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{02BFACED-AB00-4BC5-B36B-A3CB750E653E}\7455543545: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{0F71005D-D15F-4A4E-A5E8-B7185137E3CD}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{2BD7343E-E0D2-436D-A13F-FBA5B141BAA6}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Kevin McGreen\AppData\Roaming\Mozilla\Firefox\Profiles\jzwntgqm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http_port - 57354
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
SafeBoot-50936525.sys
SafeBoot-68167791.sys
SafeBoot-82262004.sys
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
AddRemove-Nike+ Mini - c:\windows\system32\Nike+ Mini.scr
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1278296332-2420123301-964966345-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1278296332-2420123301-964966345-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\windows\SysWOW64\ping.exe
.
**************************************************************************
.
Completion time: 2012-03-26 22:26:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-27 02:26
.
Pre-Run: 339,911,729,152 bytes free
Post-Run: 339,245,731,840 bytes free
.
- - End Of File - - 959687EDE47F55F7DBEC233B76FD9F0D

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 26 March 2012 - 10:02 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 MasterBroshi

MasterBroshi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 27 March 2012 - 06:07 PM

Hi Gringo,

I ran both and my computer still appears to be infected.

The only change is now the ads do not wait for me to click on a link, now they just pop up whenever, usually when I am on Google.com.

The tdsskiller log saved in two files, one is short, the other longer. I will post the first part in this post and then the long one and aswmbr logs in two separate posts.

Thanks,
MasterBroshi

18:52:10.0733 6512 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
18:52:12.0735 6512 ============================================================
18:52:12.0735 6512 Current date / time: 2012/03/27 18:52:12.0735
18:52:12.0735 6512 SystemInfo:
18:52:12.0735 6512
18:52:12.0735 6512 OS Version: 6.1.7601 ServicePack: 1.0
18:52:12.0735 6512 Product type: Workstation
18:52:12.0735 6512 ComputerName: KEVINMCGREEN-PC
18:52:12.0736 6512 UserName: Kevin McGreen
18:52:12.0736 6512 Windows directory: C:\Windows
18:52:12.0736 6512 System windows directory: C:\Windows
18:52:12.0736 6512 Running under WOW64
18:52:12.0736 6512 Processor architecture: Intel x64
18:52:12.0736 6512 Number of processors: 8
18:52:12.0736 6512 Page size: 0x1000
18:52:12.0736 6512 Boot type: Normal boot
18:52:12.0736 6512 ============================================================
18:52:13.0130 6512 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:52:13.0147 6512 \Device\Harddisk0\DR0:
18:52:13.0147 6512 MBR used
18:52:13.0147 6512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
18:52:13.0147 6512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
18:52:13.0181 6512 Initialize success
18:52:13.0181 6512 ============================================================
18:53:10.0703 4888 Deinitialize success

