Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google happili redirect


  • This topic is locked This topic is locked
21 replies to this topic

#1 droid17

droid17

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 01 April 2012 - 10:12 AM

Hi all :)

About two days or so ago I noticed that when clicking on Google search results periodically it would redirect me to some happili page sometimes a sour page. I tried running both Malwarebytes and Anvi smart both in safe mode and it still seems to happen. It only happens every once in awhile like maybe 1 out of 10 searches, but I am worried it will only get worse! It seems to only be happening in Chrome not in IE.

Thanks!

droid

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by droid at 10:48:16 on 2012-04-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3352 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe
C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\RegCure\RegCure.exe
C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msntask.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Google Update] "C:\Users\droid\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [Application Restart #0] C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --enable-experimental-extension-apis --enable-print-preview --flag-switches-end --flag-switches-begin --enable-experimental-extension-apis --enable-print-preview --flag-switches-end --restore-last-session
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Plugin Install] C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
StartupFolder: C:\Users\droid\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E282A3DE-035B-4AA2-BACD-93CBDE33A4D4} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Defender BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [QuickTime Plugin Install] C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun-x64: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\droid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
IE-X64: {a0cadf8e-1c3d-4463-89f9-b6db8e1fe580} - C:\Users\droid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sportsbook.com\Sportsbook.com.lnk
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z206&install_date=20111015
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\droid\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG2012\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R1 avfsmn;avfsmn;C:\Windows\system32\DRIVERS\avfsmn.sys --> C:\Windows\system32\DRIVERS\avfsmn.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-2-3 296232]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 avhips;AntiMalware Host-based Intrusion Prevention System;\??\C:\Windows\system32\DRIVERS\avhips.sys --> C:\Windows\system32\DRIVERS\avhips.sys [?]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2012-1-5 112592]
R2 DigiNet;Digidesign Ethernet Support;C:\Windows\system32\DRIVERS\diginet.sys --> C:\Windows\system32\DRIVERS\diginet.sys [?]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-24 652360]
R2 MboxAudioDevMon;Mbox Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe [2010-5-25 1919504]
R2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe [2010-5-6 1919504]
R2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe [2010-6-11 1919504]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2011-5-27 4407152]
R2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-6 1636872]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MBOXMINI;Service for Avid Mbox Mini;C:\Windows\system32\DRIVERS\AvidMboxMini.sys --> C:\Windows\system32\DRIVERS\AvidMboxMini.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys --> C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2012-1-5 366840]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2012-1-5 1142224]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-31 22:35:10 24360 ----a-w- C:\Windows\System32\drivers\avhips.sys
2012-03-31 22:35:10 20264 ----a-w- C:\Windows\System32\drivers\avfsmn.sys
2012-03-31 22:34:59 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-03-25 00:41:24 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-24 16:49:11 -------- d-----w- C:\Users\droid\AppData\Roaming\Malwarebytes
2012-03-24 16:48:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-24 16:48:58 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-24 16:48:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-14 07:02:09 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 07:02:08 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:02:08 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 21:12:57 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 21:12:56 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 21:12:56 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 21:12:55 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-13 21:12:55 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-13 21:12:55 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-13 21:12:55 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-13 21:12:55 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-13 21:12:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-13 21:12:55 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-13 21:12:55 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-13 18:25:25 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 18:25:25 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 18:25:25 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 18:25:23 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 18:25:22 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 18:25:22 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 18:25:22 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-11 15:21:12 -------- d-----w- C:\Users\droid\AppData\Local\Threat Expert
2012-03-04 22:57:33 -------- d-----w- C:\Users\droid\.swt
.
==================== Find3M ====================
.
2012-03-27 02:14:01 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-05 14:35:30 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-01-05 14:35:28 233488 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 10:49:51.19 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 01 April 2012 - 11:52 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 droid17

droid17
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 02 April 2012 - 09:29 PM

Hi Gringo,

Thanks for your help :) I disabled all my anti virus software, closed all windows and tried to run combofix multiple times and every time it gets stuck after completing stage 4. I also seem to lose Internet connection when it gets stuck. I left it sit for about 1.5 hours they last time. I am going to let it sit over night tonight to see if it gets through???

Thanks,

droid

#4 droid17

droid17
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 02 April 2012 - 10:34 PM

Hi Gringo,

I actually just tried to run in Safe Mode and I was able to complete the run :) Below are the results.

