Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
27 replies to this topic

#1 andres2882

andres2882

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 29 March 2012 - 08:40 PM

Greetings,

I appear to be another unfortunate victim of the Google redirect virus. I have tried Avast, Malwarebytes, Combofix and some of the other programs out there with no success. I thought Combofix had cleared it out, but within a day its back. In any case, I would really appreciate any assistance you can render, thanks!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_27
Run by Owner at 18:33:11 on 2012-03-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4086.1284 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Owner\IAG Remote Access Agent\jranuscourtsgov\notes1\uagqecsvc.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sttray64.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-6836
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-6836
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-explorer: UseDefaultTile = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{23171ED8-113B-4AFB-A660-1A4536242EDC} : DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{9A92D6D5-CCB5-45F6-9E52-391754AB8D81} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Launcher] %WINDIR%\SMINST\launcher.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3fey9xoy.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-4-15 44768]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-8-15 652360]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Users\Owner\IAG Remote Access Agent\jranuscourtsgov\notes1\uagqecsvc.exe [2011-1-26 149904]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-1-7 24652]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw4v64.sys --> C:\Windows\system32\DRIVERS\NETw4v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60a.sys --> C:\Windows\system32\DRIVERS\b57nd60a.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Samsung UPD Service2;Samsung UPD Service2;"C:\Windows\System32\SUPDSvc2.exe" --> C:\Windows\System32\SUPDSvc2.exe [?]
S3 Symantec Core LC;Symantec Core LC;C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-12-10 1245064]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-20 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-28 14:13:43 -------- d-----w- C:\Users\Owner\AppData\Local\temp
2012-03-28 14:09:35 -------- d-----w- C:\$RECYCLE.BIN
2012-03-28 03:44:22 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BCA00F2-E9F7-424A-AC4A-A22C4EB15B9A}\mpengine.dll
2012-03-26 03:53:27 98816 ----a-w- C:\Windows\sed.exe
2012-03-26 03:53:27 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-26 03:53:27 256000 ----a-w- C:\Windows\PEV.exe
2012-03-26 03:53:27 208896 ----a-w- C:\Windows\MBR.exe
2012-03-25 04:22:59 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-25 04:22:59 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 01:08:19 708096 ----a-w- C:\Windows\System32\rdpencom.dll
2012-03-14 01:08:19 613376 ----a-w- C:\Windows\SysWow64\rdpencom.dll
2012-03-14 01:08:19 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 00:57:17 -------- d-----w- C:\Program Files\iPod
2012-03-14 00:57:15 -------- d-----w- C:\Program Files\iTunes
2012-03-14 00:57:15 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-01 04:25:15 -------- d-----w- C:\Program Files\Bonjour Print Services
2012-03-01 04:13:03 -------- d-----w- C:\ProgramData\Samsung
2012-03-01 04:10:14 437328 ----a-w- C:\Windows\System32\UPDIO2.dll
2012-03-01 04:10:14 164432 ----a-w- C:\Windows\System32\SUPDSvcA2.dll
2012-03-01 04:10:13 34304 ----a-w- C:\Windows\System32\spd__l.dll
2012-03-01 04:10:12 260688 ----a-w- C:\Windows\SUPDRun.exe
2012-03-01 04:10:12 165456 ----a-w- C:\Windows\System32\SUPDSvc2.exe
2012-03-01 04:10:12 151552 ----a-w- C:\Windows\System32\spd__ci.exe
.
==================== Find3M ====================
.
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-01 01:32:26 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-01-03 14:25:21 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 18:33:53.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:31 PM

Posted 29 March 2012 - 11:27 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 andres2882

andres2882
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 30 March 2012 - 01:28 AM

Gringo,

Thanks for your help!

Here is my combofix log:

ComboFix 12-03-30.01 - Owner 03/29/2012 22:42:17.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4086.1462 [GMT -7:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 06:14 . 2012-03-30 06:16 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-03-30 06:14 . 2012-03-30 06:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-28 03:44 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BCA00F2-E9F7-424A-AC4A-A22C4EB15B9A}\mpengine.dll
2012-03-25 04:22 . 2012-03-25 04:22 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-25 04:22 . 2012-03-25 04:22 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 01:08 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 01:08 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll
2012-03-14 01:08 . 2012-01-09 14:27 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 00:57 . 2012-03-14 00:57 -------- d-----w- c:\program files\iPod
2012-03-14 00:57 . 2012-03-14 00:57 -------- d-----w- c:\program files\iTunes
2012-03-14 00:57 . 2012-03-14 00:57 -------- d-----w- c:\program files (x86)\iTunes
2012-03-01 04:25 . 2012-03-01 04:25 -------- d-----w- c:\program files\Bonjour Print Services
2012-03-01 04:13 . 2012-03-01 04:13 -------- d-----w- c:\programdata\Samsung
2012-03-01 04:10 . 2011-12-02 03:12 164432 ----a-w- c:\windows\system32\SUPDSvcA2.dll
2012-03-01 04:10 . 2011-12-02 03:12 437328 ----a-w- c:\windows\system32\UPDIO2.dll
2012-03-01 04:10 . 2011-04-11 05:26 34304 ----a-w- c:\windows\system32\spd__l.dll
2012-03-01 04:10 . 2011-12-02 03:12 165456 ----a-w- c:\windows\system32\SUPDSvc2.exe
2012-03-01 04:10 . 2011-12-02 03:12 260688 ----a-w- c:\windows\SUPDRun.exe
2012-03-01 04:10 . 2010-05-11 05:28 151552 ----a-w- c:\windows\system32\spd__ci.exe
2012-03-01 01:32 . 2012-03-01 01:32 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2010-06-29 18:02 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2008-12-11 06:57 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-06-04 05:55 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-01-31 02:16 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2008-12-11 06:57 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2008-12-11 06:57 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2008-12-11 06:57 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2008-12-11 06:57 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2008-12-11 06:57 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 01:32 . 2011-12-06 04:42 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 16:18 . 2009-10-04 16:43 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-03 14:25 . 2012-02-16 01:53 404992 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-28_14.09.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-03-28 10:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-03-30 06:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-03-30 06:17 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-03-28 10:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-03-30 06:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-03-28 10:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-03-30 06:17 59754 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-03-30 06:17 76586 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-25 15:30 . 2012-03-30 06:17 15316 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2927500201-2652415406-1322366653-1000_UserData.bin
- 2008-04-09 21:07 . 2012-03-27 03:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-09 21:07 . 2012-03-28 22:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-09 21:07 . 2012-03-27 03:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-09 21:07 . 2012-03-28 22:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-09 21:07 . 2012-03-27 03:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-09 21:07 . 2012-03-28 22:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-30 06:15 . 2012-03-30 06:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-28 06:29 . 2012-03-28 06:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-28 06:29 . 2012-03-28 06:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-30 06:15 . 2012-03-30 06:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-25 16:32 . 2012-03-29 14:49 298478 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 15:17 . 2012-03-29 15:22 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2006-11-02 15:17 . 2011-06-04 05:46 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2011-03-30 14:46 . 2012-03-30 06:14 406536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-03-30 14:46 . 2012-03-28 06:28 406536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-11-22 05:18 . 2012-03-28 06:28 2438584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2927500201-2652415406-1322366653-1000-8192.dat
+ 2011-11-22 05:18 . 2012-03-30 06:14 2438584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2927500201-2652415406-1322366653-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 963584]
"SigmatelSysTrayApp"="sttray64.exe" [2007-07-27 425984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 203800]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 168472]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-6836
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-6836
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3fey9xoy.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
@Denied: (Read) (Administrators)
@Denied: (B E 1 4 5) (Administrators)
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.msadpcm"="msadp32.acm"
"midimapper"="midimap.dll"
"wavemapper"="msacm32.drv"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.i420"="iyuv_32.dll"
"VIDC.YVU9"="tsbyuv.dll"
"msacm.l3acm"="c:\\Windows\\System32\\l3codeca.acm"
"MSVideo8"="VfWWDM32.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\users\Owner\IAG Remote Access Agent\jranuscourtsgov\notes1\uagqecsvc.exe
c:\program files (x86)\Viewpoint\Common\ViewpointService.exe
c:\program files\Camera Assistant Software for Gateway\CEC_MAIN.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-03-29 23:24:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-30 06:24
ComboFix2.txt 2012-03-28 14:13
ComboFix3.txt 2012-03-26 04:37
.
Pre-Run: 112,917,864,448 bytes free
Post-Run: 112,800,645,120 bytes free
.
- - End Of File - - 0AB797C7B3EB4D0F6DA6F3D635175076


