Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google keeps redirecting


  • This topic is locked This topic is locked
14 replies to this topic

#1 Ritzer59

Ritzer59

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 29 March 2012 - 07:40 PM

When I try to click links on google I keep getting sent to random websites that I do not wish to access, I've ran AVG anti-virus, Ad-Aware and Malwarebytes and the problem still occurs. Also when creating the GMER report most of the boxes remained greyed out and I couldn't select them so I ran the report from what I could. If anyone could help that would be great!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Ritzer59 at 0:16:27 on 2012-03-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4094.728 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\DAODx.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Ritzer59\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Ritzer59\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Program Files (x86)\Cobian Backup 10\cbService.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.ask.com?o=14196&l=dis
uDefault_Page_URL = hxxp://www.pcspecialist.co.uk/search/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [EADM] "C:\Program Files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe"
uRun: [Octoshape Streaming Services] "C:\Users\Ritzer59\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe"
uRun: [Google Update] "C:\Users\Ritzer59\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\InternetManager_H\DataCardMonitor.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Cobian Backup 10 Interface] "C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C9CB1667-6A45-4CC2-A06A-9513F59DEFE6} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C9CB1667-6A45-4CC2-A06A-9513F59DEFE6}\35B4955353934363 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C9CB1667-6A45-4CC2-A06A-9513F59DEFE6}\A4F696B6573507F647F5334373543393246493731333 : DhcpNameServer = 149.254.230.7 149.254.192.126
TCP: Interfaces\{C9CB1667-6A45-4CC2-A06A-9513F59DEFE6}\F42377962756C6563737437343739323 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C9CB1667-6A45-4CC2-A06A-9513F59DEFE6}\F42377962756C6563737543444631313 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\InternetManager_H\DataCardMonitor.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Cobian Backup 10 Interface] "C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?hl=en&tab=ww
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ritzer59\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ritzer59\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG2012\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 BMLoad;Bytemobile Boot Time Load Driver;C:\Windows\system32\drivers\BMLoad.sys --> C:\Windows\system32\drivers\BMLoad.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-1-24 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 ahcix64;ahcix64;C:\Windows\system32\DRIVERS\ahcix64.sys --> C:\Windows\system32\DRIVERS\ahcix64.sys [?]
S3 AODDriver4.0;AODDriver4.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\system32\DRIVERS\ew_jucdcacm.sys --> C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [?]
.
=============== Created Last 30 ================
.
2074-05-18 16:44:52 607296 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-03-29 22:07:54 -------- d-----w- C:\Program Files (x86)\Cobian Backup 10
2012-03-29 21:40:02 388096 ----a-r- C:\Users\Ritzer59\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-29 21:40:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-03-29 14:11:43 -------- d-----w- C:\Users\Ritzer59\AppData\Roaming\Malwarebytes
2012-03-29 14:11:32 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-29 14:11:32 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-29 14:11:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-27 01:53:28 -------- d--h--w- C:\$AVG
2012-03-27 01:07:06 -------- d-----w- C:\Windows\System32\drivers\NISx64\1301000.01C
2012-03-27 01:07:06 -------- d-----w- C:\Windows\System32\drivers\NISx64
2012-03-27 01:07:05 -------- d-----w- C:\ProgramData\Norton
2012-03-27 01:06:58 -------- d-----w- C:\ProgramData\NortonInstaller
2012-03-15 03:07:26 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 03:07:25 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 03:07:25 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 07:28:09 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 07:28:06 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 07:28:06 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 07:28:05 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 07:28:05 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 07:28:05 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 07:27:41 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 07:27:41 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 07:27:41 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 07:27:41 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-05 21:46:17 -------- d-----w- C:\Program Files (x86)\TryMedia
2012-03-05 21:45:53 -------- d-----w- C:\Program Files (x86)\Hexacto Games
2012-03-05 21:43:08 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-03-05 21:36:41 -------- d-----w- C:\Users\Ritzer59\AppData\Local\Conduit
.
==================== Find3M ====================
.
2012-01-24 15:24:47 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 0:19:26.63 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:26 PM

Posted 29 March 2012 - 11:26 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Ritzer59

Ritzer59
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 30 March 2012 - 07:49 AM

I got a notification that AVG and Ad-Aware were still running after disabling them all following the instructions
The computer seems to be running fine now with no re-directs so I think it may have fixed the problems! :)

Here is the log report generated


ComboFix 12-03-30.06 - Ritzer59 30/03/2012 13:24:30.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4094.2535 [GMT 1:00]
Running from: c:\users\Ritzer59\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Object
c:\program files (x86)\Object\config.ini
c:\programdata\xml1380.tmp
c:\programdata\xml144C.tmp
c:\programdata\xmlCEB.tmp
c:\users\Ritzer59\Documents\~WRL1376.tmp
c:\users\Ritzer59\Documents\~WRL2721.tmp
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2074-05-18 16:44 . 2008-03-21 13:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-03-30 12:33 . 2012-03-30 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 22:07 . 2012-03-29 22:08 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2012-03-29 21:40 . 2012-03-29 21:40 388096 ----a-r- c:\users\Ritzer59\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-29 21:40 . 2012-03-29 21:40 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-29 14:11 . 2012-03-29 14:11 -------- d-----w- c:\users\Ritzer59\AppData\Roaming\Malwarebytes
2012-03-29 14:11 . 2012-03-29 18:19 -------- d-----w- c:\programdata\Malwarebytes
2012-03-29 14:11 . 2012-03-29 14:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 14:11 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 01:53 . 2012-03-27 01:53 -------- d-----w- C:\$AVG
2012-03-27 01:07 . 2012-03-27 01:07 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-03-27 01:07 . 2012-03-27 08:10 -------- d-----w- c:\programdata\Norton
2012-03-15 03:07 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 03:07 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 03:07 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 07:28 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:28 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:28 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 07:28 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 07:28 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:28 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:27 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 07:27 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 07:27 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:27 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-05 21:46 . 2012-03-05 21:46 -------- d-----w- c:\program files (x86)\TryMedia
2012-03-05 21:45 . 2012-03-05 21:45 -------- d-----w- c:\program files (x86)\Hexacto Games
2012-03-05 21:43 . 2012-03-05 21:43 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-03-05 21:36 . 2012-03-05 21:36 -------- d-----w- c:\users\Ritzer59\AppData\Local\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 16:09 . 2011-11-17 00:32 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-24 16:08 . 2011-11-17 00:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-24 15:24 . 2012-01-24 17:42 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-01-04 10:44 . 2012-02-16 14:21 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 14:21 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-04 740216]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-07 1242448]
"EADM"="c:\program files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe" [2011-04-03 11857920]
"Octoshape Streaming Services"="c:\users\Ritzer59\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe" [2009-12-31 110592]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"DataCardMonitor"="c:\program files (x86)\T-Mobile\InternetManager_H\DataCardMonitor.exe" [2011-08-24 253952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Cobian Backup 10 Interface"="c:\program files (x86)\Cobian Backup 10\cbInterface.exe" [2010-09-23 3154432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ahcix64;ahcix64;c:\windows\system32\DRIVERS\ahcix64.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-01-24 2152152]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 uxddrv;Dynamically loaded UxdDrv;c:\pcspro\uxddrv64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 CobianBackup10;Cobian Backup 10;c:\program files (x86)\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-02-25 23680]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3161104839-4131545993-2214367173-1000Core.job
- c:\users\Ritzer59\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-02 23:08]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3161104839-4131545993-2214367173-1000UA.job
- c:\users\Ritzer59\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-02 23:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://uk.ask.com?o=14196&l=dis
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{C9CB1667-6A45-4CC2-A06A-9513F59DEFE6}\F42377962756C6563737437343739323: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?hl=en&tab=ww
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG2012\Firefox4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3161104839-4131545993-2214367173-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**ë…ez28]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:4f5781da
.
[HKEY_USERS\S-1-5-21-3161104839-4131545993-2214367173-1000\Software\SecuROM\License information*]
"datasecu"=hex:bc,76,dc,0c,be,8a,66,21,c0,fe,7c,ae,88,97,ca,10,49,89,90,3f,7d,
eb,ef,82,a0,d3,14,5b,73,db,ca,04,75,2e,7b,00,16,be,8b,18,78,cc,67,77,18,20,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\DAODx.exe
c:\users\Ritzer59\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
.
**************************************************************************
.
Completion time: 2012-03-30 13:43:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-30 12:43
.
Pre-Run: 360,231,415,808 bytes free
Post-Run: 368,734,265,344 bytes free
.
- - End Of File - - C03BE34D3BA302E011C072C4309C9C45

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:26 PM

Posted 30 March 2012 - 07:55 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Ritzer59

Ritzer59
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 30 March 2012 - 09:47 AM

Hi!