Thanks,

droid


ComboFix 12-04-01.03 - droid 04/02/2012 23:03:05.4.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4588 [GMT -4:00]
Running from: c:\users\droid\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\ToOLbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\Web.config
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 03:14 . 2012-04-03 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-31 22:35 . 2012-01-09 08:26 24360 ----a-w- c:\windows\system32\drivers\avhips.sys
2012-03-31 22:35 . 2012-01-09 08:26 20264 ----a-w- c:\windows\system32\drivers\avfsmn.sys
2012-03-31 22:34 . 2012-03-31 22:34 -------- d-----w- c:\program files (x86)\Anvisoft
2012-03-25 00:41 . 2012-03-25 00:41 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-24 16:49 . 2012-03-24 16:49 -------- d-----w- c:\users\droid\AppData\Roaming\Malwarebytes
2012-03-24 16:48 . 2012-03-28 01:08 -------- d-----w- c:\programdata\Malwarebytes
2012-03-24 16:48 . 2012-03-24 16:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 16:48 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 07:02 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:02 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:02 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:12 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:12 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:12 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 21:12 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 21:12 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 21:12 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 21:12 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 21:12 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-13 21:12 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-13 21:12 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-13 21:12 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-13 18:25 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 18:25 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 18:25 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 18:25 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 18:25 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 18:25 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 18:25 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-11 15:21 . 2012-03-11 15:21 -------- d-----w- c:\users\droid\AppData\Local\Threat Expert
2012-03-04 22:57 . 2012-03-04 22:57 -------- d-----w- c:\users\droid\.swt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 02:14 . 2012-01-26 03:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-08 08:00 . 2012-02-08 08:00 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\1133.tmp
2012-02-04 10:02 . 2012-02-04 10:02 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\CB5.tmp
2012-02-04 10:02 . 2012-02-04 15:07 128000 ----a-w- c:\programdata\Microsoft\Windows\DRM\CA3F.tmp
2012-02-04 10:02 . 2012-02-04 10:02 128000 ----a-w- c:\programdata\Microsoft\Windows\DRM\CB5.tmp.dat
2012-01-06 05:15 . 2012-01-31 07:34 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BE87992-4EB6-4E56-AE40-935DF3228BB8}\mpengine.dll
2012-01-05 14:35 . 2012-01-05 14:07 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-01-05 14:35 . 2012-01-05 14:07 233488 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-01-04 09:58 . 2012-02-14 19:49 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-14 19:49 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-06-16 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-10-14 114688]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-02-03 715048]
.
c:\users\droid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S1 avfsmn;avfsmn;c:\windows\system32\DRIVERS\avfsmn.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-02-03 296232]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\avhips.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [x]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MboxAudioDevMon;Mbox Audio Device Monitor;c:\program files (x86)\Avid\Mbox\AudioDevMon.exe [2010-05-25 1919504]
S2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;c:\program files (x86)\Avid\Mbox Mini\AudioDevMon.exe [2010-05-06 1919504]
S2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;c:\program files (x86)\Avid\Mbox Pro\AudioDevMon.exe [2010-06-11 1919504]
S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2011-05-27 4407152]
S2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:\program files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-06 1636872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBOXMINI;Service for Avid Mbox Mini;c:\windows\system32\DRIVERS\AvidMboxMini.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914634615-2659660835-422284269-1000Core.job
- c:\users\droid\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-16 04:34]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914634615-2659660835-422284269-1000UA.job
- c:\users\droid\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-16 04:34]
.
2012-04-02 c:\windows\Tasks\HPCeeScheduleFordroid.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2012-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
2012-04-02 c:\windows\Tasks\RegCure Program Check.job
- c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-04-02 c:\windows\Tasks\RegCure.job
- c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 1125504]
"combofix"="c:\combofix\CF19828.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z206&install_date=20111015
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG2012\Firefox4
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-QuickTime Plugin Install - c:\program files (x86)\QuickTime\Plugins\DeleteMe1.exe
Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-04-02 23:22:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 03:22
.
Pre-Run: 909,232,889,856 bytes free
Post-Run: 908,732,469,248 bytes free
.
- - End Of File - - 553B2B74FF27CD05656D562E983CF598

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 03 April 2012 - 05:09 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 droid17

droid17
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 03 April 2012 - 08:36 PM