I have run Combofix before. Generally, I get less redirects at first, but they start increasing in frequency within a day. No problems running the program other than it takes longer than 10 minutes and is slow to produce a log after reboot.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:31 PM

Posted 30 March 2012 - 01:58 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 andres2882

andres2882
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 30 March 2012 - 08:48 AM

TDSSKiller Log:

06:46:48.0178 3652 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
06:46:48.0684 3652 ============================================================
06:46:48.0684 3652 Current date / time: 2012/03/30 06:46:48.0684
06:46:48.0684 3652 SystemInfo:
06:46:48.0684 3652
06:46:48.0685 3652 OS Version: 6.0.6002 ServicePack: 2.0
06:46:48.0685 3652 Product type: Workstation
06:46:48.0685 3652 ComputerName: NEWLAPTOP
06:46:48.0685 3652 UserName: Owner
06:46:48.0685 3652 Windows directory: C:\Windows
06:46:48.0685 3652 System windows directory: C:\Windows
06:46:48.0685 3652 Running under WOW64
06:46:48.0685 3652 Processor architecture: Intel x64
06:46:48.0685 3652 Number of processors: 2
06:46:48.0685 3652 Page size: 0x1000
06:46:48.0685 3652 Boot type: Normal boot
06:46:48.0685 3652 ============================================================
06:46:49.0206 3652 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:46:49.0213 3652 \Device\Harddisk0\DR0:
06:46:49.0214 3652 MBR used
06:46:49.0214 3652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1F702C5
06:46:49.0214 3652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F70304, BlocksNum 0x1B25427D
06:46:49.0298 3652 Initialize success
06:46:49.0298 3652 ============================================================
06:46:53.0504 4524 ============================================================
06:46:53.0504 4524 Scan started
06:46:53.0504 4524 Mode: Manual;
06:46:53.0504 4524 ============================================================
06:46:53.0996 4524 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
06:46:53.0999 4524 ACPI - ok
06:46:54.0070 4524 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
06:46:54.0074 4524 adp94xx - ok
06:46:54.0148 4524 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
06:46:54.0151 4524 adpahci - ok
06:46:54.0178 4524 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
06:46:54.0179 4524 adpu160m - ok
06:46:54.0205 4524 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
06:46:54.0207 4524 adpu320 - ok
06:46:54.0255 4524 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
06:46:54.0256 4524 AeLookupSvc - ok
06:46:54.0340 4524 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
06:46:54.0343 4524 AFD - ok
06:46:54.0398 4524 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
06:46:54.0400 4524 agp440 - ok
06:46:54.0456 4524 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
06:46:54.0458 4524 aic78xx - ok
06:46:54.0503 4524 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
06:46:54.0505 4524 ALG - ok
06:46:54.0542 4524 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
06:46:54.0543 4524 aliide - ok
06:46:54.0561 4524 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
06:46:54.0562 4524 amdide - ok
06:46:54.0618 4524 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
06:46:54.0620 4524 AmdK8 - ok
06:46:54.0679 4524 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
06:46:54.0681 4524 Appinfo - ok
06:46:54.0773 4524 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:46:54.0775 4524 Apple Mobile Device - ok
06:46:54.0905 4524 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
06:46:54.0907 4524 arc - ok
06:46:54.0973 4524 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
06:46:54.0975 4524 arcsas - ok
06:46:55.0019 4524 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
06:46:55.0022 4524 aswFsBlk - ok
06:46:55.0083 4524 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
06:46:55.0085 4524 aswMonFlt - ok
06:46:55.0113 4524 aswRdr (ee1e8fea9d6dfe066aba3a8ea455a1f2) C:\Windows\system32\drivers\aswRdr.sys
06:46:55.0114 4524 aswRdr - ok
06:46:55.0189 4524 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
06:46:55.0199 4524 aswSnx - ok
06:46:55.0258 4524 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
06:46:55.0263 4524 aswSP - ok
06:46:55.0286 4524 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
06:46:55.0288 4524 aswTdi - ok
06:46:55.0348 4524 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
06:46:55.0349 4524 AsyncMac - ok
06:46:55.0400 4524 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
06:46:55.0401 4524 atapi - ok
06:46:55.0470 4524 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
06:46:55.0477 4524 AudioEndpointBuilder - ok
06:46:55.0503 4524 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
06:46:55.0510 4524 AudioSrv - ok
06:46:55.0590 4524 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
06:46:55.0592 4524 avast! Antivirus - ok
06:46:55.0720 4524 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys
06:46:55.0723 4524 b57nd60a - ok
06:46:55.0830 4524 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
06:46:55.0833 4524 BBSvc - ok
06:46:55.0937 4524 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
06:46:55.0944 4524 BCM43XV - ok
06:46:55.0979 4524 Beep - ok
06:46:56.0058 4524 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
06:46:56.0064 4524 BFE - ok
06:46:56.0145 4524 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
06:46:56.0163 4524 BITS - ok
06:46:56.0201 4524 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
06:46:56.0203 4524 blbdrive - ok
06:46:56.0305 4524 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
06:46:56.0311 4524 Bonjour Service - ok
06:46:56.0397 4524 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
06:46:56.0399 4524 bowser - ok
06:46:56.0466 4524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
06:46:56.0467 4524 BrFiltLo - ok
06:46:56.0510 4524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
06:46:56.0511 4524 BrFiltUp - ok
06:46:56.0554 4524 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
06:46:56.0556 4524 Browser - ok
06:46:56.0612 4524 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
06:46:56.0614 4524 Brserid - ok
06:46:56.0647 4524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
06:46:56.0649 4524 BrSerWdm - ok
06:46:56.0678 4524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
06:46:56.0679 4524 BrUsbMdm - ok
06:46:56.0706 4524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
06:46:56.0708 4524 BrUsbSer - ok
06:46:56.0743 4524 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
06:46:56.0745 4524 BTHMODEM - ok
06:46:56.0781 4524 catchme - ok
06:46:56.0837 4524 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
06:46:56.0841 4524 CAXHWAZL - ok
06:46:56.0872 4524 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
06:46:56.0875 4524 cdfs - ok
06:46:56.0932 4524 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
06:46:56.0934 4524 cdrom - ok
06:46:56.0991 4524 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
06:46:56.0994 4524 CertPropSvc - ok
06:46:57.0046 4524 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
06:46:57.0048 4524 circlass - ok