18:54:43.0696 4340 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
18:54:45.0698 4340 ============================================================
18:54:45.0698 4340 Current date / time: 2012/03/27 18:54:45.0698
18:54:45.0698 4340 SystemInfo:
18:54:45.0698 4340
18:54:45.0698 4340 OS Version: 6.1.7601 ServicePack: 1.0
18:54:45.0698 4340 Product type: Workstation
18:54:45.0698 4340 ComputerName: KEVINMCGREEN-PC
18:54:45.0699 4340 UserName: Kevin McGreen
18:54:45.0699 4340 Windows directory: C:\Windows
18:54:45.0699 4340 System windows directory: C:\Windows
18:54:45.0699 4340 Running under WOW64
18:54:45.0699 4340 Processor architecture: Intel x64
18:54:45.0699 4340 Number of processors: 8
18:54:45.0699 4340 Page size: 0x1000
18:54:45.0699 4340 Boot type: Normal boot
18:54:45.0699 4340 ============================================================
18:54:46.0167 4340 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:54:46.0183 4340 \Device\Harddisk0\DR0:
18:54:46.0183 4340 MBR used
18:54:46.0183 4340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
18:54:46.0183 4340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
18:54:46.0225 4340 Initialize success
18:54:46.0225 4340 ============================================================
18:54:47.0452 3660 ============================================================
18:54:47.0452 3660 Scan started
18:54:47.0452 3660 Mode: Manual;
18:54:47.0452 3660 ============================================================
18:54:50.0103 3660 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:54:50.0106 3660 !SASCORE - ok
18:54:50.0286 3660 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:54:50.0290 3660 1394ohci - ok
18:54:50.0346 3660 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:54:50.0353 3660 ACPI - ok
18:54:50.0384 3660 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:54:50.0385 3660 AcpiPmi - ok
18:54:50.0467 3660 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:54:50.0475 3660 adp94xx - ok
18:54:50.0545 3660 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:54:50.0551 3660 adpahci - ok
18:54:50.0579 3660 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:54:50.0583 3660 adpu320 - ok
18:54:50.0625 3660 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:54:50.0627 3660 AeLookupSvc - ok
18:54:50.0741 3660 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
18:54:50.0744 3660 AESTFilters - ok
18:54:50.0873 3660 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:54:50.0879 3660 AFD - ok
18:54:50.0935 3660 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:54:50.0937 3660 agp440 - ok
18:54:50.0959 3660 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:54:50.0961 3660 ALG - ok
18:54:51.0021 3660 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:54:51.0023 3660 aliide - ok
18:54:51.0060 3660 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe
18:54:51.0064 3660 AMD External Events Utility - ok
18:54:51.0081 3660 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:54:51.0082 3660 amdide - ok
18:54:51.0145 3660 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:54:51.0147 3660 AmdK8 - ok
18:54:51.0275 3660 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
18:54:51.0327 3660 amdkmdag - ok
18:54:51.0432 3660 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
18:54:51.0434 3660 amdkmdap - ok
18:54:51.0484 3660 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:54:51.0486 3660 AmdPPM - ok
18:54:51.0544 3660 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:54:51.0547 3660 amdsata - ok
18:54:51.0607 3660 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:54:51.0610 3660 amdsbs - ok
18:54:51.0630 3660 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:54:51.0630 3660 amdxata - ok
18:54:51.0691 3660 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:54:51.0692 3660 AppID - ok
18:54:51.0731 3660 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:54:51.0732 3660 AppIDSvc - ok
18:54:51.0776 3660 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:54:51.0778 3660 Appinfo - ok
18:54:51.0929 3660 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:54:51.0931 3660 Apple Mobile Device - ok
18:54:52.0041 3660 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:54:52.0044 3660 arc - ok
18:54:52.0063 3660 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:54:52.0066 3660 arcsas - ok
18:54:52.0137 3660 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:54:52.0139 3660 AsyncMac - ok
18:54:52.0194 3660 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:54:52.0195 3660 atapi - ok
18:54:52.0300 3660 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
18:54:52.0302 3660 AtiHdmiService - ok
18:54:52.0378 3660 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:54:52.0389 3660 AudioEndpointBuilder - ok
18:54:52.0406 3660 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:54:52.0414 3660 AudioSrv - ok
18:54:52.0506 3660 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:54:52.0509 3660 AxInstSV - ok
18:54:52.0606 3660 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:54:52.0614 3660 b06bdrv - ok
18:54:52.0669 3660 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:54:52.0675 3660 b57nd60a - ok
18:54:52.0820 3660 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:54:52.0824 3660 BBSvc - ok
18:54:52.0859 3660 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:54:52.0862 3660 BDESVC - ok
18:54:52.0929 3660 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:54:52.0930 3660 Beep - ok
18:54:52.0997 3660 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:54:53.0013 3660 BITS - ok
18:54:53.0071 3660 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:54:53.0072 3660 blbdrive - ok
18:54:53.0220 3660 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:54:53.0227 3660 Bonjour Service - ok
18:54:53.0333 3660 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:54:53.0335 3660 bowser - ok
18:54:53.0398 3660 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:54:53.0399 3660 BrFiltLo - ok
18:54:53.0440 3660 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:54:53.0441 3660 BrFiltUp - ok
18:54:53.0508 3660 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:54:53.0512 3660 Browser - ok
18:54:53.0538 3660 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:54:53.0544 3660 Brserid - ok
18:54:53.0560 3660 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:54:53.0562 3660 BrSerWdm - ok
18:54:53.0585 3660 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:54:53.0586 3660 BrUsbMdm - ok
18:54:53.0602 3660 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:54:53.0603 3660 BrUsbSer - ok
18:54:53.0623 3660 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:54:53.0626 3660 BTHMODEM - ok
18:54:53.0727 3660 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:54:53.0730 3660 bthserv - ok
18:54:53.0808 3660 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:54:53.0811 3660 cdfs - ok
18:54:53.0887 3660 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:54:53.0891 3660 cdrom - ok
18:54:53.0953 3660 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:54:53.0956 3660 CertPropSvc - ok
18:54:54.0040 3660 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:54:54.0042 3660 circlass - ok
18:54:54.0068 3660 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:54:54.0074 3660 CLFS - ok
18:54:54.0170 3660 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:54:54.0172 3660 clr_optimization_v2.0.50727_32 - ok
18:54:54.0246 3660 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:54:54.0249 3660 clr_optimization_v2.0.50727_64 - ok
18:54:54.0334 3660 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:54:54.0337 3660 clr_optimization_v4.0.30319_32 - ok
18:54:54.0362 3660 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:54:54.0366 3660 clr_optimization_v4.0.30319_64 - ok
18:54:54.0455 3660 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:54:54.0457 3660 CmBatt - ok
18:54:54.0503 3660 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:54:54.0504 3660 cmdide - ok
18:54:54.0595 3660 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:54:54.0602 3660 CNG - ok
18:54:54.0653 3660 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:54:54.0654 3660 Compbatt - ok
18:54:54.0720 3660 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:54:54.0721 3660 CompositeBus - ok
18:54:54.0744 3660 COMSysApp - ok
18:54:54.0774 3660 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:54:54.0775 3660 crcdisk - ok
18:54:54.0892 3660 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
18:54:54.0895 3660 Creative ALchemy AL6 Licensing Service - ok
18:54:54.0978 3660 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
18:54:54.0980 3660 Creative Audio Engine Licensing Service - ok
18:54:55.0089 3660 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:54:55.0093 3660 CryptSvc - ok
18:54:55.0154 3660 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
18:54:55.0159 3660 CTAudSvcService - ok
18:54:55.0260 3660 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
18:54:55.0264 3660 CtClsFlt - ok
18:54:55.0339 3660 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:54:55.0346 3660 DcomLaunch - ok
18:54:55.0381 3660 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:54:55.0387 3660 defragsvc - ok
18:54:55.0472 3660 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:54:55.0475 3660 DfsC - ok
18:54:55.0579 3660 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:54:55.0585 3660 Dhcp - ok
18:54:55.0625 3660 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:54:55.0626 3660 discache - ok
18:54:55.0681 3660 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:54:55.0683 3660 Disk - ok
18:54:55.0726 3660 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:54:55.0731 3660 Dnscache - ok
18:54:55.0857 3660 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
18:54:55.0860 3660 DockLoginService - ok
18:54:55.0911 3660 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:54:55.0917 3660 dot3svc - ok
18:54:56.0000 3660 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:54:56.0003 3660 DPS - ok
18:54:56.0093 3660 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:54:56.0095 3660 drmkaud - ok
18:54:56.0157 3660 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:54:56.0168 3660 DXGKrnl - ok
18:54:56.0209 3660 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:54:56.0211 3660 EapHost - ok
18:54:56.0323 3660 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:54:56.0353 3660 ebdrv - ok
18:54:56.0445 3660 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:54:56.0447 3660 EFS - ok
18:54:56.0498 3660 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:54:56.0510 3660 ehRecvr - ok
18:54:56.0548 3660 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:54:56.0552 3660 ehSched - ok
18:54:56.0642 3660 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:54:56.0651 3660 elxstor - ok
18:54:56.0686 3660 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:54:56.0687 3660 ErrDev - ok
18:54:56.0759 3660 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:54:56.0767 3660 EventSystem - ok
18:54:56.0869 3660 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:54:56.0874 3660 exfat - ok
18:54:56.0936 3660 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
18:54:56.0939 3660 FACAP - ok
18:54:57.0146 3660 FAService (2b85d60e470acf871e4ef0db02e26861) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
18:54:57.0159 3660 FAService - ok
18:54:57.0242 3660 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:54:57.0245 3660 fastfat - ok
18:54:57.0313 3660 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:54:57.0324 3660 Fax - ok
18:54:57.0369 3660 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:54:57.0370 3660 fdc - ok
18:54:57.0414 3660 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:54:57.0415 3660 fdPHost - ok
18:54:57.0429 3660 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:54:57.0430 3660 FDResPub - ok