Here is the TDSS Killer report


14:00:35.0233 5660 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
14:00:36.0157 5660 ============================================================
14:00:36.0158 5660 Current date / time: 2012/03/30 14:00:36.0157
14:00:36.0158 5660 SystemInfo:
14:00:36.0158 5660
14:00:36.0158 5660 OS Version: 6.1.7601 ServicePack: 1.0
14:00:36.0158 5660 Product type: Workstation
14:00:36.0158 5660 ComputerName: RITZER59-PC
14:00:36.0159 5660 UserName: Ritzer59
14:00:36.0159 5660 Windows directory: C:\Windows
14:00:36.0159 5660 System windows directory: C:\Windows
14:00:36.0159 5660 Running under WOW64
14:00:36.0159 5660 Processor architecture: Intel x64
14:00:36.0159 5660 Number of processors: 6
14:00:36.0159 5660 Page size: 0x1000
14:00:36.0159 5660 Boot type: Normal boot
14:00:36.0159 5660 ============================================================
14:00:37.0207 5660 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:00:37.0234 5660 \Device\Harddisk0\DR0:
14:00:37.0234 5660 MBR used
14:00:37.0234 5660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:00:37.0234 5660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
14:00:37.0244 5660 Initialize success
14:00:37.0244 5660 ============================================================
14:00:59.0731 5380 ============================================================
14:00:59.0731 5380 Scan started
14:00:59.0731 5380 Mode: Manual;
14:00:59.0731 5380 ============================================================
14:01:00.0322 5380 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:01:00.0326 5380 1394ohci - ok
14:01:00.0354 5380 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:01:00.0359 5380 ACPI - ok
14:01:00.0380 5380 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:01:00.0381 5380 AcpiPmi - ok
14:01:00.0486 5380 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:01:00.0487 5380 AdobeARMservice - ok
14:01:00.0575 5380 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:01:00.0582 5380 adp94xx - ok
14:01:00.0636 5380 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:01:00.0642 5380 adpahci - ok
14:01:00.0675 5380 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:01:00.0678 5380 adpu320 - ok
14:01:00.0744 5380 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:01:00.0746 5380 AeLookupSvc - ok
14:01:00.0819 5380 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:01:00.0825 5380 AFD - ok
14:01:00.0880 5380 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:01:00.0882 5380 agp440 - ok
14:01:00.0925 5380 ahcix64 (dfa3951c8e858bac7e649a3d67f067d2) C:\Windows\system32\DRIVERS\ahcix64.sys
14:01:00.0926 5380 ahcix64 - ok
14:01:00.0989 5380 ahcix64s (43cc11a1fce059822fa93b371e8d5c9a) C:\Windows\system32\DRIVERS\ahcix64s.sys
14:01:00.0992 5380 ahcix64s - ok
14:01:01.0012 5380 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:01:01.0014 5380 ALG - ok
14:01:01.0032 5380 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:01:01.0033 5380 aliide - ok
14:01:01.0069 5380 AMD External Events Utility (b5e2434fc851698c1f119cf1c3935a50) C:\Windows\system32\atiesrxx.exe
14:01:01.0072 5380 AMD External Events Utility - ok
14:01:01.0096 5380 AMD FUEL Service - ok
14:01:01.0179 5380 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:01:01.0180 5380 amdide - ok
14:01:01.0213 5380 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
14:01:01.0214 5380 amdiox64 - ok
14:01:01.0244 5380 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:01:01.0245 5380 AmdK8 - ok
14:01:01.0442 5380 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
14:01:01.0555 5380 amdkmdag - ok
14:01:01.0650 5380 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
14:01:01.0655 5380 amdkmdap - ok
14:01:01.0679 5380 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:01:01.0680 5380 AmdPPM - ok
14:01:01.0697 5380 amdsata (225d49454cb2829d321f37825be79b59) C:\Windows\system32\DRIVERS\amdsata.sys
14:01:01.0697 5380 amdsata - ok
14:01:01.0724 5380 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:01:01.0726 5380 amdsbs - ok
14:01:01.0741 5380 amdxata (99f8790ecf1e874454444d787394a0c5) C:\Windows\system32\DRIVERS\amdxata.sys
14:01:01.0742 5380 amdxata - ok
14:01:01.0779 5380 AODDriver4.0 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
14:01:01.0780 5380 AODDriver4.0 - ok
14:01:01.0807 5380 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
14:01:01.0808 5380 AODDriver4.01 - ok
14:01:01.0911 5380 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:01:01.0913 5380 AppID - ok
14:01:01.0941 5380 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:01:01.0943 5380 AppIDSvc - ok
14:01:01.0976 5380 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:01:01.0978 5380 Appinfo - ok
14:01:02.0069 5380 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:01:02.0071 5380 Apple Mobile Device - ok
14:01:02.0166 5380 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:01:02.0168 5380 arc - ok
14:01:02.0186 5380 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:01:02.0188 5380 arcsas - ok
14:01:02.0265 5380 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:01:02.0266 5380 aspnet_state - ok
14:01:02.0327 5380 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:01:02.0328 5380 AsyncMac - ok
14:01:02.0377 5380 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:01:02.0378 5380 atapi - ok
14:01:02.0449 5380 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
14:01:02.0451 5380 AtiHDAudioService - ok
14:01:02.0480 5380 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
14:01:02.0481 5380 AtiPcie - ok
14:01:02.0580 5380 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:01:02.0593 5380 AudioEndpointBuilder - ok
14:01:02.0613 5380 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:01:02.0618 5380 AudioSrv - ok
14:01:02.0798 5380 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
14:01:02.0821 5380 AVGIDSAgent - ok
14:01:02.0922 5380 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
14:01:02.0925 5380 AVGIDSDriver - ok
14:01:02.0967 5380 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
14:01:02.0968 5380 AVGIDSEH - ok
14:01:03.0003 5380 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
14:01:03.0004 5380 AVGIDSFilter - ok
14:01:03.0047 5380 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
14:01:03.0054 5380 Avgldx64 - ok
14:01:03.0072 5380 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:01:03.0073 5380 Avgmfx64 - ok
14:01:03.0169 5380 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:01:03.0170 5380 Avgrkx64 - ok
14:01:03.0220 5380 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
14:01:03.0228 5380 Avgtdia - ok
14:01:03.0318 5380 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:01:03.0322 5380 avgwd - ok
14:01:03.0368 5380 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:01:03.0370 5380 AxInstSV - ok
14:01:03.0454 5380 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:01:03.0458 5380 b06bdrv - ok
14:01:03.0478 5380 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:01:03.0482 5380 b57nd60a - ok
14:01:03.0516 5380 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:01:03.0517 5380 BDESVC - ok
14:01:03.0534 5380 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:01:03.0534 5380 Beep - ok
14:01:03.0650 5380 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:01:03.0664 5380 BFE - ok
14:01:03.0689 5380 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:01:03.0696 5380 BITS - ok
14:01:03.0736 5380 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:01:03.0737 5380 blbdrive - ok
14:01:03.0817 5380 BMLoad (057f482cfdb57e75202e2e37795f2d3b) C:\Windows\system32\drivers\BMLoad.sys
14:01:03.0818 5380 BMLoad - ok
14:01:03.0911 5380 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:01:03.0914 5380 Bonjour Service - ok
14:01:03.0966 5380 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:01:03.0969 5380 bowser - ok
14:01:03.0989 5380 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:01:03.0990 5380 BrFiltLo - ok
14:01:04.0005 5380 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:01:04.0005 5380 BrFiltUp - ok
14:01:04.0078 5380 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:01:04.0081 5380 BridgeMP - ok
14:01:04.0114 5380 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:01:04.0116 5380 Browser - ok
14:01:04.0140 5380 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:01:04.0145 5380 Brserid - ok
14:01:04.0167 5380 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:01:04.0168 5380 BrSerWdm - ok
14:01:04.0209 5380 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:01:04.0209 5380 BrUsbMdm - ok
14:01:04.0274 5380 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:01:04.0275 5380 BrUsbSer - ok
14:01:04.0362 5380 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:01:04.0364 5380 BTHMODEM - ok
14:01:04.0411 5380 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:01:04.0413 5380 bthserv - ok
14:01:04.0443 5380 catchme - ok
14:01:04.0546 5380 cbVSCService (ed5411a69c5bac78d245c893af64352a) C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
14:01:04.0548 5380 cbVSCService - ok
14:01:04.0629 5380 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:01:04.0632 5380 cdfs - ok
14:01:04.0669 5380 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:01:04.0673 5380 cdrom - ok
14:01:04.0716 5380 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:01:04.0719 5380 CertPropSvc - ok
14:01:04.0800 5380 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:01:04.0801 5380 circlass - ok
14:01:04.0852 5380 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:01:04.0858 5380 CLFS - ok
14:01:04.0908 5380 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:01:04.0910 5380 clr_optimization_v2.0.50727_32 - ok