06:46:57.0096 4524 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
06:46:57.0102 4524 CLFS - ok
06:46:57.0178 4524 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:46:57.0180 4524 clr_optimization_v2.0.50727_32 - ok
06:46:57.0251 4524 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:46:57.0254 4524 clr_optimization_v2.0.50727_64 - ok
06:46:57.0364 4524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:46:57.0367 4524 clr_optimization_v4.0.30319_32 - ok
06:46:57.0394 4524 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:46:57.0397 4524 clr_optimization_v4.0.30319_64 - ok
06:46:57.0481 4524 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
06:46:57.0482 4524 CmBatt - ok
06:46:57.0513 4524 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
06:46:57.0515 4524 cmdide - ok
06:46:57.0550 4524 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
06:46:57.0552 4524 Compbatt - ok
06:46:57.0563 4524 COMSysApp - ok
06:46:57.0581 4524 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
06:46:57.0582 4524 crcdisk - ok
06:46:57.0639 4524 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
06:46:57.0643 4524 CryptSvc - ok
06:46:57.0716 4524 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
06:46:57.0729 4524 DcomLaunch - ok
06:46:57.0780 4524 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
06:46:57.0782 4524 DfsC - ok
06:46:57.0972 4524 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
06:46:58.0013 4524 DFSR - ok
06:46:58.0086 4524 DgiVecp (cfbb4907c7542180b5e0282301240006) C:\Windows\system32\Drivers\DgiVecp.sys
06:46:58.0088 4524 DgiVecp - ok
06:46:58.0151 4524 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
06:46:58.0156 4524 Dhcp - ok
06:46:58.0204 4524 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
06:46:58.0206 4524 disk - ok
06:46:58.0285 4524 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
06:46:58.0288 4524 Dnscache - ok
06:46:58.0349 4524 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
06:46:58.0353 4524 dot3svc - ok
06:46:58.0405 4524 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
06:46:58.0409 4524 DPS - ok
06:46:58.0478 4524 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
06:46:58.0479 4524 drmkaud - ok
06:46:58.0574 4524 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
06:46:58.0585 4524 DXGKrnl - ok
06:46:58.0677 4524 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
06:46:58.0679 4524 E1G60 - ok
06:46:58.0750 4524 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
06:46:58.0753 4524 EapHost - ok
06:46:58.0813 4524 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
06:46:58.0815 4524 Ecache - ok
06:46:58.0857 4524 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
06:46:58.0862 4524 ehRecvr - ok
06:46:58.0891 4524 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
06:46:58.0894 4524 ehSched - ok
06:46:58.0921 4524 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
06:46:58.0923 4524 ehstart - ok
06:46:58.0981 4524 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
06:46:58.0987 4524 elxstor - ok
06:46:59.0069 4524 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
06:46:59.0076 4524 EMDMgmt - ok
06:46:59.0138 4524 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
06:46:59.0139 4524 ErrDev - ok
06:46:59.0240 4524 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
06:46:59.0247 4524 EventSystem - ok
06:46:59.0298 4524 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
06:46:59.0301 4524 exfat - ok
06:46:59.0363 4524 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
06:46:59.0366 4524 fastfat - ok
06:46:59.0427 4524 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
06:46:59.0429 4524 fdc - ok
06:46:59.0501 4524 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
06:46:59.0504 4524 fdPHost - ok
06:46:59.0538 4524 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
06:46:59.0541 4524 FDResPub - ok
06:46:59.0598 4524 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
06:46:59.0600 4524 FileInfo - ok
06:46:59.0666 4524 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
06:46:59.0667 4524 Filetrace - ok
06:46:59.0791 4524 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:46:59.0799 4524 FLEXnet Licensing Service - ok
06:46:59.0858 4524 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
06:46:59.0860 4524 flpydisk - ok
06:46:59.0912 4524 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
06:46:59.0916 4524 FltMgr - ok
06:46:59.0985 4524 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
06:47:00.0000 4524 FontCache - ok
06:47:00.0058 4524 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:47:00.0059 4524 FontCache3.0.0.0 - ok
06:47:00.0096 4524 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
06:47:00.0098 4524 Fs_Rec - ok
06:47:00.0138 4524 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
06:47:00.0140 4524 gagp30kx - ok
06:47:00.0250 4524 GameConsoleService (3eafdd637416393722aa98e940dfd0a0) C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
06:47:00.0253 4524 GameConsoleService - ok
06:47:00.0304 4524 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
06:47:00.0306 4524 GEARAspiWDM - ok
06:47:00.0366 4524 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
06:47:00.0377 4524 gpsvc - ok
06:47:00.0419 4524 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
06:47:00.0421 4524 HdAudAddService - ok
06:47:00.0491 4524 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
06:47:00.0497 4524 HDAudBus - ok
06:47:00.0543 4524 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
06:47:00.0544 4524 HidBth - ok
06:47:00.0571 4524 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
06:47:00.0572 4524 HidIr - ok
06:47:00.0615 4524 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
06:47:00.0617 4524 hidserv - ok
06:47:00.0651 4524 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
06:47:00.0652 4524 HidUsb - ok
06:47:00.0700 4524 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
06:47:00.0704 4524 hkmsvc - ok
06:47:00.0750 4524 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
06:47:00.0752 4524 HpCISSs - ok
06:47:00.0814 4524 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
06:47:00.0821 4524 HSFHWAZL - ok
06:47:00.0900 4524 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
06:47:00.0912 4524 HSF_DPV - ok
06:47:00.0963 4524 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
06:47:00.0982 4524 HTTP - ok
06:47:01.0022 4524 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
06:47:01.0024 4524 i2omp - ok
06:47:01.0069 4524 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
06:47:01.0072 4524 i8042prt - ok
06:47:01.0158 4524 IAANTMON (72b53e9c8924949dec8f3799bcba2251) C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
06:47:01.0167 4524 IAANTMON - ok
06:47:01.0208 4524 iaStor (16a4671255cfb842225f0fdb6dbdb414) C:\Windows\system32\DRIVERS\iaStor.sys
06:47:01.0212 4524 iaStor - ok
06:47:01.0251 4524 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
06:47:01.0258 4524 iaStorV - ok
06:47:01.0361 4524 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:47:01.0392 4524 idsvc - ok
06:47:01.0691 4524 igfx (df87170ec724080676c18d5a0af87fc5) C:\Windows\system32\DRIVERS\igdkmd64.sys
06:47:01.0911 4524 igfx - ok
06:47:01.0954 4524 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