18:54:57.0451 3660 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:54:57.0452 3660 FileInfo - ok
18:54:57.0462 3660 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:54:57.0463 3660 Filetrace - ok
18:54:57.0483 3660 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:54:57.0484 3660 flpydisk - ok
18:54:57.0532 3660 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:54:57.0537 3660 FltMgr - ok
18:54:57.0635 3660 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:54:57.0654 3660 FontCache - ok
18:54:57.0752 3660 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:54:57.0753 3660 FontCache3.0.0.0 - ok
18:54:57.0820 3660 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:54:57.0822 3660 FsDepends - ok
18:54:57.0880 3660 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:54:57.0881 3660 Fs_Rec - ok
18:54:57.0944 3660 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:54:57.0948 3660 fvevol - ok
18:54:58.0035 3660 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:54:58.0037 3660 gagp30kx - ok
18:54:58.0143 3660 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
18:54:58.0148 3660 GameConsoleService - ok
18:54:58.0201 3660 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:54:58.0202 3660 GEARAspiWDM - ok
18:54:58.0266 3660 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
18:54:58.0268 3660 GoToAssist - ok
18:54:58.0345 3660 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:54:58.0359 3660 gpsvc - ok
18:54:58.0454 3660 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:54:58.0457 3660 gupdate - ok
18:54:58.0500 3660 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:54:58.0502 3660 gupdatem - ok
18:54:58.0594 3660 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:54:58.0596 3660 hcw85cir - ok
18:54:58.0690 3660 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:54:58.0692 3660 HDAudBus - ok
18:54:58.0714 3660 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:54:58.0716 3660 HidBatt - ok
18:54:58.0740 3660 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:54:58.0742 3660 HidBth - ok
18:54:58.0796 3660 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:54:58.0798 3660 HidIr - ok
18:54:58.0833 3660 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:54:58.0836 3660 hidserv - ok
18:54:58.0890 3660 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:54:58.0892 3660 HidUsb - ok
18:54:58.0935 3660 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:54:58.0938 3660 hkmsvc - ok
18:54:58.0986 3660 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:54:58.0991 3660 HomeGroupListener - ok
18:54:59.0071 3660 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:54:59.0077 3660 HomeGroupProvider - ok
18:54:59.0176 3660 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:54:59.0179 3660 HpSAMD - ok
18:54:59.0237 3660 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:54:59.0249 3660 HTTP - ok
18:54:59.0316 3660 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:54:59.0316 3660 hwpolicy - ok
18:54:59.0372 3660 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:54:59.0375 3660 i8042prt - ok
18:54:59.0483 3660 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:54:59.0489 3660 IAANTMON - ok
18:54:59.0574 3660 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
18:54:59.0580 3660 iaStor - ok
18:54:59.0652 3660 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:54:59.0657 3660 iaStorV - ok
18:54:59.0753 3660 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:54:59.0766 3660 idsvc - ok
18:54:59.0810 3660 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:54:59.0812 3660 iirsp - ok
18:54:59.0893 3660 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:54:59.0907 3660 IKEEXT - ok
18:54:59.0977 3660 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:54:59.0979 3660 intelide - ok
18:55:00.0032 3660 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:55:00.0033 3660 intelppm - ok
18:55:00.0082 3660 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:55:00.0086 3660 IPBusEnum - ok
18:55:00.0155 3660 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:55:00.0158 3660 IpFilterDriver - ok
18:55:00.0206 3660 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:55:00.0209 3660 IPMIDRV - ok
18:55:00.0255 3660 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:55:00.0257 3660 IPNAT - ok
18:55:00.0372 3660 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
18:55:00.0387 3660 iPod Service - ok
18:55:00.0428 3660 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:55:00.0430 3660 IRENUM - ok
18:55:00.0490 3660 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:55:00.0491 3660 isapnp - ok
18:55:00.0544 3660 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:55:00.0549 3660 iScsiPrt - ok
18:55:00.0627 3660 itecir (9291643b494f87bfdac95a524f69e737) C:\Windows\system32\DRIVERS\itecir.sys
18:55:00.0629 3660 itecir - ok
18:55:00.0688 3660 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
18:55:00.0693 3660 k57nd60a - ok
18:55:00.0748 3660 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:55:00.0749 3660 kbdclass - ok
18:55:00.0766 3660 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:55:00.0768 3660 kbdhid - ok
18:55:00.0861 3660 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:55:00.0863 3660 KeyIso - ok
18:55:00.0920 3660 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:55:00.0922 3660 KSecDD - ok
18:55:00.0945 3660 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:55:00.0948 3660 KSecPkg - ok
18:55:00.0989 3660 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:55:00.0990 3660 ksthunk - ok
18:55:01.0067 3660 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:55:01.0075 3660 KtmRm - ok
18:55:01.0137 3660 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:55:01.0143 3660 LanmanServer - ok
18:55:01.0238 3660 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:55:01.0243 3660 LanmanWorkstation - ok
18:55:01.0322 3660 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:55:01.0324 3660 lltdio - ok
18:55:01.0367 3660 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:55:01.0374 3660 lltdsvc - ok
18:55:01.0395 3660 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:55:01.0398 3660 lmhosts - ok
18:55:01.0447 3660 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:55:01.0449 3660 LSI_FC - ok
18:55:01.0467 3660 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:55:01.0470 3660 LSI_SAS - ok
18:55:01.0489 3660 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:55:01.0492 3660 LSI_SAS2 - ok
18:55:01.0513 3660 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:55:01.0516 3660 LSI_SCSI - ok
18:55:01.0582 3660 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:55:01.0585 3660 luafv - ok
18:55:01.0651 3660 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
18:55:01.0652 3660 MBAMProtector - ok
18:55:01.0752 3660 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:55:01.0758 3660 MBAMService - ok
18:55:01.0805 3660 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:55:01.0809 3660 Mcx2Svc - ok
18:55:01.0850 3660 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:55:01.0852 3660 megasas - ok
18:55:01.0873 3660 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:55:01.0879 3660 MegaSR - ok
18:55:01.0922 3660 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:55:01.0925 3660 MMCSS - ok
18:55:01.0971 3660 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:55:01.0972 3660 Modem - ok
18:55:02.0003 3660 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:55:02.0004 3660 monitor - ok
18:55:02.0103 3660 MotoConnect Service (be72f68c3e898c6c7dd61afdf28769dd) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
18:55:02.0105 3660 MotoConnect Service - ok
18:55:02.0183 3660 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:55:02.0184 3660 mouclass - ok
18:55:02.0253 3660 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:55:02.0254 3660 mouhid - ok
18:55:02.0318 3660 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:55:02.0320 3660 mountmgr - ok
18:55:02.0375 3660 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:55:02.0378 3660 mpio - ok
18:55:02.0397 3660 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:55:02.0399 3660 mpsdrv - ok
18:55:02.0445 3660 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:55:02.0449 3660 MRxDAV - ok
18:55:02.0496 3660 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:55:02.0499 3660 mrxsmb - ok
18:55:02.0581 3660 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:55:02.0586 3660 mrxsmb10 - ok
18:55:02.0634 3660 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:55:02.0637 3660 mrxsmb20 - ok
18:55:02.0682 3660 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:55:02.0683 3660 msahci - ok
18:55:02.0700 3660 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:55:02.0704 3660 msdsm - ok
18:55:02.0741 3660 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:55:02.0743 3660 MSDTC - ok
18:55:02.0795 3660 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:55:02.0796 3660 Msfs - ok
18:55:02.0818 3660 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:55:02.0819 3660 mshidkmdf - ok
18:55:02.0852 3660 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:55:02.0852 3660 msisadrv - ok
18:55:02.0894 3660 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:55:02.0897 3660 MSiSCSI - ok
18:55:02.0904 3660 msiserver - ok
18:55:02.0978 3660 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:55:02.0979 3660 MSKSSRV - ok
18:55:03.0032 3660 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:55:03.0033 3660 MSPCLOCK - ok
18:55:03.0071 3660 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:55:03.0072 3660 MSPQM - ok
18:55:03.0113 3660 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:55:03.0119 3660 MsRPC - ok
18:55:03.0148 3660 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:55:03.0149 3660 mssmbios - ok
18:55:03.0174 3660 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:55:03.0176 3660 MSTEE - ok
18:55:03.0194 3660 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:55:03.0196 3660 MTConfig - ok
18:55:03.0246 3660 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:55:03.0247 3660 Mup - ok
18:55:03.0292 3660 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:55:03.0297 3660 napagent - ok
18:55:03.0350 3660 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:55:03.0356 3660 NativeWifiP - ok
18:55:03.0454 3660 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:55:03.0468 3660 NDIS - ok
18:55:03.0514 3660 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:55:03.0516 3660 NdisCap - ok
18:55:03.0566 3660 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:55:03.0567 3660 NdisTapi - ok
18:55:03.0626 3660 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:55:03.0628 3660 Ndisuio - ok
18:55:03.0671 3660 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:55:03.0674 3660 NdisWan - ok
18:55:03.0720 3660 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:55:03.0722 3660 NDProxy - ok
18:55:03.0816 3660 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:55:03.0818 3660 NetBIOS - ok
18:55:03.0869 3660 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:55:03.0874 3660 NetBT - ok
18:55:03.0953 3660 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:55:03.0955 3660 Netlogon - ok
18:55:04.0052 3660 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:55:04.0060 3660 Netman - ok
18:55:04.0101 3660 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:55:04.0110 3660 netprofm - ok
18:55:04.0211 3660 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:55:04.0213 3660 NetTcpPortSharing - ok
18:55:04.0421 3660 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
18:55:04.0484 3660 NETw5s64 - ok
18:55:04.0594 3660 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:55:04.0596 3660 nfrd960 - ok
18:55:04.0663 3660 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:55:04.0670 3660 NlaSvc - ok
18:55:04.0704 3660 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:55:04.0705 3660 Npfs - ok