14:01:04.0946 5380 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:01:04.0949 5380 clr_optimization_v2.0.50727_64 - ok
14:01:05.0038 5380 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:01:05.0042 5380 clr_optimization_v4.0.30319_32 - ok
14:01:05.0072 5380 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:01:05.0076 5380 clr_optimization_v4.0.30319_64 - ok
14:01:05.0142 5380 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:01:05.0143 5380 CmBatt - ok
14:01:05.0179 5380 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:01:05.0180 5380 cmdide - ok
14:01:05.0263 5380 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:01:05.0270 5380 CNG - ok
14:01:05.0381 5380 CobianBackup10 (06302ea7eda9dcdd7f82cec2a03d2015) C:\Program Files (x86)\Cobian Backup 10\cbService.exe
14:01:05.0390 5380 CobianBackup10 - ok
14:01:05.0453 5380 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:01:05.0454 5380 Compbatt - ok
14:01:05.0537 5380 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:01:05.0538 5380 CompositeBus - ok
14:01:05.0554 5380 COMSysApp - ok
14:01:05.0580 5380 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:01:05.0581 5380 crcdisk - ok
14:01:05.0647 5380 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:01:05.0651 5380 CryptSvc - ok
14:01:05.0751 5380 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:01:05.0758 5380 cvhsvc - ok
14:01:05.0823 5380 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:01:05.0834 5380 DcomLaunch - ok
14:01:05.0900 5380 DCService.exe (3b604417ebae4e1e66e6abd8cc55fd76) C:\ProgramData\DatacardService\DCService.exe
14:01:05.0905 5380 DCService.exe - ok
14:01:05.0951 5380 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:01:05.0959 5380 defragsvc - ok
14:01:06.0005 5380 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:01:06.0008 5380 DfsC - ok
14:01:06.0095 5380 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:01:06.0102 5380 Dhcp - ok
14:01:06.0133 5380 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:01:06.0134 5380 discache - ok
14:01:06.0182 5380 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:01:06.0183 5380 Disk - ok
14:01:06.0225 5380 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:01:06.0231 5380 Dnscache - ok
14:01:06.0291 5380 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:01:06.0298 5380 dot3svc - ok
14:01:06.0338 5380 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:01:06.0343 5380 DPS - ok
14:01:06.0404 5380 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:01:06.0405 5380 drmkaud - ok
14:01:06.0455 5380 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:01:06.0460 5380 dtsoftbus01 - ok
14:01:06.0531 5380 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:01:06.0544 5380 DXGKrnl - ok
14:01:06.0607 5380 EagleX64 - ok
14:01:06.0647 5380 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:01:06.0651 5380 EapHost - ok
14:01:06.0762 5380 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:01:06.0786 5380 ebdrv - ok
14:01:06.0820 5380 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:01:06.0823 5380 EFS - ok
14:01:06.0908 5380 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:01:06.0923 5380 ehRecvr - ok
14:01:06.0974 5380 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:01:06.0977 5380 ehSched - ok
14:01:07.0057 5380 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:01:07.0065 5380 elxstor - ok
14:01:07.0104 5380 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:01:07.0105 5380 ErrDev - ok
14:01:07.0145 5380 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:01:07.0152 5380 EventSystem - ok
14:01:07.0219 5380 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
14:01:07.0222 5380 ew_hwusbdev - ok
14:01:07.0314 5380 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:01:07.0319 5380 exfat - ok
14:01:07.0341 5380 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:01:07.0346 5380 fastfat - ok
14:01:07.0414 5380 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:01:07.0425 5380 Fax - ok
14:01:07.0498 5380 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:01:07.0499 5380 fdc - ok
14:01:07.0518 5380 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:01:07.0520 5380 fdPHost - ok
14:01:07.0536 5380 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:01:07.0537 5380 FDResPub - ok
14:01:07.0545 5380 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:01:07.0546 5380 FileInfo - ok
14:01:07.0560 5380 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:01:07.0561 5380 Filetrace - ok
14:01:07.0572 5380 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:01:07.0573 5380 flpydisk - ok
14:01:07.0663 5380 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:01:07.0668 5380 FltMgr - ok
14:01:07.0732 5380 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:01:07.0750 5380 FontCache - ok
14:01:07.0824 5380 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:01:07.0826 5380 FontCache3.0.0.0 - ok
14:01:07.0855 5380 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:01:07.0857 5380 FsDepends - ok
14:01:07.0941 5380 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
14:01:07.0944 5380 fssfltr - ok
14:01:08.0045 5380 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:01:08.0067 5380 fsssvc - ok
14:01:08.0091 5380 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:01:08.0091 5380 Fs_Rec - ok
14:01:08.0171 5380 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:01:08.0175 5380 fvevol - ok
14:01:08.0203 5380 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:01:08.0205 5380 gagp30kx - ok
14:01:08.0246 5380 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:01:08.0247 5380 GEARAspiWDM - ok
14:01:08.0311 5380 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:01:08.0328 5380 gpsvc - ok
14:01:08.0408 5380 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
14:01:08.0409 5380 hamachi - ok
14:01:08.0556 5380 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
14:01:08.0584 5380 Hamachi2Svc - ok
14:01:08.0614 5380 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:01:08.0615 5380 hcw85cir - ok
14:01:08.0708 5380 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:01:08.0713 5380 HdAudAddService - ok
14:01:08.0736 5380 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:01:08.0738 5380 HDAudBus - ok
14:01:08.0764 5380 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:01:08.0765 5380 HidBatt - ok
14:01:08.0784 5380 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:01:08.0785 5380 HidBth - ok
14:01:08.0807 5380 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:01:08.0807 5380 HidIr - ok
14:01:08.0850 5380 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:01:08.0851 5380 hidserv - ok
14:01:08.0951 5380 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:01:08.0952 5380 HidUsb - ok
14:01:09.0044 5380 HiPatchService (f2cec7ba8d068671220026708c12eb84) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
14:01:09.0045 5380 HiPatchService - ok
14:01:09.0116 5380 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:01:09.0118 5380 hkmsvc - ok
14:01:09.0160 5380 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:01:09.0167 5380 HomeGroupListener - ok
14:01:09.0212 5380 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:01:09.0218 5380 HomeGroupProvider - ok
14:01:09.0287 5380 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:01:09.0289 5380 HpSAMD - ok
14:01:09.0429 5380 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:01:09.0439 5380 HTTP - ok
14:01:09.0512 5380 huawei_cdcacm (0a0693edd775cc726fcf2c5aa5e44d9b) C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
14:01:09.0515 5380 huawei_cdcacm - ok
14:01:09.0586 5380 huawei_enumerator (c2212c930d7a6cc21972b9882683d271) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
14:01:09.0589 5380 huawei_enumerator - ok
14:01:09.0662 5380 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:01:09.0663 5380 hwpolicy - ok
14:01:09.0727 5380 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:01:09.0730 5380 i8042prt - ok
14:01:09.0765 5380 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:01:09.0768 5380 iaStorV - ok
14:01:09.0866 5380 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:01:09.0868 5380 IDriverT - ok
14:01:09.0979 5380 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:01:09.0991 5380 idsvc - ok
14:01:10.0037 5380 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:01:10.0039 5380 iirsp - ok
14:01:10.0134 5380 IJPLMSVC (c5b04409186a27409bd069580208a6d3) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
14:01:10.0135 5380 IJPLMSVC - ok
14:01:10.0209 5380 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:01:10.0227 5380 IKEEXT - ok
14:01:10.0264 5380 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:01:10.0264 5380 intelide - ok
14:01:10.0330 5380 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:01:10.0331 5380 intelppm - ok
14:01:10.0357 5380 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:01:10.0362 5380 IPBusEnum - ok
14:01:10.0425 5380 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:01:10.0426 5380 IpFilterDriver - ok
14:01:10.0467 5380 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:01:10.0473 5380 iphlpsvc - ok
14:01:10.0505 5380 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:01:10.0506 5380 IPMIDRV - ok
14:01:10.0567 5380 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:01:10.0570 5380 IPNAT - ok
14:01:10.0643 5380 iPod Service (f8e8676d1b6b2cc12df9aa6b1a43d929) C:\Program Files\iPod\bin\iPodService.exe
14:01:10.0658 5380 iPod Service - ok
14:01:10.0688 5380 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:01:10.0689 5380 IRENUM - ok
14:01:10.0743 5380 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:01:10.0744 5380 isapnp - ok