06:47:01.0956 4524 iirsp - ok
06:47:02.0016 4524 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
06:47:02.0041 4524 IKEEXT - ok
06:47:02.0074 4524 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
06:47:02.0077 4524 intelide - ok
06:47:02.0104 4524 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
06:47:02.0106 4524 intelppm - ok
06:47:02.0140 4524 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
06:47:02.0146 4524 IPBusEnum - ok
06:47:02.0201 4524 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:47:02.0205 4524 IpFilterDriver - ok
06:47:02.0258 4524 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
06:47:02.0267 4524 iphlpsvc - ok
06:47:02.0285 4524 IpInIp - ok
06:47:02.0327 4524 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
06:47:02.0331 4524 IPMIDRV - ok
06:47:02.0364 4524 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
06:47:02.0368 4524 IPNAT - ok
06:47:02.0457 4524 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
06:47:02.0491 4524 iPod Service - ok
06:47:02.0522 4524 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
06:47:02.0524 4524 IRENUM - ok
06:47:02.0567 4524 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
06:47:02.0569 4524 isapnp - ok
06:47:02.0615 4524 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
06:47:02.0618 4524 iScsiPrt - ok
06:47:02.0654 4524 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
06:47:02.0657 4524 iteatapi - ok
06:47:02.0709 4524 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
06:47:02.0711 4524 iteraid - ok
06:47:02.0752 4524 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
06:47:02.0754 4524 kbdclass - ok
06:47:02.0786 4524 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
06:47:02.0788 4524 kbdhid - ok
06:47:02.0831 4524 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
06:47:02.0835 4524 KeyIso - ok
06:47:02.0892 4524 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
06:47:02.0911 4524 KSecDD - ok
06:47:02.0931 4524 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
06:47:02.0934 4524 ksthunk - ok
06:47:02.0988 4524 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
06:47:03.0011 4524 KtmRm - ok
06:47:03.0067 4524 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
06:47:03.0079 4524 LanmanServer - ok
06:47:03.0118 4524 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
06:47:03.0132 4524 LanmanWorkstation - ok
06:47:03.0191 4524 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
06:47:03.0194 4524 lltdio - ok
06:47:03.0262 4524 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
06:47:03.0274 4524 lltdsvc - ok
06:47:03.0304 4524 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
06:47:03.0309 4524 lmhosts - ok
06:47:03.0343 4524 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
06:47:03.0347 4524 LSI_FC - ok
06:47:03.0397 4524 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
06:47:03.0401 4524 LSI_SAS - ok
06:47:03.0436 4524 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
06:47:03.0440 4524 LSI_SCSI - ok
06:47:03.0482 4524 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
06:47:03.0486 4524 luafv - ok
06:47:03.0524 4524 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
06:47:03.0527 4524 MBAMProtector - ok
06:47:03.0593 4524 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
06:47:03.0613 4524 MBAMService - ok
06:47:03.0657 4524 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
06:47:03.0661 4524 Mcx2Svc - ok
06:47:03.0739 4524 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
06:47:03.0745 4524 MDM - ok
06:47:03.0811 4524 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
06:47:03.0813 4524 mdmxsdk - ok
06:47:03.0859 4524 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
06:47:03.0861 4524 megasas - ok
06:47:03.0922 4524 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
06:47:03.0931 4524 MegaSR - ok
06:47:03.0998 4524 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
06:47:04.0000 4524 Microsoft Office Groove Audit Service - ok
06:47:04.0036 4524 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
06:47:04.0040 4524 MMCSS - ok
06:47:04.0058 4524 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
06:47:04.0059 4524 Modem - ok
06:47:04.0091 4524 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
06:47:04.0092 4524 monitor - ok
06:47:04.0107 4524 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
06:47:04.0109 4524 mouclass - ok
06:47:04.0148 4524 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
06:47:04.0150 4524 mouhid - ok
06:47:04.0198 4524 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
06:47:04.0201 4524 MountMgr - ok
06:47:04.0248 4524 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
06:47:04.0251 4524 mpio - ok
06:47:04.0284 4524 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
06:47:04.0288 4524 mpsdrv - ok
06:47:04.0348 4524 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
06:47:04.0370 4524 MpsSvc - ok
06:47:04.0401 4524 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
06:47:04.0403 4524 Mraid35x - ok
06:47:04.0455 4524 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
06:47:04.0459 4524 MRxDAV - ok
06:47:04.0497 4524 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:47:04.0501 4524 mrxsmb - ok
06:47:04.0546 4524 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:47:04.0553 4524 mrxsmb10 - ok
06:47:04.0575 4524 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:47:04.0579 4524 mrxsmb20 - ok
06:47:04.0616 4524 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
06:47:04.0618 4524 msahci - ok
06:47:04.0655 4524 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
06:47:04.0659 4524 msdsm - ok
06:47:04.0719 4524 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
06:47:04.0726 4524 MSDTC - ok
06:47:04.0774 4524 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
06:47:04.0778 4524 Msfs - ok
06:47:04.0812 4524 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
06:47:04.0815 4524 msisadrv - ok
06:47:04.0867 4524 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
06:47:04.0875 4524 MSiSCSI - ok
06:47:04.0891 4524 msiserver - ok
06:47:04.0964 4524 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
06:47:04.0965 4524 MSKSSRV - ok
06:47:04.0986 4524 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
06:47:04.0988 4524 MSPCLOCK - ok
06:47:05.0029 4524 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
06:47:05.0031 4524 MSPQM - ok
06:47:05.0086 4524 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
06:47:05.0096 4524 MsRPC - ok
06:47:05.0130 4524 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
06:47:05.0132 4524 mssmbios - ok
06:47:05.0168 4524 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
06:47:05.0169 4524 MSTEE - ok
06:47:05.0182 4524 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
06:47:05.0185 4524 Mup - ok
06:47:05.0223 4524 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
06:47:05.0235 4524 napagent - ok
06:47:05.0293 4524 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
06:47:05.0298 4524 NativeWifiP - ok
06:47:05.0364 4524 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
06:47:05.0370 4524 NDIS - ok
06:47:05.0407 4524 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
06:47:05.0409 4524 NdisTapi - ok