18:55:04.0745 3660 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:55:04.0748 3660 nsi - ok
18:55:04.0769 3660 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:55:04.0770 3660 nsiproxy - ok
18:55:04.0851 3660 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:55:04.0866 3660 Ntfs - ok
18:55:04.0883 3660 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:55:04.0884 3660 Null - ok
18:55:04.0932 3660 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:55:04.0936 3660 nvraid - ok
18:55:04.0994 3660 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:55:04.0998 3660 nvstor - ok
18:55:05.0043 3660 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:55:05.0045 3660 nv_agp - ok
18:55:05.0164 3660 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:55:05.0171 3660 odserv - ok
18:55:05.0196 3660 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:55:05.0199 3660 ohci1394 - ok
18:55:05.0277 3660 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:55:05.0279 3660 ose - ok
18:55:05.0315 3660 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:55:05.0319 3660 p2pimsvc - ok
18:55:05.0339 3660 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:55:05.0348 3660 p2psvc - ok
18:55:05.0412 3660 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:55:05.0415 3660 Parport - ok
18:55:05.0451 3660 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:55:05.0453 3660 partmgr - ok
18:55:05.0474 3660 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:55:05.0479 3660 PcaSvc - ok
18:55:05.0614 3660 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
18:55:05.0616 3660 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
18:55:05.0687 3660 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:55:05.0691 3660 pci - ok
18:55:05.0745 3660 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:55:05.0747 3660 pciide - ok
18:55:05.0815 3660 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:55:05.0818 3660 pcmcia - ok
18:55:05.0833 3660 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:55:05.0834 3660 pcw - ok
18:55:05.0855 3660 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:55:05.0862 3660 PEAUTH - ok
18:55:05.0966 3660 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:55:05.0967 3660 PerfHost - ok
18:55:06.0060 3660 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:55:06.0082 3660 pla - ok
18:55:06.0135 3660 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:55:06.0144 3660 PlugPlay - ok
18:55:06.0214 3660 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:55:06.0217 3660 PNRPAutoReg - ok
18:55:06.0242 3660 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:55:06.0248 3660 PNRPsvc - ok
18:55:06.0272 3660 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:55:06.0277 3660 PolicyAgent - ok
18:55:06.0322 3660 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:55:06.0325 3660 Power - ok
18:55:06.0406 3660 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:55:06.0408 3660 PptpMiniport - ok
18:55:06.0444 3660 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:55:06.0446 3660 Processor - ok
18:55:06.0483 3660 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:55:06.0487 3660 ProfSvc - ok
18:55:06.0528 3660 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:55:06.0529 3660 ProtectedStorage - ok
18:55:06.0635 3660 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:55:06.0638 3660 Psched - ok
18:55:06.0704 3660 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:55:06.0706 3660 PxHlpa64 - ok
18:55:06.0781 3660 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:55:06.0804 3660 ql2300 - ok
18:55:06.0865 3660 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:55:06.0869 3660 ql40xx - ok
18:55:06.0908 3660 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:55:06.0914 3660 QWAVE - ok
18:55:06.0959 3660 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:55:06.0961 3660 QWAVEdrv - ok
18:55:07.0049 3660 RapportEI64 (c3c5f9517aac5848ffb7f66040780c3c) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
18:55:07.0050 3660 RapportEI64 - ok
18:55:07.0131 3660 RapportKE64 (d93de87b860ab508d3617c4d0b5ba640) C:\Windows\system32\Drivers\RapportKE64.sys
18:55:07.0133 3660 RapportKE64 - ok
18:55:07.0192 3660 RapportPG64 (819e5a7e3729273c252ae35f9e5e0bc8) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
18:55:07.0193 3660 RapportPG64 - ok
18:55:07.0242 3660 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:55:07.0243 3660 RasAcd - ok
18:55:07.0301 3660 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:55:07.0303 3660 RasAgileVpn - ok
18:55:07.0349 3660 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:55:07.0353 3660 RasAuto - ok
18:55:07.0389 3660 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:55:07.0391 3660 Rasl2tp - ok
18:55:07.0428 3660 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:55:07.0433 3660 RasMan - ok
18:55:07.0486 3660 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:55:07.0488 3660 RasPppoe - ok
18:55:07.0540 3660 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:55:07.0541 3660 RasSstp - ok
18:55:07.0565 3660 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:55:07.0569 3660 rdbss - ok
18:55:07.0615 3660 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:55:07.0617 3660 rdpbus - ok
18:55:07.0632 3660 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:55:07.0633 3660 RDPCDD - ok
18:55:07.0681 3660 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:55:07.0682 3660 RDPENCDD - ok
18:55:07.0724 3660 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:55:07.0725 3660 RDPREFMP - ok
18:55:07.0763 3660 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:55:07.0766 3660 RDPWD - ok
18:55:07.0812 3660 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:55:07.0816 3660 rdyboost - ok
18:55:07.0913 3660 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:55:07.0917 3660 RemoteAccess - ok
18:55:07.0986 3660 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:55:07.0991 3660 RemoteRegistry - ok
18:55:08.0034 3660 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
18:55:08.0036 3660 rimspci - ok
18:55:08.0056 3660 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys
18:55:08.0059 3660 risdpcie - ok
18:55:08.0074 3660 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
18:55:08.0076 3660 rixdpcie - ok
18:55:08.0216 3660 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
18:55:08.0227 3660 RoxMediaDB10 - ok
18:55:08.0266 3660 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:55:08.0268 3660 RpcEptMapper - ok
18:55:08.0335 3660 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:55:08.0338 3660 RpcLocator - ok
18:55:08.0389 3660 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:55:08.0395 3660 RpcSs - ok
18:55:08.0430 3660 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:55:08.0431 3660 rspndr - ok
18:55:08.0442 3660 RxFilter - ok
18:55:08.0479 3660 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:55:08.0480 3660 SamSs - ok
18:55:08.0587 3660 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:55:08.0588 3660 SASDIFSV - ok
18:55:08.0641 3660 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:55:08.0641 3660 SASKUTIL - ok
18:55:08.0696 3660 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:55:08.0699 3660 sbp2port - ok
18:55:08.0774 3660 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:55:08.0780 3660 SCardSvr - ok
18:55:08.0815 3660 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:55:08.0816 3660 scfilter - ok
18:55:08.0864 3660 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:55:08.0877 3660 Schedule - ok
18:55:08.0921 3660 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:55:08.0923 3660 SCPolicySvc - ok
18:55:08.0945 3660 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:55:08.0948 3660 SDRSVC - ok
18:55:09.0069 3660 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:55:09.0073 3660 SeaPort - ok
18:55:09.0137 3660 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:55:09.0139 3660 secdrv - ok
18:55:09.0207 3660 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:55:09.0211 3660 seclogon - ok
18:55:09.0250 3660 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:55:09.0254 3660 SENS - ok
18:55:09.0269 3660 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:55:09.0273 3660 SensrSvc - ok
18:55:09.0328 3660 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:55:09.0330 3660 Serenum - ok
18:55:09.0380 3660 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:55:09.0383 3660 Serial - ok
18:55:09.0477 3660 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:55:09.0479 3660 sermouse - ok
18:55:09.0526 3660 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:55:09.0529 3660 SessionEnv - ok
18:55:09.0570 3660 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:55:09.0571 3660 sffdisk - ok
18:55:09.0625 3660 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:55:09.0627 3660 sffp_mmc - ok
18:55:09.0642 3660 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:55:09.0644 3660 sffp_sd - ok
18:55:09.0679 3660 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:55:09.0680 3660 sfloppy - ok
18:55:09.0768 3660 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:55:09.0784 3660 SftService - ok
18:55:09.0829 3660 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:55:09.0834 3660 SharedAccess - ok
18:55:09.0880 3660 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:55:09.0888 3660 ShellHWDetection - ok
18:55:10.0019 3660 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:55:10.0021 3660 SiSRaid2 - ok
18:55:10.0046 3660 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:55:10.0049 3660 SiSRaid4 - ok
18:55:10.0105 3660 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:55:10.0107 3660 Smb - ok
18:55:10.0172 3660 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:55:10.0175 3660 SNMPTRAP - ok
18:55:10.0241 3660 Sound Blaster X-Fi MB Licensing Service (9b24dca429f819db314f30ee4c6c80fd) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
18:55:10.0243 3660 Sound Blaster X-Fi MB Licensing Service - ok
18:55:10.0299 3660 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:55:10.0300 3660 spldr - ok
18:55:10.0353 3660 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:55:10.0364 3660 Spooler - ok
18:55:10.0501 3660 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:55:10.0560 3660 sppsvc - ok
18:55:10.0600 3660 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:55:10.0602 3660 sppuinotify - ok
18:55:10.0661 3660 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:55:10.0669 3660 srv - ok
18:55:10.0715 3660 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:55:10.0722 3660 srv2 - ok
18:55:10.0740 3660 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:55:10.0744 3660 srvnet - ok
18:55:10.0825 3660 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:55:10.0829 3660 SSDPSRV - ok
18:55:10.0850 3660 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:55:10.0855 3660 SstpSvc - ok
18:55:10.0940 3660 STacSV (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
18:55:10.0943 3660 STacSV - ok
18:55:11.0031 3660 Steam Client Service - ok
18:55:11.0068 3660 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:55:11.0070 3660 stexstor - ok
18:55:11.0123 3660 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
18:55:11.0132 3660 STHDA - ok
18:55:11.0251 3660 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:55:11.0263 3660 stisvc - ok
18:55:11.0304 3660 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:55:11.0306 3660 stllssvr - ok
18:55:11.0345 3660 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:55:11.0346 3660 swenum - ok
18:55:11.0396 3660 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:55:11.0407 3660 swprv - ok
18:55:11.0522 3660 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
18:55:11.0526 3660 SynTP - ok
18:55:11.0603 3660 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:55:11.0633 3660 SysMain - ok
18:55:11.0712 3660 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:55:11.0717 3660 TabletInputService - ok