Thanks Gringo,

Here is the TDSSKiller log

21:16:41.0627 5036 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
21:16:43.0631 5036 ============================================================
21:16:43.0631 5036 Current date / time: 2012/04/03 21:16:43.0631
21:16:43.0631 5036 SystemInfo:
21:16:43.0631 5036
21:16:43.0631 5036 OS Version: 6.1.7600 ServicePack: 0.0
21:16:43.0631 5036 Product type: Workstation
21:16:43.0631 5036 ComputerName: DROID-PC
21:16:43.0632 5036 UserName: droid
21:16:43.0632 5036 Windows directory: C:\Windows
21:16:43.0632 5036 System windows directory: C:\Windows
21:16:43.0632 5036 Running under WOW64
21:16:43.0632 5036 Processor architecture: Intel x64
21:16:43.0632 5036 Number of processors: 4
21:16:43.0632 5036 Page size: 0x1000
21:16:43.0632 5036 Boot type: Normal boot
21:16:43.0632 5036 ============================================================
21:16:52.0215 5036 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:16:52.0219 5036 Drive \Device\Harddisk1\DR1 - Size: 0x3E000000 (0.97 Gb), SectorSize: 0x200, Cylinders: 0x7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:16:52.0231 5036 \Device\Harddisk0\DR0:
21:16:52.0231 5036 MBR used
21:16:52.0231 5036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2D000
21:16:52.0231 5036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F10C, BlocksNum 0x731386F2
21:16:52.0231 5036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x73167800, BlocksNum 0x159C800
21:16:52.0231 5036 \Device\Harddisk1\DR1:
21:16:52.0232 5036 MBR used
21:16:52.0232 5036 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1EFFC1
21:16:52.0437 5036 Initialize success
21:16:52.0437 5036 ============================================================
21:16:58.0737 0572 ============================================================
21:16:58.0737 0572 Scan started
21:16:58.0737 0572 Mode: Manual;
21:16:58.0737 0572 ============================================================
21:16:59.0870 0572 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:16:59.0873 0572 1394ohci - ok
21:16:59.0928 0572 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:16:59.0931 0572 ACPI - ok
21:16:59.0944 0572 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:16:59.0945 0572 AcpiPmi - ok
21:16:59.0966 0572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:16:59.0972 0572 adp94xx - ok
21:16:59.0992 0572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:16:59.0997 0572 adpahci - ok
21:17:00.0015 0572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:17:00.0018 0572 adpu320 - ok
21:17:00.0054 0572 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:17:00.0055 0572 AeLookupSvc - ok
21:17:00.0120 0572 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
21:17:00.0125 0572 AFD - ok
21:17:00.0140 0572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:17:00.0142 0572 agp440 - ok
21:17:00.0164 0572 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:17:00.0168 0572 ALG - ok
21:17:00.0187 0572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:17:00.0188 0572 aliide - ok
21:17:00.0196 0572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:17:00.0197 0572 amdide - ok
21:17:00.0245 0572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:17:00.0247 0572 AmdK8 - ok
21:17:00.0275 0572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:17:00.0275 0572 AmdPPM - ok
21:17:00.0306 0572 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:17:00.0306 0572 amdsata - ok
21:17:00.0338 0572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:17:00.0338 0572 amdsbs - ok
21:17:00.0369 0572 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:17:00.0369 0572 amdxata - ok
21:17:00.0400 0572 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:17:00.0400 0572 AppID - ok
21:17:00.0416 0572 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:17:00.0416 0572 AppIDSvc - ok
21:17:00.0431 0572 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:17:00.0431 0572 Appinfo - ok
21:17:00.0509 0572 Apple Mobile Device (d503df3aba595f551b98b9bae017a271) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:17:00.0509 0572 Apple Mobile Device - ok
21:17:00.0556 0572 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:17:00.0572 0572 arc - ok
21:17:00.0587 0572 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:17:00.0587 0572 arcsas - ok
21:17:00.0665 0572 asdsrv (2be4aa54c7728b7a432713961b09fa89) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
21:17:00.0681 0572 asdsrv - ok
21:17:00.0723 0572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:17:00.0725 0572 AsyncMac - ok
21:17:00.0774 0572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:17:00.0775 0572 atapi - ok
21:17:00.0802 0572 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:17:00.0809 0572 AudioEndpointBuilder - ok
21:17:00.0818 0572 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:17:00.0822 0572 AudioSrv - ok
21:17:00.0899 0572 avfsmn (7f5ea096d5edbaa9caeedf07dfae65da) C:\Windows\system32\DRIVERS\avfsmn.sys
21:17:00.0900 0572 avfsmn - ok
21:17:01.0055 0572 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
21:17:01.0077 0572 AVGIDSAgent - ok
21:17:01.0113 0572 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:17:01.0115 0572 AVGIDSDriver - ok
21:17:01.0133 0572 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:17:01.0134 0572 AVGIDSEH - ok
21:17:01.0149 0572 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:17:01.0150 0572 AVGIDSFilter - ok
21:17:01.0188 0572 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
21:17:01.0192 0572 Avgldx64 - ok
21:17:01.0236 0572 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
21:17:01.0236 0572 Avgmfx64 - ok
21:17:01.0266 0572 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
21:17:01.0267 0572 Avgrkx64 - ok
21:17:01.0295 0572 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
21:17:01.0300 0572 Avgtdia - ok
21:17:01.0326 0572 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:17:01.0332 0572 avgwd - ok
21:17:01.0348 0572 avhips (e0edb0f31b9755fb8f8017f3326de033) C:\Windows\system32\DRIVERS\avhips.sys
21:17:01.0349 0572 avhips - ok
21:17:01.0404 0572 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:17:01.0406 0572 AxInstSV - ok
21:17:01.0451 0572 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:17:01.0456 0572 b06bdrv - ok