14:01:10.0770 5380 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:01:10.0772 5380 iScsiPrt - ok
14:01:10.0791 5380 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:01:10.0792 5380 kbdclass - ok
14:01:10.0816 5380 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:01:10.0819 5380 kbdhid - ok
14:01:10.0878 5380 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:01:10.0881 5380 KeyIso - ok
14:01:10.0956 5380 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
14:01:10.0958 5380 KMWDFILTER - ok
14:01:10.0982 5380 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:01:10.0984 5380 KSecDD - ok
14:01:11.0005 5380 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:01:11.0007 5380 KSecPkg - ok
14:01:11.0026 5380 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:01:11.0026 5380 ksthunk - ok
14:01:11.0088 5380 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:01:11.0098 5380 KtmRm - ok
14:01:11.0136 5380 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:01:11.0144 5380 LanmanServer - ok
14:01:11.0187 5380 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:01:11.0193 5380 LanmanWorkstation - ok
14:01:11.0329 5380 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
14:01:11.0358 5380 Lavasoft Ad-Aware Service - ok
14:01:11.0435 5380 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
14:01:11.0437 5380 Lbd - ok
14:01:11.0469 5380 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:01:11.0471 5380 lltdio - ok
14:01:11.0516 5380 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:01:11.0521 5380 lltdsvc - ok
14:01:11.0534 5380 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:01:11.0536 5380 lmhosts - ok
14:01:11.0575 5380 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:01:11.0576 5380 LSI_FC - ok
14:01:11.0605 5380 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:01:11.0606 5380 LSI_SAS - ok
14:01:11.0671 5380 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:01:11.0672 5380 LSI_SAS2 - ok
14:01:11.0692 5380 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:01:11.0693 5380 LSI_SCSI - ok
14:01:11.0711 5380 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:01:11.0712 5380 luafv - ok
14:01:11.0754 5380 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:01:11.0755 5380 MBAMProtector - ok
14:01:11.0833 5380 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:01:11.0843 5380 MBAMService - ok
14:01:11.0883 5380 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:01:11.0887 5380 Mcx2Svc - ok
14:01:11.0963 5380 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:01:11.0964 5380 megasas - ok
14:01:11.0997 5380 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:01:12.0002 5380 MegaSR - ok
14:01:12.0108 5380 Microsoft SharePoint Workspace Audit Service - ok
14:01:12.0172 5380 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:01:12.0176 5380 MMCSS - ok
14:01:12.0223 5380 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:01:12.0225 5380 Modem - ok
14:01:12.0254 5380 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:01:12.0255 5380 monitor - ok
14:01:12.0301 5380 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:01:12.0303 5380 mouclass - ok
14:01:12.0370 5380 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:01:12.0371 5380 mouhid - ok
14:01:12.0414 5380 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:01:12.0415 5380 mountmgr - ok
14:01:12.0448 5380 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:01:12.0449 5380 mpio - ok
14:01:12.0478 5380 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:01:12.0479 5380 mpsdrv - ok
14:01:12.0534 5380 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:01:12.0545 5380 MpsSvc - ok
14:01:12.0583 5380 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:01:12.0585 5380 MRxDAV - ok
14:01:12.0670 5380 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:01:12.0674 5380 mrxsmb - ok
14:01:12.0720 5380 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:01:12.0726 5380 mrxsmb10 - ok
14:01:12.0746 5380 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:01:12.0750 5380 mrxsmb20 - ok
14:01:12.0846 5380 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:01:12.0847 5380 msahci - ok
14:01:12.0868 5380 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:01:12.0871 5380 msdsm - ok
14:01:12.0901 5380 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:01:12.0906 5380 MSDTC - ok
14:01:12.0939 5380 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:01:12.0939 5380 Msfs - ok
14:01:13.0004 5380 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:01:13.0005 5380 mshidkmdf - ok
14:01:13.0043 5380 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:01:13.0043 5380 msisadrv - ok
14:01:13.0070 5380 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:01:13.0073 5380 MSiSCSI - ok
14:01:13.0080 5380 msiserver - ok
14:01:13.0109 5380 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:01:13.0110 5380 MSKSSRV - ok
14:01:13.0125 5380 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:01:13.0126 5380 MSPCLOCK - ok
14:01:13.0134 5380 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:01:13.0135 5380 MSPQM - ok
14:01:13.0173 5380 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:01:13.0181 5380 MsRPC - ok
14:01:13.0267 5380 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:01:13.0268 5380 mssmbios - ok
14:01:13.0296 5380 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:01:13.0297 5380 MSTEE - ok
14:01:13.0311 5380 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:01:13.0312 5380 MTConfig - ok
14:01:13.0337 5380 MTsensor (cac3bb575e4a0417bff28d3196e44d3a) C:\Windows\system32\DRIVERS\ASACPI.sys
14:01:13.0337 5380 MTsensor - ok
14:01:13.0348 5380 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:01:13.0349 5380 Mup - ok
14:01:13.0391 5380 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:01:13.0398 5380 napagent - ok
14:01:13.0423 5380 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:01:13.0427 5380 NativeWifiP - ok
14:01:13.0517 5380 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:01:13.0532 5380 NDIS - ok
14:01:13.0553 5380 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:01:13.0555 5380 NdisCap - ok
14:01:13.0580 5380 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:01:13.0580 5380 NdisTapi - ok
14:01:13.0618 5380 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:01:13.0619 5380 Ndisuio - ok
14:01:13.0653 5380 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:01:13.0655 5380 NdisWan - ok
14:01:13.0738 5380 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:01:13.0740 5380 NDProxy - ok
14:01:13.0766 5380 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:01:13.0768 5380 NetBIOS - ok
14:01:13.0812 5380 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:01:13.0818 5380 NetBT - ok
14:01:13.0853 5380 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:01:13.0856 5380 Netlogon - ok
14:01:13.0935 5380 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:01:13.0942 5380 Netman - ok
14:01:14.0024 5380 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:01:14.0027 5380 NetMsmqActivator - ok
14:01:14.0036 5380 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:01:14.0038 5380 NetPipeActivator - ok
14:01:14.0053 5380 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:01:14.0060 5380 netprofm - ok
14:01:14.0066 5380 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:01:14.0067 5380 NetTcpActivator - ok
14:01:14.0072 5380 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:01:14.0073 5380 NetTcpPortSharing - ok
14:01:14.0108 5380 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:01:14.0109 5380 nfrd960 - ok
14:01:14.0184 5380 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:01:14.0193 5380 NlaSvc - ok
14:01:14.0209 5380 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:01:14.0210 5380 Npfs - ok
14:01:14.0233 5380 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:01:14.0235 5380 nsi - ok
14:01:14.0250 5380 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:01:14.0251 5380 nsiproxy - ok
14:01:14.0386 5380 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:01:14.0406 5380 Ntfs - ok
14:01:14.0450 5380 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:01:14.0450 5380 Null - ok
14:01:14.0525 5380 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
14:01:14.0527 5380 nusb3hub - ok
14:01:14.0556 5380 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:01:14.0558 5380 nusb3xhc - ok
14:01:14.0607 5380 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:01:14.0610 5380 nvraid - ok
14:01:14.0628 5380 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:01:14.0630 5380 nvstor - ok
14:01:14.0659 5380 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:01:14.0660 5380 nv_agp - ok
14:01:14.0730 5380 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:01:14.0732 5380 ohci1394 - ok
14:01:14.0803 5380 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:01:14.0807 5380 ose - ok
14:01:14.0983 5380 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:01:15.0078 5380 osppsvc - ok
14:01:15.0162 5380 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:01:15.0171 5380 p2pimsvc - ok
14:01:15.0214 5380 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:01:15.0225 5380 p2psvc - ok
14:01:15.0277 5380 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:01:15.0280 5380 Parport - ok
14:01:15.0346 5380 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:01:15.0349 5380 partmgr - ok
14:01:15.0383 5380 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:01:15.0389 5380 PcaSvc - ok
14:01:15.0433 5380 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:01:15.0437 5380 pci - ok
14:01:15.0471 5380 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:01:15.0473 5380 pciide - ok