18:55:11.0806 3660 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:55:11.0813 3660 TapiSrv - ok
18:55:11.0855 3660 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:55:11.0859 3660 TBS - ok
18:55:12.0053 3660 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:55:12.0084 3660 Tcpip - ok
18:55:12.0118 3660 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:55:12.0128 3660 TCPIP6 - ok
18:55:12.0168 3660 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:55:12.0169 3660 tcpipreg - ok
18:55:12.0228 3660 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:55:12.0229 3660 TDPIPE - ok
18:55:12.0311 3660 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:55:12.0313 3660 TDTCP - ok
18:55:12.0354 3660 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:55:12.0357 3660 tdx - ok
18:55:12.0410 3660 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:55:12.0411 3660 TermDD - ok
18:55:12.0477 3660 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:55:12.0492 3660 TermService - ok
18:55:12.0544 3660 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:55:12.0548 3660 Themes - ok
18:55:12.0589 3660 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:55:12.0592 3660 THREADORDER - ok
18:55:12.0619 3660 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:55:12.0623 3660 TrkWks - ok
18:55:12.0692 3660 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:55:12.0694 3660 TrustedInstaller - ok
18:55:12.0756 3660 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:55:12.0758 3660 tssecsrv - ok
18:55:12.0828 3660 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:55:12.0830 3660 TsUsbFlt - ok
18:55:12.0950 3660 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:55:12.0953 3660 tunnel - ok
18:55:13.0000 3660 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
18:55:13.0001 3660 TurboB - ok
18:55:13.0097 3660 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:55:13.0100 3660 TurboBoost - ok
18:55:13.0177 3660 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:55:13.0179 3660 uagp35 - ok
18:55:13.0225 3660 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:55:13.0231 3660 udfs - ok
18:55:13.0280 3660 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:55:13.0284 3660 UI0Detect - ok
18:55:13.0349 3660 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:55:13.0352 3660 uliagpkx - ok
18:55:13.0402 3660 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:55:13.0404 3660 umbus - ok
18:55:13.0457 3660 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:55:13.0458 3660 UmPass - ok
18:55:13.0487 3660 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:55:13.0496 3660 upnphost - ok
18:55:13.0601 3660 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:55:13.0602 3660 USBAAPL64 - ok
18:55:13.0651 3660 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:55:13.0653 3660 usbccgp - ok
18:55:13.0675 3660 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:55:13.0677 3660 usbcir - ok
18:55:13.0701 3660 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:55:13.0702 3660 usbehci - ok
18:55:13.0783 3660 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:55:13.0789 3660 usbhub - ok
18:55:13.0846 3660 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:55:13.0848 3660 usbohci - ok
18:55:13.0892 3660 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:55:13.0894 3660 usbprint - ok
18:55:13.0917 3660 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
18:55:13.0920 3660 USBSTOR - ok
18:55:13.0969 3660 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:55:13.0971 3660 usbuhci - ok
18:55:14.0057 3660 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:55:14.0061 3660 usbvideo - ok
18:55:14.0106 3660 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:55:14.0110 3660 UxSms - ok
18:55:14.0154 3660 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:55:14.0156 3660 VaultSvc - ok
18:55:14.0189 3660 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:55:14.0190 3660 vdrvroot - ok
18:55:14.0262 3660 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:55:14.0273 3660 vds - ok
18:55:14.0322 3660 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:55:14.0324 3660 vga - ok
18:55:14.0364 3660 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:55:14.0366 3660 VgaSave - ok
18:55:14.0437 3660 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:55:14.0443 3660 vhdmp - ok
18:55:14.0513 3660 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:55:14.0515 3660 viaide - ok
18:55:14.0542 3660 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:55:14.0544 3660 volmgr - ok
18:55:14.0641 3660 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:55:14.0647 3660 volmgrx - ok
18:55:14.0683 3660 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:55:14.0688 3660 volsnap - ok
18:55:14.0777 3660 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:55:14.0780 3660 vsmraid - ok
18:55:14.0858 3660 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:55:14.0878 3660 VSS - ok
18:55:14.0926 3660 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:55:14.0928 3660 vwifibus - ok
18:55:14.0952 3660 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:55:14.0954 3660 vwififlt - ok
18:55:15.0036 3660 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:55:15.0037 3660 vwifimp - ok
18:55:15.0085 3660 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:55:15.0093 3660 W32Time - ok
18:55:15.0132 3660 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:55:15.0134 3660 WacomPen - ok
18:55:15.0204 3660 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:55:15.0206 3660 WANARP - ok
18:55:15.0212 3660 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:55:15.0214 3660 Wanarpv6 - ok
18:55:15.0309 3660 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:55:15.0329 3660 WatAdminSvc - ok
18:55:15.0399 3660 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:55:15.0418 3660 wbengine - ok
18:55:15.0493 3660 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:55:15.0499 3660 WbioSrvc - ok
18:55:15.0563 3660 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:55:15.0571 3660 wcncsvc - ok
18:55:15.0590 3660 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:55:15.0594 3660 WcsPlugInService - ok
18:55:15.0642 3660 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:55:15.0643 3660 Wd - ok
18:55:15.0668 3660 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:55:15.0673 3660 Wdf01000 - ok
18:55:15.0693 3660 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:55:15.0697 3660 WdiServiceHost - ok
18:55:15.0703 3660 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:55:15.0706 3660 WdiSystemHost - ok
18:55:15.0766 3660 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:55:15.0773 3660 WebClient - ok
18:55:15.0800 3660 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:55:15.0807 3660 Wecsvc - ok
18:55:15.0859 3660 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:55:15.0863 3660 wercplsupport - ok
18:55:15.0932 3660 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:55:15.0936 3660 WerSvc - ok
18:55:15.0968 3660 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:55:15.0970 3660 WfpLwf - ok
18:55:16.0062 3660 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
18:55:16.0066 3660 WimFltr - ok
18:55:16.0109 3660 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:55:16.0111 3660 WIMMount - ok
18:55:16.0119 3660 WinHttpAutoProxySvc - ok
18:55:16.0215 3660 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:55:16.0220 3660 Winmgmt - ok
18:55:16.0378 3660 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:55:16.0398 3660 WinRM - ok
18:55:16.0617 3660 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:55:16.0619 3660 WinUsb - ok
18:55:16.0701 3660 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:55:16.0716 3660 Wlansvc - ok
18:55:17.0062 3660 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:55:17.0074 3660 wlidsvc - ok
18:55:17.0279 3660 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:55:17.0280 3660 WmiAcpi - ok
18:55:17.0378 3660 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:55:17.0381 3660 wmiApSrv - ok
18:55:17.0500 3660 WMPNetworkSvc - ok
18:55:17.0572 3660 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:55:17.0574 3660 WPCSvc - ok
18:55:17.0743 3660 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:55:17.0746 3660 WPDBusEnum - ok
18:55:17.0792 3660 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:55:17.0794 3660 ws2ifsl - ok
18:55:17.0802 3660 WSearch - ok
18:55:17.0905 3660 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:55:17.0930 3660 wuauserv - ok
18:55:18.0088 3660 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:55:18.0091 3660 WudfPf - ok
18:55:18.0206 3660 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:55:18.0210 3660 WUDFRd - ok
18:55:18.0255 3660 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:55:18.0261 3660 wudfsvc - ok
18:55:18.0316 3660 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:55:18.0323 3660 WwanSvc - ok
18:55:18.0411 3660 yediex (5f22132c9153639762708909f156b33d) C:\Windows\system32\catchme.dll
18:55:18.0413 3660 yediex ( Backdoor.Multi.ZAccess.gen ) - infected
18:55:18.0413 3660 yediex - detected Backdoor.Multi.ZAccess.gen (0)
18:55:18.0486 3660 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:55:18.0556 3660 \Device\Harddisk0\DR0 - ok
18:55:18.0561 3660 Boot (0x1200) (4e15e815dc2d7cc784d010950c63714b) \Device\Harddisk0\DR0\Partition0
18:55:18.0563 3660 \Device\Harddisk0\DR0\Partition0 - ok
18:55:18.0576 3660 Boot (0x1200) (4afee3eaf21861bc172e948a41e1a8cb) \Device\Harddisk0\DR0\Partition1
18:55:18.0578 3660 \Device\Harddisk0\DR0\Partition1 - ok
18:55:18.0578 3660 ============================================================
18:55:18.0578 3660 Scan finished
18:55:18.0578 3660 ============================================================
18:55:18.0586 1544 Detected object count: 1
18:55:18.0586 1544 Actual detected object count: 1
18:56:52.0339 1544 C:\Windows\system32\catchme.dll - copied to quarantine
18:56:52.0357 1544 HKLM\SYSTEM\ControlSet001\services\yediex - will be deleted on reboot
18:56:52.0388 1544 HKLM\SYSTEM\ControlSet002\services\yediex - will be deleted on reboot
18:56:52.0500 1544 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
18:56:52.0552 1544 C:\Windows\system32\catchme.dll - will be deleted on reboot
18:56:52.0552 1544 yediex ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
18:57:04.0019 3620 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-27 19:00:28
-----------------------------
19:00:28.968 OS Version: Windows x64 6.1.7601 Service Pack 1
19:00:28.968 Number of processors: 8 586 0x1E05
19:00:28.969 ComputerName: KEVINMCGREEN-PC UserName: Kevin McGreen
19:00:30.356 Initialize success
19:03:01.932 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:03:01.940 Disk 0 Vendor: TOSHIBA_ LJ00 Size: 476940MB BusType: 3
19:03:01.962 Disk 0 MBR read successfully
19:03:01.969 Disk 0 MBR scan
19:03:01.975 Disk 0 Windows VISTA default MBR code
19:03:01.981 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:03:02.006 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
19:03:02.027 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30800325
19:03:02.052 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**
19:03:02.061 Disk 0 scanning C:\Windows\system32\drivers
19:03:09.649 Service scanning
19:03:30.956 Modules scanning
19:03:30.974 Disk 0 trace - called modules:
19:03:31.013 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:03:31.025 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80063dd790]
19:03:31.036 3 CLASSPNP.SYS[fffff8800185a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80061aa050]
19:03:31.048 Scan finished successfully
19:03:40.003 Disk 0 MBR has been saved successfully to "C:\Users\Kevin McGreen\Desktop\MBR.dat"
19:03:40.010 The log file has been saved successfully to "C:\Users\Kevin McGreen\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 27 March 2012 - 06:33 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 MasterBroshi