06:47:05.0438 4524 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
06:47:05.0440 4524 Ndisuio - ok
06:47:05.0475 4524 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
06:47:05.0479 4524 NdisWan - ok
06:47:05.0496 4524 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
06:47:05.0498 4524 NDProxy - ok
06:47:05.0519 4524 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
06:47:05.0521 4524 NetBIOS - ok
06:47:05.0561 4524 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
06:47:05.0567 4524 netbt - ok
06:47:05.0601 4524 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
06:47:05.0604 4524 Netlogon - ok
06:47:05.0640 4524 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
06:47:05.0645 4524 Netman - ok
06:47:05.0672 4524 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
06:47:05.0680 4524 netprofm - ok
06:47:05.0734 4524 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:47:05.0737 4524 NetTcpPortSharing - ok
06:47:05.0902 4524 NETw4v64 (520d367b45b12a75022b0070fff2b937) C:\Windows\system32\DRIVERS\NETw4v64.sys
06:47:05.0991 4524 NETw4v64 - ok
06:47:06.0046 4524 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
06:47:06.0049 4524 nfrd960 - ok
06:47:06.0097 4524 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
06:47:06.0106 4524 NlaSvc - ok
06:47:06.0145 4524 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
06:47:06.0148 4524 Npfs - ok
06:47:06.0184 4524 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
06:47:06.0190 4524 nsi - ok
06:47:06.0214 4524 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
06:47:06.0216 4524 nsiproxy - ok
06:47:06.0311 4524 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
06:47:06.0331 4524 Ntfs - ok
06:47:06.0353 4524 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
06:47:06.0355 4524 Null - ok
06:47:06.0396 4524 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
06:47:06.0400 4524 nvraid - ok
06:47:06.0428 4524 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
06:47:06.0431 4524 nvstor - ok
06:47:06.0465 4524 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
06:47:06.0470 4524 nv_agp - ok
06:47:06.0484 4524 NwlnkFlt - ok
06:47:06.0501 4524 NwlnkFwd - ok
06:47:06.0601 4524 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:47:06.0613 4524 odserv - ok
06:47:06.0667 4524 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
06:47:06.0669 4524 ohci1394 - ok
06:47:06.0716 4524 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:47:06.0722 4524 ose - ok
06:47:06.0792 4524 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
06:47:06.0826 4524 p2pimsvc - ok
06:47:06.0865 4524 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
06:47:06.0881 4524 p2psvc - ok
06:47:06.0921 4524 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
06:47:06.0925 4524 Parport - ok
06:47:06.0969 4524 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
06:47:06.0973 4524 partmgr - ok
06:47:07.0016 4524 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
06:47:07.0024 4524 PcaSvc - ok
06:47:07.0069 4524 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
06:47:07.0075 4524 pci - ok
06:47:07.0123 4524 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
06:47:07.0125 4524 pciide - ok
06:47:07.0188 4524 pcmcia (a2d6b9c3f532baa27cb0c158d8ef4da6) C:\Windows\system32\DRIVERS\pcmcia.sys
06:47:07.0195 4524 pcmcia - ok
06:47:07.0276 4524 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
06:47:07.0299 4524 PEAUTH - ok
06:47:07.0393 4524 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
06:47:07.0399 4524 PerfHost - ok
06:47:07.0495 4524 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
06:47:07.0552 4524 pla - ok
06:47:07.0602 4524 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
06:47:07.0625 4524 PlugPlay - ok
06:47:07.0683 4524 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
06:47:07.0698 4524 PNRPAutoReg - ok
06:47:07.0735 4524 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
06:47:07.0743 4524 PNRPsvc - ok
06:47:07.0790 4524 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
06:47:07.0796 4524 PolicyAgent - ok
06:47:07.0855 4524 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
06:47:07.0858 4524 PptpMiniport - ok
06:47:07.0901 4524 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
06:47:07.0903 4524 Processor - ok
06:47:07.0957 4524 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
06:47:07.0963 4524 ProfSvc - ok
06:47:07.0993 4524 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
06:47:07.0996 4524 ProtectedStorage - ok
06:47:08.0037 4524 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
06:47:08.0039 4524 PSched - ok
06:47:08.0071 4524 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
06:47:08.0073 4524 PxHlpa64 - ok
06:47:08.0140 4524 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
06:47:08.0183 4524 ql2300 - ok
06:47:08.0210 4524 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
06:47:08.0214 4524 ql40xx - ok
06:47:08.0263 4524 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
06:47:08.0272 4524 QWAVE - ok
06:47:08.0297 4524 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
06:47:08.0299 4524 QWAVEdrv - ok
06:47:08.0457 4524 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
06:47:08.0546 4524 R300 - ok
06:47:08.0587 4524 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
06:47:08.0589 4524 RasAcd - ok
06:47:08.0624 4524 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
06:47:08.0632 4524 RasAuto - ok
06:47:08.0676 4524 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:47:08.0680 4524 Rasl2tp - ok
06:47:08.0708 4524 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
06:47:08.0719 4524 RasMan - ok
06:47:08.0764 4524 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
06:47:08.0766 4524 RasPppoe - ok
06:47:08.0806 4524 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
06:47:08.0809 4524 RasSstp - ok
06:47:08.0855 4524 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
06:47:08.0863 4524 rdbss - ok
06:47:08.0903 4524 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:47:08.0905 4524 RDPCDD - ok
06:47:08.0953 4524 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
06:47:08.0960 4524 rdpdr - ok
06:47:08.0975 4524 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
06:47:08.0977 4524 RDPENCDD - ok
06:47:09.0046 4524 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
06:47:09.0049 4524 RDPWD - ok
06:47:09.0120 4524 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
06:47:09.0126 4524 RemoteAccess - ok
06:47:09.0169 4524 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
06:47:09.0175 4524 RemoteRegistry - ok
06:47:09.0237 4524 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
06:47:09.0240 4524 RpcLocator - ok
06:47:09.0296 4524 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
06:47:09.0307 4524 RpcSs - ok
06:47:09.0362 4524 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
06:47:09.0364 4524 rspndr - ok
06:47:09.0417 4524 RTL8169 (479f29909b9a48726a07971662f77316) C:\Windows\system32\DRIVERS\Rtlh64.sys
06:47:09.0422 4524 RTL8169 - ok
06:47:09.0475 4524 RTSTOR (0851174830dafad4eacc4dd818d803d1) C:\Windows\system32\drivers\RTSTOR64.SYS
06:47:09.0479 4524 RTSTOR - ok
06:47:09.0518 4524 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
06:47:09.0522 4524 SamSs - ok