14:01:15.0538 5380 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:01:15.0544 5380 pcmcia - ok
14:01:15.0574 5380 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:01:15.0576 5380 pcw - ok
14:01:15.0616 5380 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:01:15.0629 5380 PEAUTH - ok
14:01:15.0678 5380 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:01:15.0681 5380 PerfHost - ok
14:01:15.0782 5380 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:01:15.0801 5380 pla - ok
14:01:15.0871 5380 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:01:15.0882 5380 PlugPlay - ok
14:01:15.0919 5380 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:01:15.0923 5380 PNRPAutoReg - ok
14:01:15.0945 5380 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:01:15.0952 5380 PNRPsvc - ok
14:01:16.0025 5380 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:01:16.0036 5380 PolicyAgent - ok
14:01:16.0087 5380 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:01:16.0093 5380 Power - ok
14:01:16.0164 5380 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:01:16.0167 5380 PptpMiniport - ok
14:01:16.0202 5380 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:01:16.0204 5380 Processor - ok
14:01:16.0227 5380 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:01:16.0234 5380 ProfSvc - ok
14:01:16.0269 5380 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:01:16.0271 5380 ProtectedStorage - ok
14:01:16.0330 5380 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:01:16.0333 5380 Psched - ok
14:01:16.0385 5380 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:01:16.0404 5380 ql2300 - ok
14:01:16.0433 5380 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:01:16.0434 5380 ql40xx - ok
14:01:16.0503 5380 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:01:16.0507 5380 QWAVE - ok
14:01:16.0540 5380 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:01:16.0541 5380 QWAVEdrv - ok
14:01:16.0556 5380 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:01:16.0557 5380 RasAcd - ok
14:01:16.0582 5380 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:01:16.0583 5380 RasAgileVpn - ok
14:01:16.0595 5380 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:01:16.0598 5380 RasAuto - ok
14:01:16.0636 5380 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:01:16.0638 5380 Rasl2tp - ok
14:01:16.0720 5380 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:01:16.0726 5380 RasMan - ok
14:01:16.0750 5380 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:01:16.0752 5380 RasPppoe - ok
14:01:16.0779 5380 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:01:16.0781 5380 RasSstp - ok
14:01:16.0820 5380 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:01:16.0825 5380 rdbss - ok
14:01:16.0852 5380 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:01:16.0854 5380 rdpbus - ok
14:01:16.0869 5380 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:01:16.0870 5380 RDPCDD - ok
14:01:16.0938 5380 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:01:16.0939 5380 RDPENCDD - ok
14:01:16.0964 5380 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:01:16.0964 5380 RDPREFMP - ok
14:01:17.0012 5380 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:01:17.0014 5380 RDPWD - ok
14:01:17.0071 5380 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:01:17.0077 5380 rdyboost - ok
14:01:17.0121 5380 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:01:17.0126 5380 RemoteAccess - ok
14:01:17.0193 5380 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:01:17.0198 5380 RemoteRegistry - ok
14:01:17.0217 5380 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:01:17.0221 5380 RpcEptMapper - ok
14:01:17.0233 5380 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:01:17.0235 5380 RpcLocator - ok
14:01:17.0277 5380 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:01:17.0283 5380 RpcSs - ok
14:01:17.0327 5380 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:01:17.0330 5380 rspndr - ok
14:01:17.0396 5380 RTL8023x64 (68dd0457d18fccef7384ae84022f0c86) C:\Windows\system32\DRIVERS\Rtnic64.sys
14:01:17.0399 5380 RTL8023x64 - ok
14:01:17.0442 5380 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:01:17.0450 5380 RTL8167 - ok
14:01:17.0500 5380 RTL8192su (b652c69023b9bdfde007f01e2e3f778c) C:\Windows\system32\DRIVERS\RTL8192su.sys
14:01:17.0512 5380 RTL8192su - ok
14:01:17.0544 5380 RTLE8023x64 (55d5947298501c38095733f16eeb36c5) C:\Windows\system32\DRIVERS\Rtenic64.sys
14:01:17.0548 5380 RTLE8023x64 - ok
14:01:17.0619 5380 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:01:17.0621 5380 SamSs - ok
14:01:17.0678 5380 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:01:17.0682 5380 sbp2port - ok
14:01:17.0716 5380 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:01:17.0723 5380 SCardSvr - ok
14:01:17.0771 5380 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:01:17.0773 5380 scfilter - ok
14:01:17.0837 5380 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:01:17.0854 5380 Schedule - ok
14:01:17.0932 5380 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:01:17.0934 5380 SCPolicySvc - ok
14:01:17.0970 5380 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:01:17.0977 5380 SDRSVC - ok
14:01:18.0070 5380 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:01:18.0074 5380 SeaPort - ok
14:01:18.0162 5380 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:01:18.0164 5380 secdrv - ok
14:01:18.0204 5380 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:01:18.0208 5380 seclogon - ok
14:01:18.0238 5380 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:01:18.0243 5380 SENS - ok
14:01:18.0262 5380 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:01:18.0266 5380 SensrSvc - ok
14:01:18.0350 5380 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:01:18.0351 5380 Serenum - ok
14:01:18.0383 5380 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:01:18.0386 5380 Serial - ok
14:01:18.0427 5380 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:01:18.0429 5380 sermouse - ok
14:01:18.0490 5380 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:01:18.0496 5380 SessionEnv - ok
14:01:18.0563 5380 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:01:18.0565 5380 sffdisk - ok
14:01:18.0583 5380 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:01:18.0585 5380 sffp_mmc - ok
14:01:18.0604 5380 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:01:18.0605 5380 sffp_sd - ok
14:01:18.0626 5380 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:01:18.0627 5380 sfloppy - ok
14:01:18.0685 5380 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
14:01:18.0701 5380 Sftfs - ok
14:01:18.0807 5380 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:01:18.0818 5380 sftlist - ok
14:01:18.0901 5380 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:01:18.0907 5380 Sftplay - ok
14:01:18.0930 5380 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:01:18.0932 5380 Sftredir - ok
14:01:18.0973 5380 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
14:01:18.0975 5380 Sftvol - ok
14:01:19.0059 5380 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:01:19.0063 5380 sftvsa - ok
14:01:19.0134 5380 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:01:19.0143 5380 SharedAccess - ok
14:01:19.0189 5380 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:01:19.0198 5380 ShellHWDetection - ok
14:01:19.0243 5380 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:01:19.0246 5380 SiSRaid2 - ok
14:01:19.0298 5380 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:01:19.0301 5380 SiSRaid4 - ok
14:01:19.0412 5380 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:01:19.0416 5380 Smb - ok
14:01:19.0452 5380 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:01:19.0456 5380 SNMPTRAP - ok
14:01:19.0494 5380 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:01:19.0496 5380 spldr - ok
14:01:19.0540 5380 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:01:19.0546 5380 Spooler - ok
14:01:19.0654 5380 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:01:19.0689 5380 sppsvc - ok
14:01:19.0749 5380 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:01:19.0754 5380 sppuinotify - ok
14:01:19.0782 5380 sptd - ok
14:01:19.0857 5380 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:01:19.0867 5380 srv - ok
14:01:19.0892 5380 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:01:19.0901 5380 srv2 - ok
14:01:19.0954 5380 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:01:19.0957 5380 srvnet - ok
14:01:19.0986 5380 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:01:19.0989 5380 SSDPSRV - ok
14:01:20.0003 5380 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:01:20.0006 5380 SstpSvc - ok
14:01:20.0064 5380 Steam Client Service - ok
14:01:20.0111 5380 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:01:20.0113 5380 stexstor - ok
14:01:20.0216 5380 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:01:20.0231 5380 stisvc - ok
14:01:20.0267 5380 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:01:20.0268 5380 swenum - ok
14:01:20.0374 5380 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:01:20.0385 5380 SwitchBoard - ok
14:01:20.0427 5380 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:01:20.0440 5380 swprv - ok
14:01:20.0559 5380 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:01:20.0590 5380 SysMain - ok
14:01:20.0628 5380 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:01:20.0631 5380 TabletInputService - ok
14:01:20.0651 5380 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:01:20.0655 5380 TapiSrv - ok
14:01:20.0725 5380 tapoas (927d0cdb3f96efc1e98fb1a2c9fb67ad) C:\Windows\system32\DRIVERS\tapoas.sys
14:01:20.0727 5380 tapoas - ok