MasterBroshi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 27 March 2012 - 07:30 PM

The computer is still infected.



Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 27-03-2012 20:24:45
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-23] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3179088 2009-08-07] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [98488 2011-04-23] (Sensible Vision )
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Kevin McGreen\...\Run: [Google Update] "C:\Users\Kevin McGreen\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-26] (Google Inc.)
HKU\Kevin McGreen\...\Run: [MusicManager] "C:\Users\Kevin McGreen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13324288 2012-03-20] (Google Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-09] (Dell)
HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
HKLM-x32\...\Winlogon: [Userinit] c:\windows\syswow64\userinit.exe, [x]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\..\Interfaces\{02BFACED-AB00-4BC5-B36B-A3CB750E653E}: [NameServer]208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{0F71005D-D15F-4A4E-A5E8-B7185137E3CD}: [NameServer]208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{2BD7343E-E0D2-436D-A13F-FBA5B141BAA6}: [NameServer]208.67.222.222,208.67.220.220
Lsa: [Notification Packages] scecli
FAPassSync
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-07-05] (Creative Technology Ltd)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-04-29] ()
2 pvservice; C:\Windows\System32\twdns.dll [6656 2009-07-13] (Oak Technology Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)
3 RoxMediaDB10; "c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [x]
3 stllssvr; "c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [x]

========================== Drivers (Whitelisted) =============

3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6233088 2010-01-21] (ATI Technologies Inc.)
3 itecir; C:\Windows\System32\Drivers\itecir.sys [60416 2009-03-09] (ITE Tech. Inc. )
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2011-11-07] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [97104 2011-11-01] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2011-11-07] (Trusteer Ltd.)
1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
3 aspnet_state; [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
2 SessionLauncher; [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: hpwirelessmgr
NETSVC: pvservice
NETSVC: i2omgmt

============ One Month Created Files and Folders ==============

2012-03-27 20:24 - 2012-03-27 20:25 - 0000000 ____D C:\FRST
2012-03-27 18:03 - 2012-03-27 18:03 - 0001708 ____A C:\Users\Kevin McGreen\Desktop\aswMBR.txt
2012-03-27 18:03 - 2012-03-27 18:03 - 0000512 ____A C:\Users\Kevin McGreen\Desktop\MBR.dat
2012-03-27 17:54 - 2012-03-27 17:57 - 0128200 ____A C:\Users\Kevin McGreen\Desktop\TDSSKiller.2.7.23.0_27.03.2012_18.54.43_log.txt
2012-03-27 17:54 - 2011-01-01 00:14 - 0002254 ____A C:\Users\Kevin McGreen\Desktop\eula.txt
2012-03-27 17:52 - 2012-03-27 17:54 - 2048299 ____A C:\Users\Kevin McGreen\Desktop\tdsskiller.zip
2012-03-27 17:52 - 2012-03-27 17:53 - 0003058 ____A C:\Users\Kevin McGreen\Desktop\TDSSKiller.2.7.22.0_27.03.2012_18.52.10_log.txt
2012-03-27 17:51 - 2012-03-27 17:51 - 4731392 ____A (AVAST Software) C:\Users\Kevin McGreen\Desktop\aswMBR.exe
2012-03-26 21:35 - 2012-03-26 21:35 - 0000000 ____D C:\Windows\system64
2012-03-26 21:26 - 2012-03-26 21:26 - 0022113 ____A C:\ComboFix.txt
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-03-26 20:52 - 2012-03-26 22:34 - 0000000 ____D C:\Windows\ERDNT
2012-03-26 20:46 - 2012-03-26 21:26 - 0000000 ____D C:\Qoobox
2012-03-25 22:05 - 2012-03-25 22:05 - 0025066 ____A C:\Users\Kevin McGreen\Desktop\DDS.txt
2012-03-25 22:05 - 2012-03-25 22:05 - 0015270 ____A C:\Users\Kevin McGreen\Desktop\Attach.txt
2012-03-25 22:02 - 2012-03-25 22:02 - 0607260 ____A (Swearware) C:\Users\Kevin McGreen\Desktop\dds.scr.part
2012-03-25 21:47 - 2012-03-25 21:47 - 1402880 ____A C:\Users\Kevin McGreen\Desktop\HiJackThis.msi
2012-03-25 21:40 - 2012-03-25 21:40 - 0000000 ____D C:\Users\All Users\PC Tools
2012-03-25 21:40 - 2012-03-25 21:40 - 0000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-03-25 21:40 - 2012-03-25 21:40 - 0000000 ____D C:\ProgramData\PC Tools
2012-03-25 21:27 - 2012-03-25 21:27 - 0000361 ____A C:\Users\Kevin McGreen\Desktop\delete these.txt
2012-03-25 21:11 - 2012-03-25 21:11 - 237581002 ____A C:\Users\Kevin McGreen\Desktop\Backup.reg
2012-03-25 20:58 - 2012-03-25 20:58 - 0512992 ____A C:\Users\Kevin McGreen\Desktop\iExplore.exe
2012-03-25 14:17 - 2012-03-25 21:29 - 11206506 ____A C:\Windows\ntbtlog.txt
2012-03-25 14:12 - 2012-03-25 14:12 - 0001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-03-25 14:12 - 2012-03-25 14:12 - 0001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-03-25 14:12 - 2012-03-25 14:12 - 0000000 ____D C:\Users\Kevin McGreen\Application Data\SUPERAntiSpyware.com
2012-03-25 14:12 - 2012-03-25 14:12 - 0000000 ____D C:\Users\Kevin McGreen\AppData\Roaming\SUPERAntiSpyware.com
2012-03-25 14:12 - 2012-03-25 14:12 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-25 14:12 - 2012-03-25 14:12 - 0000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-03-25 14:12 - 2012-03-25 14:12 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-03-25 14:12 - 2012-03-25 14:12 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-03-25 14:08 - 2012-03-25 14:11 - 15540296 ____A (SUPERAntiSpyware.com) C:\Users\Kevin McGreen\Desktop\SUPERAntiSpyware.exe
2012-03-25 14:06 - 2012-03-25 14:06 - 0000484 ____A C:\Windows\PFRO.log
2012-03-25 14:03 - 2012-03-25 14:03 - 0446464 ____A (OldTimer Tools) C:\Users\Kevin McGreen\Desktop\TFC.exe
2012-03-25 01:11 - 2012-03-25 01:32 - 0126972 ____A C:\TDSSKiller.2.7.22.0_25.03.2012_02.11.39_log.txt
2012-03-25 00:59 - 2012-03-25 00:59 - 0022808 ____A C:\Users\Kevin McGreen\Downloads\220px-Big_Pun1.jpg
2012-03-24 21:08 - 2012-03-24 21:08 - 0000000 ____D C:\Users\Kevin McGreen\My Documents\Personal Docs
2012-03-24 21:08 - 2012-03-24 21:08 - 0000000 ____D C:\Users\Kevin McGreen\Documents\Personal Docs
2012-03-24 21:05 - 2012-03-24 21:22 - 0000000 ____D C:\Users\Kevin McGreen\My Documents\MBA stuff
2012-03-24 21:05 - 2012-03-24 21:22 - 0000000 ____D C:\Users\Kevin McGreen\Documents\MBA stuff
2012-03-24 20:24 - 2012-03-26 12:41 - 2068016 ____A (Kaspersky Lab ZAO) C:\Users\Kevin McGreen\Desktop\TDSSKiller.exe
2012-03-24 20:24 - 2012-03-24 20:56 - 0127094 ____A C:\TDSSKiller.2.7.22.0_24.03.2012_21.24.59_log.txt
2012-03-24 19:45 - 2012-03-27 19:20 - 0000672 ____A C:\Windows\setupact.log
2012-03-24 19:45 - 2012-03-24 19:45 - 0000000 ____A C:\Windows\setuperr.log
2012-03-24 11:39 - 2012-03-24 11:39 - 0019968 ____A C:\Users\Kevin McGreen\Desktop\Book1.xls
2012-03-24 11:34 - 2012-03-27 17:58 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-20 19:06 - 2012-03-24 20:20 - 0000000 ____D C:\Program Files (x86)\Warcraft III
2012-03-15 02:03 - 2011-11-19 10:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-15 02:03 - 2011-11-19 09:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-15 02:03 - 2011-11-19 09:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 18:49 - 2012-02-10 01:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 18:49 - 2012-02-10 00:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 18:49 - 2012-02-02 23:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 18:47 - 2012-02-17 01:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 18:47 - 2012-02-17 00:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 18:47 - 2012-02-16 23:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 18:47 - 2012-02-16 23:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 18:47 - 2012-01-25 01:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 18:47 - 2012-01-25 01:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 18:47 - 2012-01-25 01:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-04 20:56 - 2012-03-04 22:26 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2012-02-29 23:13 - 2012-02-29 23:13 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-29 23:13 - 2012-02-29 23:13 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-29 23:13 - 2012-02-29 23:13 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