06:47:09.0572 4524 Samsung UPD Service2 (2c31378a5695526e99adab928157b992) C:\Windows\System32\SUPDSvc2.exe
06:47:09.0582 4524 Samsung UPD Service2 - ok
06:47:09.0635 4524 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
06:47:09.0639 4524 sbp2port - ok
06:47:09.0694 4524 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
06:47:09.0705 4524 SCardSvr - ok
06:47:09.0775 4524 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
06:47:09.0790 4524 Schedule - ok
06:47:09.0830 4524 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
06:47:09.0832 4524 SCPolicySvc - ok
06:47:09.0879 4524 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
06:47:09.0883 4524 sdbus - ok
06:47:09.0933 4524 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
06:47:09.0943 4524 SDRSVC - ok
06:47:10.0034 4524 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
06:47:10.0038 4524 SeaPort - ok
06:47:10.0067 4524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
06:47:10.0070 4524 secdrv - ok
06:47:10.0090 4524 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
06:47:10.0098 4524 seclogon - ok
06:47:10.0120 4524 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
06:47:10.0124 4524 SENS - ok
06:47:10.0150 4524 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
06:47:10.0152 4524 Serenum - ok
06:47:10.0198 4524 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
06:47:10.0201 4524 Serial - ok
06:47:10.0231 4524 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
06:47:10.0232 4524 sermouse - ok
06:47:10.0269 4524 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
06:47:10.0274 4524 SessionEnv - ok
06:47:10.0309 4524 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
06:47:10.0310 4524 sffdisk - ok
06:47:10.0346 4524 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
06:47:10.0348 4524 sffp_mmc - ok
06:47:10.0384 4524 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
06:47:10.0386 4524 sffp_sd - ok
06:47:10.0406 4524 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
06:47:10.0408 4524 sfloppy - ok
06:47:10.0457 4524 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
06:47:10.0465 4524 SharedAccess - ok
06:47:10.0526 4524 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
06:47:10.0532 4524 ShellHWDetection - ok
06:47:10.0561 4524 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
06:47:10.0563 4524 SiSRaid2 - ok
06:47:10.0590 4524 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
06:47:10.0594 4524 SiSRaid4 - ok
06:47:10.0696 4524 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
06:47:10.0774 4524 slsvc - ok
06:47:10.0821 4524 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
06:47:10.0827 4524 SLUINotify - ok
06:47:10.0865 4524 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
06:47:10.0869 4524 Smb - ok
06:47:10.0917 4524 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
06:47:10.0922 4524 SNMPTRAP - ok
06:47:10.0969 4524 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
06:47:10.0971 4524 spldr - ok
06:47:11.0020 4524 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
06:47:11.0027 4524 Spooler - ok
06:47:11.0075 4524 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
06:47:11.0086 4524 srv - ok
06:47:11.0130 4524 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
06:47:11.0136 4524 srv2 - ok
06:47:11.0181 4524 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
06:47:11.0187 4524 srvnet - ok
06:47:11.0250 4524 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
06:47:11.0258 4524 SSDPSRV - ok
06:47:11.0314 4524 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
06:47:11.0317 4524 SSPORT - ok
06:47:11.0377 4524 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
06:47:11.0388 4524 SstpSvc - ok
06:47:11.0444 4524 STHDA (ef5536527a1def7161ef832dbc74ac47) C:\Windows\system32\drivers\stwrt64.sys
06:47:11.0463 4524 STHDA - ok
06:47:11.0527 4524 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
06:47:11.0561 4524 stisvc - ok
06:47:11.0597 4524 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
06:47:11.0600 4524 swenum - ok
06:47:11.0655 4524 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
06:47:11.0679 4524 swprv - ok
06:47:11.0834 4524 Symantec Core LC (438fafe708c93b2236fc26b6f2bd5fd0) C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
06:47:11.0850 4524 Symantec Core LC - ok
06:47:11.0888 4524 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
06:47:11.0892 4524 Symc8xx - ok
06:47:11.0918 4524 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
06:47:11.0921 4524 Sym_hi - ok
06:47:11.0952 4524 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
06:47:11.0954 4524 Sym_u3 - ok
06:47:12.0008 4524 SynTP (6149bb382bff81c0b453048cb048b81e) C:\Windows\system32\DRIVERS\SynTP.sys
06:47:12.0014 4524 SynTP - ok
06:47:12.0060 4524 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
06:47:12.0093 4524 SysMain - ok
06:47:12.0120 4524 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
06:47:12.0125 4524 TabletInputService - ok
06:47:12.0174 4524 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
06:47:12.0180 4524 TapiSrv - ok
06:47:12.0219 4524 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
06:47:12.0223 4524 TBS - ok
06:47:12.0342 4524 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
06:47:12.0354 4524 Tcpip - ok
06:47:12.0431 4524 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
06:47:12.0442 4524 Tcpip6 - ok
06:47:12.0483 4524 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
06:47:12.0485 4524 tcpipreg - ok
06:47:12.0530 4524 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
06:47:12.0532 4524 TDPIPE - ok
06:47:12.0563 4524 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
06:47:12.0565 4524 TDTCP - ok
06:47:12.0615 4524 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
06:47:12.0617 4524 tdx - ok
06:47:12.0653 4524 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
06:47:12.0656 4524 TermDD - ok
06:47:12.0712 4524 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
06:47:12.0722 4524 TermService - ok
06:47:12.0785 4524 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
06:47:12.0792 4524 Themes - ok
06:47:12.0824 4524 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
06:47:12.0828 4524 THREADORDER - ok
06:47:12.0873 4524 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
06:47:12.0883 4524 TrkWks - ok
06:47:12.0923 4524 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
06:47:12.0925 4524 TrustedInstaller - ok
06:47:13.0008 4524 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:47:13.0011 4524 tssecsrv - ok
06:47:13.0065 4524 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
06:47:13.0068 4524 tunmp - ok
06:47:13.0108 4524 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
06:47:13.0111 4524 tunnel - ok
06:47:13.0156 4524 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
06:47:13.0160 4524 uagp35 - ok
06:47:13.0287 4524 uagqecsvc (c49adf4fdcc2c1493197b2df528c9485) C:\Users\Owner\IAG Remote Access Agent\jranuscourtsgov\notes1\uagqecsvc.exe
06:47:13.0289 4524 uagqecsvc - ok
06:47:13.0363 4524 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
06:47:13.0373 4524 udfs - ok
06:47:13.0434 4524 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
06:47:13.0445 4524 UI0Detect - ok