14:01:20.0792 5380 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:01:20.0797 5380 TBS - ok
14:01:20.0884 5380 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:01:20.0899 5380 Tcpip - ok
14:01:20.0925 5380 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:01:20.0933 5380 TCPIP6 - ok
14:01:20.0976 5380 tcpipBM (1a95043750e359f993154ef8559be518) C:\Windows\system32\drivers\tcpipBM.sys
14:01:20.0978 5380 tcpipBM - ok
14:01:21.0021 5380 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:01:21.0023 5380 tcpipreg - ok
14:01:21.0098 5380 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:01:21.0100 5380 TDPIPE - ok
14:01:21.0147 5380 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:01:21.0148 5380 TDTCP - ok
14:01:21.0191 5380 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:01:21.0194 5380 tdx - ok
14:01:21.0237 5380 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:01:21.0239 5380 TermDD - ok
14:01:21.0272 5380 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:01:21.0286 5380 TermService - ok
14:01:21.0341 5380 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:01:21.0346 5380 Themes - ok
14:01:21.0368 5380 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:01:21.0372 5380 THREADORDER - ok
14:01:21.0396 5380 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:01:21.0399 5380 TrkWks - ok
14:01:21.0432 5380 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:01:21.0435 5380 TrustedInstaller - ok
14:01:21.0493 5380 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:01:21.0496 5380 tssecsrv - ok
14:01:21.0596 5380 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:01:21.0599 5380 TsUsbFlt - ok
14:01:21.0651 5380 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:01:21.0654 5380 tunnel - ok
14:01:21.0686 5380 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:01:21.0689 5380 uagp35 - ok
14:01:21.0744 5380 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:01:21.0752 5380 udfs - ok
14:01:21.0822 5380 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:01:21.0827 5380 UI0Detect - ok
14:01:21.0878 5380 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:01:21.0881 5380 uliagpkx - ok
14:01:21.0912 5380 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:01:21.0914 5380 umbus - ok
14:01:21.0939 5380 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:01:21.0941 5380 UmPass - ok
14:01:21.0966 5380 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:01:21.0972 5380 upnphost - ok
14:01:22.0063 5380 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
14:01:22.0065 5380 USBAAPL64 - ok
14:01:22.0115 5380 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:01:22.0119 5380 usbaudio - ok
14:01:22.0137 5380 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:01:22.0140 5380 usbccgp - ok
14:01:22.0183 5380 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:01:22.0187 5380 usbcir - ok
14:01:22.0255 5380 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:01:22.0257 5380 usbehci - ok
14:01:22.0288 5380 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
14:01:22.0290 5380 usbfilter - ok
14:01:22.0327 5380 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:01:22.0334 5380 usbhub - ok
14:01:22.0348 5380 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:01:22.0349 5380 usbohci - ok
14:01:22.0376 5380 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:01:22.0377 5380 usbprint - ok
14:01:22.0413 5380 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:01:22.0414 5380 usbscan - ok
14:01:22.0504 5380 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:01:22.0507 5380 USBSTOR - ok
14:01:22.0529 5380 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:01:22.0531 5380 usbuhci - ok
14:01:22.0563 5380 uxddrv - ok
14:01:22.0624 5380 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:01:22.0628 5380 UxSms - ok
14:01:22.0662 5380 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:01:22.0664 5380 VaultSvc - ok
14:01:22.0730 5380 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:01:22.0732 5380 vdrvroot - ok
14:01:22.0786 5380 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:01:22.0801 5380 vds - ok
14:01:22.0893 5380 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:01:22.0895 5380 vga - ok
14:01:22.0918 5380 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:01:22.0919 5380 VgaSave - ok
14:01:22.0948 5380 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:01:22.0951 5380 vhdmp - ok
14:01:23.0035 5380 VIAHdAudAddService (dfdf7f9caa50ee72a633ea4bbd65a557) C:\Windows\system32\drivers\viahduaa.sys
14:01:23.0053 5380 VIAHdAudAddService - ok
14:01:23.0088 5380 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:01:23.0089 5380 viaide - ok
14:01:23.0169 5380 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:01:23.0172 5380 volmgr - ok
14:01:23.0213 5380 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:01:23.0221 5380 volmgrx - ok
14:01:23.0252 5380 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:01:23.0259 5380 volsnap - ok
14:01:23.0304 5380 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:01:23.0309 5380 vsmraid - ok
14:01:23.0413 5380 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:01:23.0442 5380 VSS - ok
14:01:23.0462 5380 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:01:23.0463 5380 vwifibus - ok
14:01:23.0487 5380 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:01:23.0493 5380 W32Time - ok
14:01:23.0525 5380 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:01:23.0527 5380 WacomPen - ok
14:01:23.0587 5380 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:01:23.0589 5380 WANARP - ok
14:01:23.0597 5380 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:01:23.0599 5380 Wanarpv6 - ok
14:01:23.0692 5380 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:01:23.0708 5380 WatAdminSvc - ok
14:01:23.0764 5380 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:01:23.0785 5380 wbengine - ok
14:01:23.0810 5380 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:01:23.0812 5380 WbioSrvc - ok
14:01:23.0889 5380 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:01:23.0900 5380 wcncsvc - ok
14:01:23.0915 5380 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:01:23.0918 5380 WcsPlugInService - ok
14:01:23.0952 5380 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:01:23.0953 5380 Wd - ok
14:01:24.0000 5380 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:01:24.0008 5380 Wdf01000 - ok
14:01:24.0034 5380 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:01:24.0037 5380 WdiServiceHost - ok
14:01:24.0042 5380 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:01:24.0044 5380 WdiSystemHost - ok
14:01:24.0119 5380 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:01:24.0128 5380 WebClient - ok
14:01:24.0148 5380 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:01:24.0157 5380 Wecsvc - ok
14:01:24.0174 5380 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:01:24.0179 5380 wercplsupport - ok
14:01:24.0209 5380 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:01:24.0223 5380 WerSvc - ok
14:01:24.0330 5380 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:01:24.0331 5380 WfpLwf - ok
14:01:24.0355 5380 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:01:24.0357 5380 WIMMount - ok
14:01:24.0392 5380 WinDefend - ok
14:01:24.0411 5380 WinHttpAutoProxySvc - ok
14:01:24.0453 5380 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:01:24.0459 5380 Winmgmt - ok
14:01:24.0570 5380 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:01:24.0594 5380 WinRM - ok
14:01:24.0682 5380 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:01:24.0684 5380 WinUsb - ok
14:01:24.0750 5380 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:01:24.0762 5380 Wlansvc - ok
14:01:24.0898 5380 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:01:24.0922 5380 wlidsvc - ok
14:01:25.0024 5380 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:01:25.0025 5380 WmiAcpi - ok
14:01:25.0079 5380 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:01:25.0085 5380 wmiApSrv - ok
14:01:25.0117 5380 WMPNetworkSvc - ok
14:01:25.0154 5380 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:01:25.0156 5380 WPCSvc - ok
14:01:25.0229 5380 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:01:25.0235 5380 WPDBusEnum - ok
14:01:25.0284 5380 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:01:25.0285 5380 ws2ifsl - ok
14:01:25.0318 5380 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:01:25.0321 5380 wscsvc - ok
14:01:25.0329 5380 WSearch - ok
14:01:25.0414 5380 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:01:25.0439 5380 wuauserv - ok
14:01:25.0525 5380 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:01:25.0528 5380 WudfPf - ok
14:01:25.0567 5380 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:01:25.0573 5380 wudfsvc - ok
14:01:25.0605 5380 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:01:25.0610 5380 WwanSvc - ok
14:01:25.0702 5380 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
14:01:25.0705 5380 xusb21 - ok
14:01:25.0740 5380 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:01:25.0792 5380 \Device\Harddisk0\DR0 - ok
14:01:25.0799 5380 Boot (0x1200) (24f5418f4df663b5dad44c73c1ad1381) \Device\Harddisk0\DR0\Partition0
14:01:25.0801 5380 \Device\Harddisk0\DR0\Partition0 - ok
14:01:25.0827 5380 Boot (0x1200) (3d655943e55b283425adf00775b393bc) \Device\Harddisk0\DR0\Partition1
14:01:25.0830 5380 \Device\Harddisk0\DR0\Partition1 - ok
14:01:25.0831 5380 ============================================================
14:01:25.0831 5380 Scan finished
14:01:25.0831 5380 ============================================================
14:01:25.0852 2896 Detected object count: 0
14:01:25.0853 2896 Actual detected object count: 0