============ 3 Months Modified Files and Folders =============

2012-03-27 20:25 - 2012-03-27 20:24 - 0000000 ____D C:\FRST
2012-03-27 19:21 - 2010-06-14 22:48 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-03-27 19:20 - 2012-03-24 19:45 - 0000672 ____A C:\Windows\setupact.log
2012-03-27 19:20 - 2012-02-14 23:47 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-03-27 19:20 - 2010-06-15 00:26 - 527826944 __ASH C:\hiberfil.sys
2012-03-27 19:20 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-27 19:17 - 2009-07-14 00:10 - 1121510 ____A C:\Windows\WindowsUpdate.log
2012-03-27 18:57 - 2010-10-29 21:26 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-27 18:31 - 2010-08-26 14:31 - 0000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1278296332-2420123301-964966345-1000UA.job
2012-03-27 18:31 - 2010-08-26 14:31 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1278296332-2420123301-964966345-1000Core.job
2012-03-27 18:04 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-27 18:04 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-27 18:03 - 2012-03-27 18:03 - 0001708 ____A C:\Users\Kevin McGreen\Desktop\aswMBR.txt
2012-03-27 18:03 - 2012-03-27 18:03 - 0000512 ____A C:\Users\Kevin McGreen\Desktop\MBR.dat
2012-03-27 17:58 - 2012-03-24 11:34 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-27 17:58 - 2010-06-22 13:00 - 0000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-03-27 17:58 - 2010-06-22 13:00 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-03-27 17:58 - 2010-06-22 13:00 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-03-27 17:58 - 2010-06-22 13:00 - 0000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-03-27 17:58 - 2010-06-22 13:00 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-03-27 17:58 - 2010-06-22 13:00 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-03-27 17:57 - 2012-03-27 17:54 - 0128200 ____A C:\Users\Kevin McGreen\Desktop\TDSSKiller.2.7.23.0_27.03.2012_18.54.43_log.txt
2012-03-27 17:57 - 2010-10-29 21:26 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-27 17:57 - 2010-06-22 13:00 - 0000000 ____D C:\Users\Kevin McGreen\Local Settings\SoftThinks
2012-03-27 17:57 - 2010-06-22 13:00 - 0000000 ____D C:\Users\Kevin McGreen\Local Settings\Application Data\SoftThinks
2012-03-27 17:57 - 2010-06-22 13:00 - 0000000 ____D C:\Users\Kevin McGreen\AppData\Local\SoftThinks
2012-03-27 17:56 - 2011-11-26 00:53 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-27 17:54 - 2012-03-27 17:52 - 2048299 ____A C:\Users\Kevin McGreen\Desktop\tdsskiller.zip
2012-03-27 17:53 - 2012-03-27 17:52 - 0003058 ____A C:\Users\Kevin McGreen\Desktop\TDSSKiller.2.7.22.0_27.03.2012_18.52.10_log.txt
2012-03-27 17:52 - 2011-11-27 14:00 - 0000000 ____D C:\Users\Kevin McGreen\My Documents\Anti Virus Stuff
2012-03-27 17:52 - 2011-11-27 14:00 - 0000000 ____D C:\Users\Kevin McGreen\Documents\Anti Virus Stuff
2012-03-27 17:51 - 2012-03-27 17:51 - 4731392 ____A (AVAST Software) C:\Users\Kevin McGreen\Desktop\aswMBR.exe
2012-03-26 22:34 - 2012-03-26 20:52 - 0000000 ____D C:\Windows\ERDNT
2012-03-26 22:34 - 2010-10-17 03:17 - 0000000 ____D C:\Program Files (x86)\AutocompletePro
2012-03-26 22:34 - 2010-06-22 13:47 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-26 22:34 - 2010-06-14 23:07 - 0000000 ____D C:\Users\All Users\McAfee
2012-03-26 22:34 - 2010-06-14 23:07 - 0000000 ____D C:\Users\All Users\Application Data\McAfee
2012-03-26 22:34 - 2010-06-14 23:07 - 0000000 ____D C:\ProgramData\McAfee
2012-03-26 22:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration
2012-03-26 22:34 - 2009-07-13 22:18 - 0000000 __SHD C:\$RECYCLE.BIN
2012-03-26 21:36 - 2010-06-22 12:57 - 0000000 ____D C:\users\Kevin McGreen
2012-03-26 21:35 - 2012-03-26 21:35 - 0000000 ____D C:\Windows\system64
2012-03-26 21:35 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-26 21:26 - 2012-03-26 21:26 - 0022113 ____A C:\ComboFix.txt
2012-03-26 21:26 - 2012-03-26 20:46 - 0000000 ____D C:\Qoobox
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-03-26 21:14 - 2012-03-26 21:14 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-03-26 21:14 - 2009-07-13 21:34 - 73400320 ____A C:\Windows\System32\config\software.bak
2012-03-26 21:14 - 2009-07-13 21:34 - 21495808 ____A C:\Windows\System32\config\system.bak
2012-03-26 21:14 - 2009-07-13 21:34 - 0524288 ____A C:\Windows\System32\config\default.bak
2012-03-26 21:14 - 2009-07-13 21:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-03-26 21:14 - 2009-07-13 21:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-03-26 12:41 - 2012-03-24 20:24 - 2068016 ____A (Kaspersky Lab ZAO) C:\Users\Kevin McGreen\Desktop\TDSSKiller.exe
2012-03-25 22:05 - 2012-03-25 22:05 - 0025066 ____A C:\Users\Kevin McGreen\Desktop\DDS.txt
2012-03-25 22:05 - 2012-03-25 22:05 - 0015270 ____A C:\Users\Kevin McGreen\Desktop\Attach.txt
2012-03-25 22:02 - 2012-03-25 22:02 - 0607260 ____A (Swearware) C:\Users\Kevin McGreen\Desktop\dds.scr.part
2012-03-25 21:47 - 2012-03-25 21:47 - 1402880 ____A C:\Users\Kevin McGreen\Desktop\HiJackThis.msi
2012-03-25 21:40 - 2012-03-25 21:40 - 0000000 ____D C:\Users\All Users\PC Tools
2012-03-25 21:40 - 2012-03-25 21:40 - 0000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-03-25 21:40 - 2012-03-25 21:40 - 0000000 ____D C:\ProgramData\PC Tools
2012-03-25 21:29 - 2012-03-25 14:17 - 11206506 ____A C:\Windows\ntbtlog.txt
2012-03-25 21:27 - 2012-03-25 21:27 - 0000361 ____A C:\Users\Kevin McGreen\Desktop\delete these.txt
2012-03-25 21:11 - 2012-03-25 21:11 - 237581002 ____A C:\Users\Kevin McGreen\Desktop\Backup.reg
2012-03-25 20:58 - 2012-03-25 20:58 - 0512992 ____A C:\Users\Kevin McGreen\Desktop\iExplore.exe
2012-03-25 20:48 - 2010-07-12 16:01 - 0000000 ____D C:\Users\Kevin McGreen\My Documents\Career Stuff
2012-03-25 20:48 - 2010-07-12 16:01 - 0000000 ____D C:\Users\Kevin McGreen\Documents\Career Stuff
2012-03-25 14:12 - 2012-03-25 14:12 - 0001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-03-25 14:12 - 2012-03-25 14:12 - 0001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-03-25 14:12 - 2012-03-25 14:12 - 0000000 ____D C:\Users\Kevin McGreen\Application Data\SUPERAntiSpyware.com
2012-03-25 14:12 - 2012-03-25 14:12 - 0000000 ____D C:\Users\Kevin McGreen\AppData\Roaming\SUPERAntiSpyware.com
2012-03-25 14:12 - 2012-03-25 14:12 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-25 14:12 - 2012-03-25 14:12 - 0000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-03-25 14:12 - 2012-03-25 14:12 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-03-25 14:12 - 2012-03-25 14:12 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-03-25 14:11 - 2012-03-25 14:08 - 15540296 ____A (SUPERAntiSpyware.com) C:\Users\Kevin McGreen\Desktop\SUPERAntiSpyware.exe
2012-03-25 14:06 - 2012-03-25 14:06 - 0000484 ____A C:\Windows\PFRO.log
2012-03-25 14:03 - 2012-03-25 14:03 - 0446464 ____A (OldTimer Tools) C:\Users\Kevin McGreen\Desktop\TFC.exe
2012-03-25 01:38 - 2009-07-14 00:13 - 0740046 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-25 01:32 - 2012-03-25 01:11 - 0126972 ____A C:\TDSSKiller.2.7.22.0_25.03.2012_02.11.39_log.txt
2012-03-25 00:59 - 2012-03-25 00:59 - 0022808 ____A C:\Users\Kevin McGreen\Downloads\220px-Big_Pun1.jpg
2012-03-24 21:22 - 2012-03-24 21:05 - 0000000 ____D C:\Users\Kevin McGreen\My Documents\MBA stuff
2012-03-24 21:22 - 2012-03-24 21:05 - 0000000 ____D C:\Users\Kevin McGreen\Documents\MBA stuff
2012-03-24 21:22 - 2011-12-11 22:16 - 0000000 ____D C:\Users\Kevin McGreen\My Documents\IB Benefits
2012-03-24 21:22 - 2011-12-11 22:16 - 0000000 ____D C:\Users\Kevin McGreen\Documents\IB Benefits
2012-03-24 21:12 - 2010-11-23 22:59 - 0000000 ____D C:\Users\Kevin McGreen\Downloads\snes9x-1.52-win32
2012-03-24 21:08 - 2012-03-24 21:08 - 0000000 ____D C:\Users\Kevin McGreen\My Documents\Personal Docs
2012-03-24 21:08 - 2012-03-24 21:08 - 0000000 ____D C:\Users\Kevin McGreen\Documents\Personal Docs
2012-03-24 21:08 - 2011-03-29 23:17 - 0000000 ____D C:\Users\Kevin McGreen\My Documents\Writing
2012-03-24 21:08 - 2011-03-29 23:17 - 0000000 ____D C:\Users\Kevin McGreen\Documents\Writing
2012-03-24 20:56 - 2012-03-24 20:24 - 0127094 ____A C:\TDSSKiller.2.7.22.0_24.03.2012_21.24.59_log.txt
2012-03-24 20:20 - 2012-03-20 19:06 - 0000000 ____D C:\Program Files (x86)\Warcraft III
2012-03-24 19:45 - 2012-03-24 19:45 - 0000000 ____A C:\Windows\setuperr.log
2012-03-24 18:31 - 2010-06-22 13:47 - 0000000 ____D C:\Users\Kevin McGreen\Application Data\Mozilla
2012-03-24 18:31 - 2010-06-22 13:47 - 0000000 ____D C:\Users\Kevin McGreen\AppData\Roaming\Mozilla
2012-03-24 12:03 - 2011-10-08 23:53 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-24 11:40 - 2012-01-05 00:20 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-24 11:39 - 2012-03-24 11:39 - 0019968 ____A C:\Users\Kevin McGreen\Desktop\Book1.xls
2012-03-23 23:14 - 2010-10-17 03:40 - 0000514 ___AH C:\Windows\Tasks\Norton Security Scan for Kevin McGreen.job
2012-03-15 22:48 - 2010-06-14 22:41 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-15 22:48 - 2010-06-14 22:41 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-03-15 22:48 - 2010-06-14 22:41 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-15 02:20 - 2009-07-13 23:45 - 0356816 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-15 02:01 - 2010-11-14 20:18 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-11 21:42 - 2010-06-22 14:54 - 0000000 ____D C:\Program Files (x86)\Steam
2012-03-11 21:42 - 2010-06-15 01:03 - 0000000 ____D C:\Windows\Panther
2012-03-11 21:41 - 2012-02-18 23:43 - 0000000 ____D C:\Users\Kevin McGreen\Razor
2012-03-11 21:41 - 2010-07-03 13:46 - 0000000 ____D C:\Windows\Minidump
2012-03-11 21:38 - 2010-06-14 22:35 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-10 02:04 - 2012-02-14 23:47 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-03-04 22:26 - 2012-03-04 20:56 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2012-02-29 23:13 - 2012-02-29 23:13 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-29 23:13 - 2012-02-29 23:13 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-29 23:13 - 2012-02-29 23:13 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-29 23:13 - 2010-06-22 15:36 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-02-27 21:49 - 2011-02-09 16:56 - 0000000 ____D C:\Users\Kevin McGreen\Local Settings\PMB Files
2012-02-27 21:49 - 2011-02-09 16:56 - 0000000 ____D C:\Users\Kevin McGreen\Local Settings\Application Data\PMB Files
2012-02-27 21:49 - 2011-02-09 16:56 - 0000000 ____D C:\Users\Kevin McGreen\AppData\Local\PMB Files
2012-02-27 21:49 - 2011-02-09 16:56 - 0000000 ____D C:\Users\All Users\PMB Files
2012-02-27 21:49 - 2011-02-09 16:56 - 0000000 ____D C:\Users\All Users\Application Data\PMB Files
2012-02-27 21:49 - 2011-02-09 16:56 - 0000000 ____D C:\ProgramData\PMB Files
2012-02-21 19:13 - 2012-02-11 12:34 - 0024534 ____A C:\Users\Kevin McGreen\Desktop\WALKTHROUGH Chrono.docx
2012-02-20 17:25 - 2012-02-20 17:25 - 0062464 ____A C:\Users\Kevin McGreen\Desktop\AAA.ppt
2012-02-18 23:54 - 2012-02-18 23:54 - 0000000 ____D C:\Users\Kevin McGreen\Application Data\Razor
2012-02-18 23:54 - 2012-02-18 23:54 - 0000000 ____D C:\Users\Kevin McGreen\AppData\Roaming\Razor
2012-02-18 12:28 - 2012-02-18 12:28 - 0055488 ____A C:\Users\Kevin McGreen\Desktop\CHRONO TRIGGER - SIDE QUESTs.docx
2012-02-18 09:52 - 2010-06-22 13:00 - 0000402 __ASH C:\Users\Kevin McGreen\My Documents\desktop.ini
2012-02-18 09:52 - 2010-06-22 13:00 - 0000174 ___SH C:\Users\Kevin McGreen\Start Menu\Programs\Startup\desktop.ini
2012-02-18 09:52 - 2010-06-22 13:00 - 0000174 ___SH C:\Users\Kevin McGreen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-18 03:02 - 2010-06-14 22:56 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-17 20:46 - 2012-02-17 20:46 - 0000000 ____D C:\Users\Kevin McGreen\Application Data\U3
2012-02-17 20:46 - 2012-02-17 20:46 - 0000000 ____D C:\Users\Kevin McGreen\AppData\Roaming\U3
2012-02-17 20:46 - 2012-02-17 20:44 - 0000000 ____D C:\Users\Kevin McGreen\My Documents\Flash Drive Empty 1
2012-02-17 20:46 - 2012-02-17 20:44 - 0000000 ____D C:\Users\Kevin McGreen\Documents\Flash Drive Empty 1
2012-02-17 20:45 - 2012-02-17 20:45 - 0000000 ____D C:\Users\Kevin McGreen\My Documents\Flash Drive Empty 2 music
2012-02-17 20:45 - 2012-02-17 20:45 - 0000000 ____D C:\Users\Kevin McGreen\Documents\Flash Drive Empty 2 music
2012-02-17 01:38 - 2012-03-13 18:47 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-17 00:34 - 2012-03-13 18:47 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 23:58 - 2012-03-13 18:47 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 23:57 - 2012-03-13 18:47 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-15 17:43 - 2009-07-14 02:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-02-15 16:53 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\NDF
2012-02-14 23:47 - 2011-05-24 17:53 - 0000000 ____D C:\Program Files\Dell Support Center
2012-02-14 23:47 - 2010-06-14 22:37 - 0000000 ____D C:\Users\All Users\Dell
2012-02-14 23:47 - 2010-06-14 22:37 - 0000000 ____D C:\Users\All Users\Application Data\Dell
2012-02-14 23:47 - 2010-06-14 22:37 - 0000000 ____D C:\ProgramData\Dell
2012-02-10 01:36 - 2012-03-13 18:49 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-10 00:38 - 2012-03-13 18:49 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 00:00 - 2009-07-13 22:20 - 0000000 ___RD C:\users\Public
2012-02-04 04:08 - 2012-02-04 04:08 - 0007605 ____A C:\Users\Kevin McGreen\Local Settings\Resmon.ResmonCfg
2012-02-04 04:08 - 2012-02-04 04:08 - 0007605 ____A C:\Users\Kevin McGreen\Local Settings\Application Data\Resmon.ResmonCfg
2012-02-04 04:08 - 2012-02-04 04:08 - 0007605 ____A C:\Users\Kevin McGreen\AppData\Local\Resmon.ResmonCfg
2012-02-02 23:34 - 2012-03-13 18:49 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-25 01:38 - 2012-03-13 18:47 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-25 01:38 - 2012-03-13 18:47 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-25 01:33 - 2012-03-13 18:47 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-05 00:20 - 2012-01-05 00:20 - 0000000 ____D C:\Users\Kevin McGreen\Application Data\Malwarebytes
2012-01-05 00:20 - 2012-01-05 00:20 - 0000000 ____D C:\Users\Kevin McGreen\AppData\Roaming\Malwarebytes
2012-01-05 00:20 - 2012-01-05 00:20 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-05 00:20 - 2012-01-05 00:20 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-01-05 00:20 - 2012-01-05 00:20 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-05 00:18 - 2012-01-05 00:18 - 0000361 ____A C:\rkill.log
2012-01-04 05:44 - 2012-02-17 20:14 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 05:44 - 2012-02-17 20:14 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 03:59 - 2012-02-17 20:14 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 03:58 - 2012-02-17 20:14 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-01-01 05:49 - 2012-01-01 05:47 - 0007242 __ASH C:\Users\Kevin McGreen\Local Settings\ndd28ig22ve5kpjclnbr653856d7drl314o38grska4
2012-01-01 05:49 - 2012-01-01 05:47 - 0007242 __ASH C:\Users\Kevin McGreen\Local Settings\Application Data\ndd28ig22ve5kpjclnbr653856d7drl314o38grska4
2012-01-01 05:49 - 2012-01-01 05:47 - 0007242 __ASH C:\Users\Kevin McGreen\AppData\Local\ndd28ig22ve5kpjclnbr653856d7drl314o38grska4
2012-01-01 05:49 - 2012-01-01 05:47 - 0007242 __ASH C:\Users\All Users\ndd28ig22ve5kpjclnbr653856d7drl314o38grska4
2012-01-01 05:49 - 2012-01-01 05:47 - 0007242 __ASH C:\Users\All Users\Application Data\ndd28ig22ve5kpjclnbr653856d7drl314o38grska4
2012-01-01 05:49 - 2012-01-01 05:47 - 0007242 __ASH C:\ProgramData\ndd28ig22ve5kpjclnbr653856d7drl314o38grska4
2011-12-30 01:26 - 2012-02-17 20:14 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2011-12-30 00:27 - 2012-02-17 20:14 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6132.5 MB
Available physical RAM: 5436.09 MB
Total Pagefile: 6130.65 MB
Available Pagefile: 5420.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:315.79 GB) NTFS
4 Drive f: () (Removable) (Total:0.95 GB) (Free:0.73 GB) FAT
5 Drive g: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 973 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 39 MB
Partition 3 Primary 451 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 G RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 451 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 973 MB 123 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F FAT Removable 973 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-20 02:25