06:47:13.0500 4524 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
06:47:13.0504 4524 uliagpkx - ok
06:47:13.0549 4524 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
06:47:13.0558 4524 uliahci - ok
06:47:13.0599 4524 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
06:47:13.0605 4524 UlSata - ok
06:47:13.0647 4524 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
06:47:13.0654 4524 ulsata2 - ok
06:47:13.0694 4524 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
06:47:13.0698 4524 umbus - ok
06:47:13.0749 4524 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
06:47:13.0772 4524 upnphost - ok
06:47:13.0833 4524 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
06:47:13.0837 4524 USBAAPL64 - ok
06:47:13.0888 4524 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
06:47:13.0893 4524 usbccgp - ok
06:47:13.0947 4524 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
06:47:13.0951 4524 usbcir - ok
06:47:13.0996 4524 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
06:47:14.0000 4524 usbehci - ok
06:47:14.0039 4524 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
06:47:14.0048 4524 usbhub - ok
06:47:14.0072 4524 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
06:47:14.0075 4524 usbohci - ok
06:47:14.0123 4524 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
06:47:14.0126 4524 usbprint - ok
06:47:14.0162 4524 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:47:14.0165 4524 USBSTOR - ok
06:47:14.0213 4524 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
06:47:14.0216 4524 usbuhci - ok
06:47:14.0260 4524 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
06:47:14.0266 4524 usbvideo - ok
06:47:14.0304 4524 UVCFTR (fa3ca291f80ee13a1ac210492a7dfbb9) C:\Windows\system32\Drivers\UVCFTR_S.SYS
06:47:14.0307 4524 UVCFTR - ok
06:47:14.0345 4524 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
06:47:14.0354 4524 UxSms - ok
06:47:14.0408 4524 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
06:47:14.0432 4524 vds - ok
06:47:14.0480 4524 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
06:47:14.0483 4524 vga - ok
06:47:14.0505 4524 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
06:47:14.0508 4524 VgaSave - ok
06:47:14.0548 4524 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
06:47:14.0550 4524 viaide - ok
06:47:14.0654 4524 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
06:47:14.0654 4524 Viewpoint Manager Service - ok
06:47:14.0685 4524 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
06:47:14.0687 4524 volmgr - ok
06:47:14.0744 4524 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
06:47:14.0752 4524 volmgrx - ok
06:47:14.0795 4524 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
06:47:14.0801 4524 volsnap - ok
06:47:14.0844 4524 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
06:47:14.0849 4524 vsmraid - ok
06:47:14.0912 4524 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
06:47:14.0958 4524 VSS - ok
06:47:15.0013 4524 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
06:47:15.0033 4524 W32Time - ok
06:47:15.0100 4524 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
06:47:15.0102 4524 WacomPen - ok
06:47:15.0143 4524 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
06:47:15.0146 4524 Wanarp - ok
06:47:15.0152 4524 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
06:47:15.0154 4524 Wanarpv6 - ok
06:47:15.0214 4524 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
06:47:15.0236 4524 wcncsvc - ok
06:47:15.0282 4524 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
06:47:15.0287 4524 WcsPlugInService - ok
06:47:15.0355 4524 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
06:47:15.0357 4524 Wd - ok
06:47:15.0414 4524 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
06:47:15.0448 4524 Wdf01000 - ok
06:47:15.0467 4524 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
06:47:15.0473 4524 WdiServiceHost - ok
06:47:15.0478 4524 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
06:47:15.0484 4524 WdiSystemHost - ok
06:47:15.0527 4524 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
06:47:15.0537 4524 WebClient - ok
06:47:15.0573 4524 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
06:47:15.0582 4524 Wecsvc - ok
06:47:15.0600 4524 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
06:47:15.0606 4524 wercplsupport - ok
06:47:15.0632 4524 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
06:47:15.0640 4524 WerSvc - ok
06:47:15.0740 4524 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
06:47:15.0761 4524 winachsf - ok
06:47:15.0767 4524 WinDefend - ok
06:47:15.0782 4524 WinHttpAutoProxySvc - ok
06:47:15.0861 4524 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
06:47:15.0867 4524 Winmgmt - ok
06:47:15.0991 4524 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
06:47:16.0103 4524 WinRM - ok
06:47:16.0176 4524 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
06:47:16.0199 4524 Wlansvc - ok
06:47:16.0431 4524 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:47:16.0483 4524 wlidsvc - ok
06:47:16.0639 4524 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
06:47:16.0641 4524 WmiAcpi - ok
06:47:16.0744 4524 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
06:47:16.0749 4524 wmiApSrv - ok
06:47:16.0767 4524 WMPNetworkSvc - ok
06:47:16.0852 4524 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
06:47:16.0860 4524 WPCSvc - ok
06:47:16.0921 4524 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
06:47:16.0927 4524 WPDBusEnum - ok
06:47:17.0018 4524 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
06:47:17.0021 4524 WpdUsb - ok
06:47:17.0169 4524 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
06:47:17.0203 4524 WPFFontCache_v0400 - ok
06:47:17.0326 4524 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
06:47:17.0328 4524 ws2ifsl - ok
06:47:17.0389 4524 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
06:47:17.0397 4524 wscsvc - ok
06:47:17.0408 4524 WSearch - ok
06:47:17.0582 4524 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
06:47:17.0613 4524 wuauserv - ok
06:47:17.0768 4524 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:47:17.0772 4524 WUDFRd - ok
06:47:17.0837 4524 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
06:47:17.0845 4524 wudfsvc - ok
06:47:17.0899 4524 XAudio (283bd3e0dffb8f6b4c62a5649959f9ef) C:\Windows\system32\DRIVERS\xaudio64.sys
06:47:17.0901 4524 XAudio - ok
06:47:17.0946 4524 XAudioService (340d7e19df14a65f73bce33b8ecd5fb6) C:\Windows\system32\DRIVERS\xaudio64.exe
06:47:17.0953 4524 XAudioService - ok
06:47:17.0989 4524 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
06:47:18.0082 4524 \Device\Harddisk0\DR0 - ok
06:47:18.0089 4524 Boot (0x1200) (fcf64b185b4657d6aea293dffe7b9f8e) \Device\Harddisk0\DR0\Partition0
06:47:18.0092 4524 \Device\Harddisk0\DR0\Partition0 - ok
06:47:18.0100 4524 Boot (0x1200) (76c6d491597bbbcceb7ef5c2978aff6e) \Device\Harddisk0\DR0\Partition1
06:47:18.0102 4524 \Device\Harddisk0\DR0\Partition1 - ok
06:47:18.0104 4524 ============================================================
06:47:18.0104 4524 Scan finished
06:47:18.0104 4524 ============================================================
06:47:18.0119 3988 Detected object count: 0
06:47:18.0119 3988 Actual detected object count: 0