21:17:01.0494 0572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:17:01.0498 0572 b57nd60a - ok
21:17:01.0514 0572 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:17:01.0516 0572 BDESVC - ok
21:17:01.0600 0572 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:17:01.0601 0572 Beep - ok
21:17:01.0662 0572 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
21:17:01.0670 0572 BFE - ok
21:17:01.0704 0572 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
21:17:01.0720 0572 BITS - ok
21:17:01.0766 0572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:17:01.0766 0572 blbdrive - ok
21:17:01.0848 0572 Bonjour Service (ebad0f51d8d4dade7660b1851addbd07) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:17:01.0854 0572 Bonjour Service - ok
21:17:01.0890 0572 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:17:01.0892 0572 bowser - ok
21:17:01.0920 0572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:17:01.0922 0572 BrFiltLo - ok
21:17:01.0943 0572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:17:01.0944 0572 BrFiltUp - ok
21:17:01.0972 0572 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:17:01.0974 0572 BridgeMP - ok
21:17:01.0993 0572 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:17:01.0995 0572 Browser - ok
21:17:02.0086 0572 Browser Defender Update Service (21fa3e51618ff8e2f4b29964abc5884f) C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
21:17:02.0089 0572 Browser Defender Update Service - ok
21:17:02.0112 0572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:17:02.0116 0572 Brserid - ok
21:17:02.0128 0572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:17:02.0129 0572 BrSerWdm - ok
21:17:02.0148 0572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:17:02.0150 0572 BrUsbMdm - ok
21:17:02.0167 0572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:17:02.0168 0572 BrUsbSer - ok
21:17:02.0194 0572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:17:02.0196 0572 BTHMODEM - ok
21:17:02.0252 0572 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:17:02.0254 0572 bthserv - ok
21:17:02.0379 0572 catchme - ok
21:17:02.0428 0572 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:17:02.0430 0572 cdfs - ok
21:17:02.0482 0572 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:17:02.0484 0572 cdrom - ok
21:17:02.0504 0572 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:17:02.0506 0572 CertPropSvc - ok
21:17:02.0534 0572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:17:02.0535 0572 circlass - ok
21:17:02.0559 0572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:17:02.0563 0572 CLFS - ok
21:17:02.0632 0572 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:17:02.0637 0572 clr_optimization_v2.0.50727_32 - ok
21:17:02.0694 0572 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:17:02.0698 0572 clr_optimization_v2.0.50727_64 - ok
21:17:02.0777 0572 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:17:02.0781 0572 clr_optimization_v4.0.30319_32 - ok
21:17:02.0806 0572 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:17:02.0811 0572 clr_optimization_v4.0.30319_64 - ok
21:17:02.0836 0572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:17:02.0852 0572 CmBatt - ok
21:17:02.0852 0572 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:17:02.0868 0572 cmdide - ok
21:17:02.0899 0572 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
21:17:02.0914 0572 CNG - ok
21:17:02.0930 0572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:17:02.0930 0572 Compbatt - ok
21:17:02.0977 0572 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:17:02.0977 0572 CompositeBus - ok
21:17:02.0992 0572 COMSysApp - ok
21:17:03.0039 0572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:17:03.0039 0572 crcdisk - ok
21:17:03.0070 0572 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
21:17:03.0070 0572 CryptSvc - ok
21:17:03.0133 0572 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:17:03.0148 0572 DcomLaunch - ok
21:17:03.0164 0572 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:17:03.0164 0572 defragsvc - ok
21:17:03.0211 0572 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:17:03.0211 0572 DfsC - ok
21:17:03.0226 0572 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:17:03.0226 0572 Dhcp - ok
21:17:03.0258 0572 DigiNet (85c8172c720022c02653e7b720c95b31) C:\Windows\system32\DRIVERS\diginet.sys
21:17:03.0258 0572 DigiNet - ok
21:17:03.0348 0572 DigiRefresh - ok
21:17:03.0402 0572 digiSPTIService (9aaecab6398a19c956aff8a8e84ceaea) C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe
21:17:03.0408 0572 digiSPTIService - ok
21:17:03.0450 0572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:17:03.0451 0572 discache - ok
21:17:03.0502 0572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:17:03.0503 0572 Disk - ok
21:17:03.0537 0572 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
21:17:03.0540 0572 Dnscache - ok
21:17:03.0565 0572 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:17:03.0569 0572 dot3svc - ok
21:17:03.0582 0572 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:17:03.0585 0572 DPS - ok
21:17:03.0640 0572 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:17:03.0641 0572 drmkaud - ok
21:17:03.0688 0572 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:17:03.0698 0572 DXGKrnl - ok
21:17:03.0721 0572 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:17:03.0723 0572 EapHost - ok
21:17:03.0791 0572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:17:03.0848 0572 ebdrv - ok
21:17:03.0885 0572 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
21:17:03.0889 0572 EFS - ok
21:17:03.0991 0572 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
21:17:04.0001 0572 ehRecvr - ok
21:17:04.0057 0572 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:17:04.0061 0572 ehSched - ok
21:17:04.0140 0572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:17:04.0146 0572 elxstor - ok
21:17:04.0167 0572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:17:04.0168 0572 ErrDev - ok
21:17:04.0214 0572 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:17:04.0219 0572 EventSystem - ok
21:17:04.0250 0572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:17:04.0253 0572 exfat - ok
21:17:04.0281 0572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:17:04.0281 0572 fastfat - ok