and the aswMBR Report
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-30 14:02:41
-----------------------------
14:02:41.090 OS Version: Windows x64 6.1.7601 Service Pack 1
14:02:41.090 Number of processors: 6 586 0xA00
14:02:41.090 ComputerName: RITZER59-PC UserName: Ritzer59
14:02:42.672 Initialize success
14:07:32.234 AVAST engine defs: 12033000
14:09:06.183 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:09:06.189 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3EA Size: 953869MB BusType: 3
14:09:06.206 Disk 0 MBR read successfully
14:09:06.211 Disk 0 MBR scan
14:09:06.218 Disk 0 Windows 7 default MBR code
14:09:06.221 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:09:06.234 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
14:09:06.249 Disk 0 scanning C:\Windows\system32\drivers
14:09:17.571 Service scanning
14:09:44.098 Modules scanning
14:09:44.107 Disk 0 trace - called modules:
14:09:44.121 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:09:44.126 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b73060]
14:09:44.133 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8004aad9b0]
14:09:44.136 5 ACPI.sys[fffff88000fa67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b60060]
14:09:46.166 AVAST engine scan C:\Windows
14:09:49.625 AVAST engine scan C:\Windows\system32
14:12:32.400 AVAST engine scan C:\Windows\system32\drivers
14:12:44.605 AVAST engine scan C:\Users\Ritzer59
14:26:57.432 AVAST engine scan C:\ProgramData
14:30:56.088 Scan finished successfully
14:52:29.924 Disk 0 MBR has been saved successfully to "C:\Users\Ritzer59\Desktop\MBR.dat"
14:52:29.928 The log file has been saved successfully to "C:\Users\Ritzer59\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-30 14:54:21
-----------------------------
14:54:21.725 OS Version: Windows x64 6.1.7601 Service Pack 1
14:54:21.725 Number of processors: 6 586 0xA00
14:54:21.725 ComputerName: RITZER59-PC UserName: Ritzer59
14:54:23.444 Initialize success
14:54:26.937 AVAST engine defs: 12033000
14:56:30.581 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:56:30.586 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3EA Size: 953869MB BusType: 3
14:56:30.631 Disk 0 MBR read successfully
14:56:30.634 Disk 0 MBR scan
14:56:30.639 Disk 0 Windows 7 default MBR code
14:56:30.660 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:56:30.668 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
14:56:30.748 Disk 0 scanning C:\Windows\system32\drivers
14:56:52.996 Service scanning
14:57:18.542 Modules scanning
14:57:18.560 Disk 0 trace - called modules:
14:57:18.605 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:57:18.615 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b73060]
14:57:18.629 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8004aad9b0]
14:57:18.636 5 ACPI.sys[fffff88000fa67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b60060]
14:57:20.368 AVAST engine scan C:\Windows
14:57:51.540 AVAST engine scan C:\Windows\system32
15:02:26.377 AVAST engine scan C:\Windows\system32\drivers
15:02:42.073 AVAST engine scan C:\Users\Ritzer59
15:20:41.266 AVAST engine scan C:\ProgramData
15:30:31.074 Scan finished successfully
15:46:12.033 Disk 0 MBR has been saved successfully to "C:\Users\Ritzer59\Desktop\MBR.dat"
15:46:12.085 The log file has been saved successfully to "C:\Users\Ritzer59\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:26 PM