#6 andres2882

andres2882
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 30 March 2012 - 09:42 AM

When I ran aswMBR , I had an "unexpected shutdown." Hence, no log. Should I re-run?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:31 PM

Posted 30 March 2012 - 01:08 PM

Hello

yes rerun once more and let me know what happens



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 andres2882

andres2882
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 30 March 2012 - 08:21 PM

Gringo,

Ran it again, same result: unexpected shutdown. Also got a redirect to Hapiloo afterward...

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:31 PM

Posted 30 March 2012 - 09:18 PM

in which browser did it happen?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 andres2882

andres2882
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 31 March 2012 - 01:20 AM

Firefox. I don't use IE.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:31 PM

Posted 31 March 2012 - 01:32 AM

Hello


I want you to uninstall firefox and when asked about user data I want that removed also


then reinstall it and check for the redirects


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 andres2882

andres2882
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 31 March 2012 - 11:35 AM

Gringo,

I uninstalled using the remover user data option as you said. Curiously, though, when I reinstalled my Firefox plugins and extensions were still there. Is that a problem?

Edited by andres2882, 31 March 2012 - 11:35 AM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:31 PM

Posted 31 March 2012 - 12:12 PM

Hello

Curiously, though, when I reinstalled my Firefox plugins and extensions were still there. Is that a problem?

Maybe - are you still being redirected?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 andres2882

andres2882
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 31 March 2012 - 12:29 PM

Gringo,

No redirects so far. I'll post again in a few hours to confirm if that's still the case.

#15 andres2882

andres2882
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 31 March 2012 - 05:07 PM

So far so good. I would note though that my most recent Avast scan detected some "threats" in the rootkit. It won't let me remove them, though, so I'm not sure what I should do. The "threats" are all "Process 4316 [mbamservice.exe]..." Any insight?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users