21:17:04.0328 0572 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:17:04.0328 0572 Fax - ok
21:17:04.0343 0572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:17:04.0343 0572 fdc - ok
21:17:04.0359 0572 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:17:04.0359 0572 fdPHost - ok
21:17:04.0390 0572 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:17:04.0390 0572 FDResPub - ok
21:17:04.0390 0572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:17:04.0390 0572 FileInfo - ok
21:17:04.0423 0572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:17:04.0425 0572 Filetrace - ok
21:17:04.0442 0572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:17:04.0444 0572 flpydisk - ok
21:17:04.0481 0572 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:17:04.0484 0572 FltMgr - ok
21:17:04.0535 0572 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
21:17:04.0546 0572 FontCache - ok
21:17:04.0627 0572 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:17:04.0631 0572 FontCache3.0.0.0 - ok
21:17:04.0638 0572 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:17:04.0640 0572 FsDepends - ok
21:17:04.0679 0572 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:17:04.0680 0572 Fs_Rec - ok
21:17:04.0745 0572 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:17:04.0748 0572 fvevol - ok
21:17:04.0771 0572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:17:04.0772 0572 gagp30kx - ok
21:17:04.0864 0572 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
21:17:04.0869 0572 GameConsoleService - ok
21:17:04.0920 0572 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:17:04.0922 0572 GEARAspiWDM - ok
21:17:04.0953 0572 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:17:04.0961 0572 gpsvc - ok
21:17:04.0983 0572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:17:04.0984 0572 hcw85cir - ok
21:17:05.0006 0572 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:17:05.0007 0572 HDAudBus - ok
21:17:05.0015 0572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:17:05.0016 0572 HidBatt - ok
21:17:05.0034 0572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:17:05.0036 0572 HidBth - ok
21:17:05.0058 0572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:17:05.0060 0572 HidIr - ok
21:17:05.0076 0572 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:17:05.0078 0572 hidserv - ok
21:17:05.0106 0572 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:17:05.0108 0572 HidUsb - ok
21:17:05.0121 0572 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:17:05.0123 0572 hkmsvc - ok
21:17:05.0148 0572 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:17:05.0152 0572 HomeGroupListener - ok
21:17:05.0184 0572 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:17:05.0188 0572 HomeGroupProvider - ok
21:17:05.0295 0572 HP Health Check Service (58c91cca61a948dc6e789c93c05a1d6f) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
21:17:05.0301 0572 HP Health Check Service - ok
21:17:05.0333 0572 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:17:05.0338 0572 hpqwmiex - ok
21:17:05.0364 0572 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:17:05.0366 0572 HpSAMD - ok
21:17:05.0413 0572 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:17:05.0429 0572 HTTP - ok
21:17:05.0444 0572 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:17:05.0444 0572 hwpolicy - ok
21:17:05.0460 0572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:17:05.0460 0572 i8042prt - ok
21:17:05.0522 0572 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:17:05.0538 0572 iaStorV - ok
21:17:05.0616 0572 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:17:05.0632 0572 idsvc - ok
21:17:05.0647 0572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:17:05.0647 0572 iirsp - ok
21:17:05.0710 0572 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:17:05.0710 0572 IKEEXT - ok
21:17:05.0834 0572 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
21:17:05.0892 0572 IntcAzAudAddService - ok
21:17:05.0911 0572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:17:05.0913 0572 intelide - ok
21:17:05.0949 0572 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:17:05.0951 0572 intelppm - ok
21:17:05.0974 0572 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:17:05.0977 0572 IPBusEnum - ok
21:17:06.0003 0572 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:17:06.0005 0572 IpFilterDriver - ok
21:17:06.0029 0572 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
21:17:06.0036 0572 iphlpsvc - ok
21:17:06.0049 0572 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:17:06.0050 0572 IPMIDRV - ok
21:17:06.0058 0572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:17:06.0060 0572 IPNAT - ok
21:17:06.0133 0572 iPod Service (662f56bb84094b46bd9b3cf777bd1f6c) C:\Program Files\iPod\bin\iPodService.exe
21:17:06.0142 0572 iPod Service - ok
21:17:06.0171 0572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:17:06.0172 0572 IRENUM - ok
21:17:06.0185 0572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:17:06.0186 0572 isapnp - ok
21:17:06.0205 0572 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:17:06.0208 0572 iScsiPrt - ok
21:17:06.0306 0572 ISWKL (bf65e6d039ae37c988d5b2b680e7d718) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
21:17:06.0307 0572 ISWKL - ok
21:17:06.0355 0572 IswSvc (99148599fe4d0a5cd7c7eb74ed5a63e4) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
21:17:06.0367 0572 IswSvc - ok
21:17:06.0378 0572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:17:06.0381 0572 kbdclass - ok
21:17:06.0414 0572 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:17:06.0415 0572 kbdhid - ok
21:17:06.0451 0572 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:17:06.0454 0572 KeyIso - ok
21:17:06.0493 0572 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
21:17:06.0495 0572 KSecDD - ok
21:17:06.0513 0572 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
21:17:06.0516 0572 KSecPkg - ok
21:17:06.0532 0572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:17:06.0533 0572 ksthunk - ok
21:17:06.0558 0572 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:17:06.0563 0572 KtmRm - ok
21:17:06.0623 0572 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
21:17:06.0627 0572 LanmanServer - ok