Posted 30 March 2012 - 01:07 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\users\Ritzer59\AppData\Local\Conduit
c:\program files (x86)\uTorrentBar

DDS::
uStart Page = hxxp://uk.ask.com?o=14196&l=dis

Firefox::
FF - ProfilePath - c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Ritzer59

Ritzer59
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 30 March 2012 - 04:04 PM

Hi I had no issues running the combofix and the computer is also fine
Here is the log report


ComboFix 12-03-30.06 - Ritzer59 30/03/2012 21:45:10.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4094.2531 [GMT 1:00]
Running from: c:\users\Ritzer59\Downloads\ComboFix.exe
Command switches used :: c:\users\Ritzer59\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\uTorrentBar
c:\program files (x86)\uTorrentBar\GottenAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\INSTALL.LOG
c:\program files (x86)\uTorrentBar\ldrtbuTo0.dll
c:\program files (x86)\uTorrentBar\OtherAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\prxtbuTo0.dll
c:\program files (x86)\uTorrentBar\SharedAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\tbuTo0.dll
c:\program files (x86)\uTorrentBar\tbuTo1.dll
c:\program files (x86)\uTorrentBar\tbuTor.dll
c:\program files (x86)\uTorrentBar\toolbar.cfg
c:\program files (x86)\uTorrentBar\ToolbarContextMenu.xml
c:\program files (x86)\uTorrentBar\uninstall.exe
c:\program files (x86)\uTorrentBar\UNWISE.EXE
c:\program files (x86)\uTorrentBar\uTorrentBarToolbarHelper.exe
c:\program files (x86)\uTorrentBar\uTorrentBarToolbarHelper1.exe
c:\users\Ritzer59\AppData\Local\Conduit
c:\users\Ritzer59\AppData\Local\Conduit\CT2786678\uTorrentBarAutoUpdaterHelper.exe
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.idl
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.js
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.xpt
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.xpt
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineContextMenu.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineSettings.json
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib\xpcom.js
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.gif
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.ico
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.PNG
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.src
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\setup.ini
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\chrome.manifest
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\chrome\conduitengine.jar
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\components\ConduitToolbar.js
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\defaults\engineSettings.json
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\defaults\fbAlert.js
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\DualPackage\install.rdf
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\install.rdf
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\lib\xpcom.js
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\META-INF\manifest.mf
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\META-INF\zigbert.sf
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\searchplugin\conduit.gif
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\searchplugin\conduit.ico
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\searchplugin\conduit.src
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\searchplugin\conduit.xml
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\setup.ini
c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\extensions\engine@conduit.com\version.txt
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2074-05-18 16:44 . 2008-03-21 13:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-03-30 20:52 . 2012-03-30 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 22:07 . 2012-03-29 22:08 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2012-03-29 21:40 . 2012-03-29 21:40 388096 ----a-r- c:\users\Ritzer59\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-29 21:40 . 2012-03-29 21:40 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-29 14:11 . 2012-03-29 14:11 -------- d-----w- c:\users\Ritzer59\AppData\Roaming\Malwarebytes
2012-03-29 14:11 . 2012-03-29 18:19 -------- d-----w- c:\programdata\Malwarebytes
2012-03-29 14:11 . 2012-03-29 14:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 14:11 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 01:53 . 2012-03-27 01:53 -------- d-----w- C:\$AVG
2012-03-27 01:07 . 2012-03-27 01:07 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-03-27 01:07 . 2012-03-27 08:10 -------- d-----w- c:\programdata\Norton
2012-03-15 03:07 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 03:07 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 03:07 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 07:28 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:28 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:28 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 07:28 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 07:28 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:28 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:27 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 07:27 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 07:27 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:27 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-05 21:46 . 2012-03-05 21:46 -------- d-----w- c:\program files (x86)\TryMedia
2012-03-05 21:45 . 2012-03-05 21:45 -------- d-----w- c:\program files (x86)\Hexacto Games
2012-03-05 21:43 . 2012-03-05 21:43 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 16:09 . 2011-11-17 00:32 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-24 16:08 . 2011-11-17 00:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-24 15:24 . 2012-01-24 17:42 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-01-04 10:44 . 2012-02-16 14:21 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 14:21 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-30_12.36.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-03-29 21:41 . 2012-03-29 21:41 11799 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-03-30 20:53 . 2012-03-30 20:53 11799 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-03-30 12:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-30 14:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-30 12:36 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-30 14:26 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-30 14:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-30 12:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-22 00:59 . 2012-03-30 20:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-22 00:59 . 2012-03-30 12:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-22 00:59 . 2012-03-30 12:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-22 00:59 . 2012-03-30 20:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-30 20:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-30 12:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-21 05:35 . 2012-03-30 20:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-21 05:35 . 2012-03-30 12:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-21 05:35 . 2012-03-30 12:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-21 05:35 . 2012-03-30 20:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-19 15:22 . 2012-03-30 20:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-19 15:22 . 2012-03-30 12:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-20 18:29 . 2012-03-30 20:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-20 18:29 . 2012-03-30 12:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-20 18:29 . 2012-03-30 20:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-20 18:29 . 2012-03-30 12:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-24 08:39 . 2012-03-30 20:53 5932 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-01-24 08:39 . 2012-03-30 12:34 5932 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-30 20:54 . 2012-03-30 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-30 12:36 . 2012-03-30 12:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-30 12:36 . 2012-03-30 12:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-30 20:54 . 2012-03-30 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-21 12:50 . 2012-03-30 20:11 634108 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-03-30 01:06 667926 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-30 12:39 667926 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-30 12:39 126344 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-30 01:06 126344 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-30 12:34 471164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-30 20:53 471164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-13 18:33 . 2012-03-30 12:34 22839779 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3161104839-4131545993-2214367173-1000-12288.dat
+ 2011-04-13 18:33 . 2012-03-30 20:53 22839779 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3161104839-4131545993-2214367173-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-04 740216]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-07 1242448]
"EADM"="c:\program files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe" [2011-04-03 11857920]
"Octoshape Streaming Services"="c:\users\Ritzer59\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe" [2009-12-31 110592]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"DataCardMonitor"="c:\program files (x86)\T-Mobile\InternetManager_H\DataCardMonitor.exe" [2011-08-24 253952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Cobian Backup 10 Interface"="c:\program files (x86)\Cobian Backup 10\cbInterface.exe" [2010-09-23 3154432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R3 ahcix64;ahcix64;c:\windows\system32\DRIVERS\ahcix64.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 uxddrv;Dynamically loaded UxdDrv;c:\pcspro\uxddrv64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 CobianBackup10;Cobian Backup 10;c:\program files (x86)\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-02-25 23680]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-01-24 2152152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-01-24 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3161104839-4131545993-2214367173-1000Core.job
- c:\users\Ritzer59\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-02 23:08]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3161104839-4131545993-2214367173-1000UA.job
- c:\users\Ritzer59\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-02 23:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{C9CB1667-6A45-4CC2-A06A-9513F59DEFE6}\F42377962756C6563737437343739323: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Ritzer59\AppData\Roaming\Mozilla\Firefox\Profiles\0luz01tn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?hl=en&tab=ww
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG2012\Firefox4
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\prxtbuTo0.dll
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\prxtbuTo0.dll
Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\prxtbuTo0.dll
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-uTorrentBar Toolbar - c:\program files (x86)\uTorrentBar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3161104839-4131545993-2214367173-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**ë…ez28]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:4f5781da
.
[HKEY_USERS\S-1-5-21-3161104839-4131545993-2214367173-1000\Software\SecuROM\License information*]
"datasecu"=hex:bc,76,dc,0c,be,8a,66,21,c0,fe,7c,ae,88,97,ca,10,49,89,90,3f,7d,
eb,ef,82,a0,d3,14,5b,73,db,ca,04,75,2e,7b,00,16,be,8b,18,78,cc,67,77,18,20,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\DAODx.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\users\Ritzer59\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
c:\users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2012-03-30 22:01:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-30 21:01
ComboFix2.txt 2012-03-30 12:43
.
Pre-Run: 368,296,218,624 bytes free
Post-Run: 368,259,604,480 bytes free
.
- - End Of File - - CCEF5ED10F7B1C92FDDD86C94826EA36

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:26 PM

Posted 30 March 2012 - 08:29 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
FrostWire 4.21.5
Java™ 6 Update 30
uTorrentBar Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Ritzer59

Ritzer59
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 31 March 2012 - 08:19 AM

The computer is running fine the only issue I had was with the MBAM report I had to option to see the results it just opened up the log :)

Here is the MBAM log


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.31.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ritzer59 :: RITZER59-PC [administrator]

Protection: Disabled

31/03/2012 14:11:19
mbam-log-2012-03-31 (14-11-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202213
Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

and the HiJackthis log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:16:04, on 31/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\DAODx.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Ritzer59\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Ritzer59\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\T-Mobile\InternetManager_H\DataCardMonitor.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ritzer59\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\InternetManager_H\DataCardMonitor.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Cobian Backup 10 Interface] "C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Ritzer59\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
O23 - Service: Cobian Backup 10 (CobianBackup10) - Luis Cobian, CobianSoft - C:\Program Files (x86)\Cobian Backup 10\cbService.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13934 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:26 PM

Posted 31 March 2012 - 10:34 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
      O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe"
      O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Ritzer59\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Ritzer59

Ritzer59
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 31 March 2012 - 12:51 PM

Thanks so much for all your help! :) Here is the ESET Scan results


C:\Users\Ritzer59\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe Win32/OpenCandy application
C:\Users\Ritzer59\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.6.windows.exe Win32/OpenCandy application
C:\Users\Ritzer59\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe Win32/OpenCandy application
C:\Users\Ritzer59\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:26 PM

Posted 31 March 2012 - 08:57 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Ritzer59\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe"
    del /f /s /q "C:\Users\Ritzer59\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.6.windows.exe"
    del /f /s /q "C:\Users\Ritzer59\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe"
    del /f /s /q "C:\Users\Ritzer59\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop.

:DeFogger:

Note** This only needs to be run if it was run before - If not then skip it.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Ritzer59

Ritzer59
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 02 April 2012 - 01:25 PM

Hi, I've read through your message and followed all of the steps, thanks so much for your help! :)

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:26 PM

Posted 03 April 2012 - 04:26 PM

you are more than welcome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:26 PM

Posted 05 April 2012 - 11:06 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users