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 27 March 2012 - 08:13 PM

Hello

I would like you to run the fix below and when it is complete I need you to rerun combofix and send me the report.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 pvservice; C:\Windows\System32\twdns.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\twdns.dll
NETSVC: pvservice
2012-03-24 11:34 - 2012-03-27 17:58 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-26 22:34 - 2010-10-17 03:17 - 0000000 ____D C:\Program Files (x86)\AutocompletePro
 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 MasterBroshi

MasterBroshi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 27 March 2012 - 09:00 PM

The computer seems to be working properly now.

The internet speed has increased and the pop ups have stopped.

In the past when I thought I had fixed this it would return, I will update in the next day or two to confirm everything is working properly.

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-03-27 21:40:16 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
pvservice service deleted successfully.
C:\Windows\System32\twdns.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs pvservice Deleted successfully.
C:\Windows\System32\dds_trash_log.cmd moved successfully.
C:\Program Files (x86)\AutocompletePro moved successfully.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 27 March 2012 - 09:24 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\Ask.com

File::
C:\Windows\system32\consrv.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 MasterBroshi

MasterBroshi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 28 March 2012 - 09:43 AM

I ran combo fix. However I forgot to save the log before restarting. Should I run it again or were the results autosaved anywhere?

The computer still appears to be behaving as it should.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 28 March 2012 - 02:37 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 MasterBroshi

MasterBroshi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 28 March 2012 - 09:13 PM

Ahh there it is.

Also it has been about 24 hours and the computer is still functioning properly.

ComboFix 12-03-28.01 - Kevin McGreen 03/28/2012 8:21.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6132.4562 [GMT -4:00]
Running from: c:\users\Kevin McGreen\Desktop\ComboFix.exe
Command switches used :: c:\users\Kevin McGreen\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\consrv.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_8345.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\SysWow64\scvideo.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 12:26 . 2012-03-28 12:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-28 01:24 . 2012-03-28 01:25 -------- d-----w- C:\FRST
2012-03-27 02:35 . 2012-03-27 02:35 -------- d-----we c:\windows\system64
2012-03-27 01:55 . 2012-03-27 01:55 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-03-26 02:40 . 2012-03-26 02:40 -------- d-----w- c:\programdata\PC Tools
2012-03-25 19:12 . 2012-03-25 19:12 -------- d-----w- c:\users\Kevin McGreen\AppData\Roaming\SUPERAntiSpyware.com
2012-03-25 19:12 . 2012-03-25 19:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-25 19:12 . 2012-03-25 19:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-21 00:06 . 2012-03-25 01:20 -------- d-----w- c:\program files (x86)\Warcraft III
2012-03-15 07:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 07:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 07:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 23:49 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:49 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:49 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 23:47 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:47 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:47 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:47 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:47 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 23:47 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 23:47 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-01 04:13 . 2012-03-01 04:13 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-24 17:03 . 2011-10-09 04:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 04:13 . 2010-06-22 20:36 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44 . 2012-02-18 01:14 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-18 01:14 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-18 01:14 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-18 01:14 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\Kevin McGreen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-03-20 13324288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"FAStartup"="" [BU]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-24 98488]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616]
.
c:\users\Kevin McGreen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2011-04-24 02:17 147640 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 136176]
R2 SessionLauncher;SessionLauncher; [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-15 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-15 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 136176]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-02-01 25072]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-06-15 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-08 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-08 61712]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-04-24 2412728]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-04-29 91456]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 02:26]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 02:26]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1278296332-2420123301-964966345-1000Core.job
- c:\users\Kevin McGreen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 19:31]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1278296332-2420123301-964966345-1000UA.job
- c:\users\Kevin McGreen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 19:31]
.
2012-03-24 c:\windows\Tasks\Norton Security Scan for Kevin McGreen.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-17 14:06]
.
2012-03-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-03-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-03-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-08-07 3179088]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hpwirelessmgr
i2omgmt
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/splitcam/{1B958291-62D8-445C-BAB3-0F21E446489C}
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Kevin McGreen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{02BFACED-AB00-4BC5-B36B-A3CB750E653E}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{02BFACED-AB00-4BC5-B36B-A3CB750E653E}\7455543545: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{0F71005D-D15F-4A4E-A5E8-B7185137E3CD}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{2BD7343E-E0D2-436D-A13F-FBA5B141BAA6}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Kevin McGreen\AppData\Roaming\Mozilla\Firefox\Profiles\jzwntgqm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http_port - 57354
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
SafeBoot-65786708.sys
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1278296332-2420123301-964966345-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1278296332-2420123301-964966345-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
.
**************************************************************************
.
Completion time: 2012-03-28 08:33:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-28 12:33
ComboFix2.txt 2012-03-27 02:26
.
Pre-Run: 338,630,602,752 bytes free
Post-Run: 338,400,006,144 bytes free
.
- - End Of File - - 8DBC5021A1A0F3366C41A8F52F7F2D3B

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 28 March 2012 - 09:45 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1.2
Ask Toolbar
AutocompletePro
Bing Bar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 MasterBroshi

MasterBroshi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 28 March 2012 - 11:59 PM

Deleted the files and ran all the programs.

Computer still seems fine.



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Kevin McGreen :: KEVINMCGREEN-PC [administrator]

Protection: Enabled

3/29/2012 12:47:58 AM
mbam-log-2012-03-29 (00-47-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197489
Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

_________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:56:46 AM, on 3/29/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Kevin McGreen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/splitcam/{1B958291-62D8-445C-BAB3-0F21E446489C}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Kevin McGreen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kevin McGreen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{02BFACED-AB00-4BC5-B36B-A3CB750E653E}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F71005D-D15F-4A4E-A5E8-B7185137E3CD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BD7343E-E0D2-436D-A13F-FBA5B141BAA6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{02BFACED-AB00-4BC5-B36B-A3CB750E653E}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{02BFACED-AB00-4BC5-B36B-A3CB750E653E}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FAService - Sensible Vision - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13529 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users