21:17:06.0655 0572 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:17:06.0658 0572 LanmanWorkstation - ok
21:17:06.0721 0572 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:17:06.0724 0572 LightScribeService - ok
21:17:06.0768 0572 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:17:06.0770 0572 lltdio - ok
21:17:06.0794 0572 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:17:06.0799 0572 lltdsvc - ok
21:17:06.0812 0572 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:17:06.0815 0572 lmhosts - ok
21:17:06.0858 0572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:17:06.0858 0572 LSI_FC - ok
21:17:06.0889 0572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:17:06.0889 0572 LSI_SAS - ok
21:17:06.0904 0572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:17:06.0904 0572 LSI_SAS2 - ok
21:17:06.0936 0572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:17:06.0936 0572 LSI_SCSI - ok
21:17:06.0951 0572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:17:06.0951 0572 luafv - ok
21:17:07.0028 0572 MAUSBMIDISPORT (2e48bf22134bd7104edf51aa82a6841f) C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys
21:17:07.0031 0572 MAUSBMIDISPORT - ok
21:17:07.0086 0572 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:17:07.0087 0572 MBAMProtector - ok
21:17:07.0148 0572 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:17:07.0157 0572 MBAMService - ok
21:17:07.0216 0572 MboxAudioDevMon (408656aa110081f2bae6d6fc1b0cd017) C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
21:17:07.0238 0572 MboxAudioDevMon - ok
21:17:07.0290 0572 MBOXMINI (cf9cff2abbea989f3ed5910da1ad8e8a) C:\Windows\system32\DRIVERS\AvidMboxMini.sys
21:17:07.0295 0572 MBOXMINI - ok
21:17:07.0334 0572 MboxMiniAudioDevMon (99726e9fcda6165bd022d64fc4de388e) C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe
21:17:07.0357 0572 MboxMiniAudioDevMon - ok
21:17:07.0420 0572 MboxProAudioDevMon (3e231136152ea90f1ed230527a3b9584) C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe
21:17:07.0442 0572 MboxProAudioDevMon - ok
21:17:07.0466 0572 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:17:07.0468 0572 Mcx2Svc - ok
21:17:07.0564 0572 MediaMall Server (4f35064ed1ad8386bf6eb09d6e2cea79) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
21:17:07.0586 0572 MediaMall Server - ok
21:17:07.0609 0572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:17:07.0611 0572 megasas - ok
21:17:07.0668 0572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:17:07.0672 0572 MegaSR - ok
21:17:07.0771 0572 MIDISPORTAudioDevMon (2511976346fe182eb0992f6d3685facc) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
21:17:07.0790 0572 MIDISPORTAudioDevMon - ok
21:17:07.0836 0572 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:17:07.0838 0572 MMCSS - ok
21:17:07.0875 0572 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:17:07.0876 0572 Modem - ok
21:17:07.0918 0572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:17:07.0919 0572 monitor - ok
21:17:07.0959 0572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:17:07.0959 0572 mouclass - ok
21:17:08.0021 0572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:17:08.0021 0572 mouhid - ok
21:17:08.0037 0572 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:17:08.0037 0572 mountmgr - ok
21:17:08.0068 0572 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:17:08.0068 0572 mpio - ok
21:17:08.0084 0572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:17:08.0084 0572 mpsdrv - ok
21:17:08.0115 0572 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
21:17:08.0130 0572 MpsSvc - ok
21:17:08.0146 0572 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:17:08.0146 0572 MRxDAV - ok
21:17:08.0177 0572 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:17:08.0193 0572 mrxsmb - ok
21:17:08.0224 0572 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:17:08.0224 0572 mrxsmb10 - ok
21:17:08.0240 0572 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:17:08.0240 0572 mrxsmb20 - ok
21:17:08.0255 0572 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:17:08.0271 0572 msahci - ok
21:17:08.0286 0572 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:17:08.0302 0572 msdsm - ok
21:17:08.0302 0572 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:17:08.0333 0572 MSDTC - ok
21:17:08.0364 0572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:17:08.0364 0572 Msfs - ok
21:17:08.0380 0572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:17:08.0380 0572 mshidkmdf - ok
21:17:08.0405 0572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:17:08.0405 0572 msisadrv - ok
21:17:08.0461 0572 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:17:08.0464 0572 MSiSCSI - ok
21:17:08.0470 0572 msiserver - ok
21:17:08.0514 0572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:17:08.0515 0572 MSKSSRV - ok
21:17:08.0554 0572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:17:08.0555 0572 MSPCLOCK - ok
21:17:08.0578 0572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:17:08.0580 0572 MSPQM - ok
21:17:08.0607 0572 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:17:08.0611 0572 MsRPC - ok
21:17:08.0655 0572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:17:08.0656 0572 mssmbios - ok
21:17:08.0664 0572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:17:08.0665 0572 MSTEE - ok
21:17:08.0718 0572 msvad_simple (c83829c280f0207677b7aaa151ef9c4d) C:\Windows\system32\drivers\povrtdev.sys
21:17:08.0719 0572 msvad_simple - ok
21:17:08.0750 0572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:17:08.0752 0572 MTConfig - ok
21:17:08.0789 0572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:17:08.0790 0572 Mup - ok
21:17:08.0826 0572 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:17:08.0832 0572 napagent - ok
21:17:08.0881 0572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:17:08.0885 0572 NativeWifiP - ok
21:17:08.0922 0572 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:17:08.0932 0572 NDIS - ok
21:17:08.0975 0572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:17:08.0976 0572 NdisCap - ok
21:17:09.0012 0572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:17:09.0013 0572 NdisTapi - ok
21:17:09.0031 0572 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:17:09.0033 0572 Ndisuio - ok
21:17:09.0053 0572 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:17:09.0056 0572 NdisWan - ok
21:17:09.0068 0572 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:17:09.0070 0572 NDProxy - ok
21:17:09.0086 0572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:17:09.0087 0572 NetBIOS - ok
21:17:09.0102 0572 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:17:09.0105 0572 NetBT - ok
21:17:09.0152 0572 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:17:09.0155 0572 Netlogon - ok
21:17:09.0213 0572 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:17:09.0218 0572 Netman - ok
21:17:09.0235 0572 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:17:09.0241 0572 netprofm - ok
21:17:09.0313 0572 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:17:09.0318 0572 NetTcpPortSharing - ok
21:17:09.0348 0572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:17:09.0352 0572 nfrd960 - ok
21:17:09.0388 0572 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:17:09.0388 0572 NlaSvc - ok
21:17:09.0403 0572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:17:09.0403 0572 Npfs - ok
21:17:09.0419 0572 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:17:09.0419 0572 nsi - ok
21:17:09.0434 0572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:17:09.0434 0572 nsiproxy - ok
21:17:09.0497 0572 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:17:09.0531 0572 Ntfs - ok
21:17:09.0562 0572 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:17:09.0563 0572 Null - ok
21:17:09.0781 0572 nvlddmkm (1cf597c9f0745735a6c5181ecb83706e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:17:09.0957 0572 nvlddmkm - ok
21:17:10.0069 0572 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
21:17:10.0073 0572 NVNET - ok
21:17:10.0127 0572 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:17:10.0130 0572 nvraid - ok
21:17:10.0159 0572 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys
21:17:10.0159 0572 nvsmu - ok
21:17:10.0192 0572 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:17:10.0195 0572 nvstor - ok
21:17:10.0217 0572 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
21:17:10.0219 0572 nvstor64 - ok
21:17:10.0235 0572 nvsvc (e71cfa7ae5e7518e29073d7c20a8fca1) C:\Windows\system32\nvvsvc.exe
21:17:10.0243 0572 nvsvc - ok
21:17:10.0276 0572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:17:10.0279 0572 nv_agp - ok
21:17:10.0297 0572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:17:10.0299 0572 ohci1394 - ok
21:17:10.0342 0572 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:17:10.0346 0572 p2pimsvc - ok
21:17:10.0377 0572 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:17:10.0382 0572 p2psvc - ok
21:17:10.0405 0572 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:17:10.0407 0572 Parport - ok
21:17:10.0450 0572 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:17:10.0451 0572 partmgr - ok
21:17:10.0463 0572 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:17:10.0466 0572 PcaSvc - ok
21:17:10.0489 0572 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:17:10.0491 0572 pci - ok
21:17:10.0508 0572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:17:10.0509 0572 pciide - ok
21:17:10.0520 0572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:17:10.0520 0572 pcmcia - ok
21:17:10.0567 0572 PCTCore (60f19af0a9a26851ad9bc2d981afbac6) C:\Windows\system32\drivers\PCTCore64.sys
21:17:10.0582 0572 PCTCore - ok
21:17:10.0598 0572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:17:10.0598 0572 pcw - ok
21:17:10.0629 0572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:17:10.0629 0572 PEAUTH - ok
21:17:10.0692 0572 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:17:10.0692 0572 PerfHost - ok
21:17:10.0738 0572 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:17:10.0754 0572 pla - ok
21:17:10.0816 0572 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
21:17:10.0816 0572 PlugPlay - ok
21:17:10.0832 0572 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:17:10.0832 0572 PNRPAutoReg - ok
21:17:10.0863 0572 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:17:10.0863 0572 PNRPsvc - ok
21:17:10.0894 0572 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:17:10.0894 0572 PolicyAgent - ok
21:17:10.0910 0572 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:17:10.0910 0572 Power - ok
21:17:10.0974 0572 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:17:10.0977 0572 PptpMiniport - ok
21:17:11.0012 0572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:17:11.0014 0572 Processor - ok
21:17:11.0039 0572 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
21:17:11.0043 0572 ProfSvc - ok
21:17:11.0085 0572 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:17:11.0089 0572 ProtectedStorage - ok
21:17:11.0102 0572 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:17:11.0105 0572 Psched - ok
21:17:11.0162 0572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:17:11.0176 0572 ql2300 - ok
21:17:11.0193 0572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:17:11.0195 0572 ql40xx - ok
21:17:11.0217 0572 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:17:11.0222 0572 QWAVE - ok
21:17:11.0236 0572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:17:11.0237 0572 QWAVEdrv - ok
21:17:11.0250 0572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:17:11.0251 0572 RasAcd - ok
21:17:11.0298 0572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:17:11.0299 0572 RasAgileVpn - ok
21:17:11.0317 0572 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:17:11.0321 0572 RasAuto - ok
21:17:11.0336 0572 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:17:11.0339 0572 Rasl2tp - ok
21:17:11.0360 0572 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:17:11.0365 0572 RasMan - ok
21:17:11.0405 0572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:17:11.0407 0572 RasPppoe - ok
21:17:11.0446 0572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:17:11.0448 0572 RasSstp - ok
21:17:11.0469 0572 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:17:11.0473 0572 rdbss - ok
21:17:11.0506 0572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:17:11.0507 0572 rdpbus - ok
21:17:11.0528 0572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:17:11.0529 0572 RDPCDD - ok
21:17:11.0568 0572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:17:11.0569 0572 RDPENCDD - ok
21:17:11.0579 0572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:17:11.0580 0572 RDPREFMP - ok
21:17:11.0622 0572 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
21:17:11.0625 0572 RDPWD - ok
21:17:11.0644 0572 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:17:11.0647 0572 rdyboost - ok
21:17:11.0679 0572 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:17:11.0682 0572 RemoteAccess - ok
21:17:11.0697 0572 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:17:11.0700 0572 RemoteRegistry - ok
21:17:11.0722 0572 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:17:11.0724 0572 RpcEptMapper - ok
21:17:11.0751 0572 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:17:11.0755 0572 RpcLocator - ok
21:17:11.0776 0572 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:17:11.0781 0572 RpcSs - ok
21:17:11.0794 0572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:17:11.0796 0572 rspndr - ok
21:17:11.0829 0572 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:17:11.0833 0572 SamSs - ok
21:17:11.0856 0572 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:17:11.0859 0572 sbp2port - ok
21:17:11.0880 0572 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:17:11.0884 0572 SCardSvr - ok
21:17:11.0903 0572 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:17:11.0905 0572 scfilter - ok
21:17:11.0949 0572 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:17:11.0949 0572 Schedule - ok
21:17:11.0996 0572 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:17:11.0996 0572 SCPolicySvc - ok
21:17:12.0074 0572 sdAuxService (a1089ac7683826e6c7c9fab9723dd80f) C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
21:17:12.0095 0572 sdAuxService - ok
21:17:12.0140 0572 sdCoreService (06f95756353653c7d505361117186713) C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
21:17:12.0155 0572 sdCoreService - ok
21:17:12.0168 0572 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:17:12.0172 0572 SDRSVC - ok
21:17:12.0215 0572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:17:12.0217 0572 secdrv - ok
21:17:12.0231 0572 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:17:12.0233 0572 seclogon - ok
21:17:12.0249 0572 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:17:12.0251 0572 SENS - ok
21:17:12.0259 0572 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:17:12.0262 0572 SensrSvc - ok
21:17:12.0294 0572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:17:12.0295 0572 Serenum - ok
21:17:12.0308 0572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:17:12.0310 0572 Serial - ok
21:17:12.0357 0572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:17:12.0359 0572 sermouse - ok
21:17:12.0384 0572 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:17:12.0387 0572 SessionEnv - ok
21:17:12.0409 0572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:17:12.0410 0572 sffdisk - ok
21:17:12.0426 0572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:17:12.0427 0572 sffp_mmc - ok
21:17:12.0435 0572 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:17:12.0437 0572 sffp_sd - ok
21:17:12.0450 0572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:17:12.0451 0572 sfloppy - ok
21:17:12.0507 0572 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:17:12.0512 0572 SharedAccess - ok
21:17:12.0531 0572 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:17:12.0536 0572 ShellHWDetection - ok
21:17:12.0558 0572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:17:12.0560 0572 SiSRaid2 - ok
21:17:12.0575 0572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:17:12.0577 0572 SiSRaid4 - ok
21:17:12.0630 0572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:17:12.0632 0572 Smb - ok
21:17:12.0670 0572 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:17:12.0674 0572 SNMPTRAP - ok
21:17:12.0681 0572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:17:12.0682 0572 spldr - ok
21:17:12.0730 0572 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
21:17:12.0740 0572 Spooler - ok
21:17:12.0800 0572 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:17:12.0870 0572 sppsvc - ok
21:17:12.0887 0572 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:17:12.0900 0572 sppuinotify - ok
21:17:12.0938 0572 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:17:12.0943 0572 srv - ok
21:17:12.0963 0572 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:17:12.0967 0572 srv2 - ok
21:17:13.0008 0572 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:17:13.0010 0572 srvnet - ok
21:17:13.0050 0572 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:17:13.0055 0572 SSDPSRV - ok
21:17:13.0072 0572 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:17:13.0074 0572 SstpSvc - ok
21:17:13.0112 0572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:17:13.0112 0572 stexstor - ok
21:17:13.0144 0572 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:17:13.0144 0572 stisvc - ok
21:17:13.0159 0572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:17:13.0159 0572 swenum - ok
21:17:13.0190 0572 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:17:13.0190 0572 swprv - ok
21:17:13.0253 0572 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:17:13.0300 0572 SysMain - ok
21:17:13.0315 0572 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:17:13.0315 0572 TabletInputService - ok
21:17:13.0346 0572 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:17:13.0346 0572 TapiSrv - ok
21:17:13.0362 0572 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:17:13.0362 0572 TBS - ok
21:17:13.0409 0572 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
21:17:13.0456 0572 Tcpip - ok
21:17:13.0502 0572 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
21:17:13.0520 0572 TCPIP6 - ok
21:17:13.0539 0572 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:17:13.0541 0572 tcpipreg - ok
21:17:13.0563 0572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:17:13.0564 0572 TDPIPE - ok
21:17:13.0598 0572 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
21:17:13.0600 0572 TDTCP - ok
21:17:13.0620 0572 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:17:13.0623 0572 tdx - ok
21:17:13.0662 0572 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:17:13.0664 0572 TermDD - ok
21:17:13.0691 0572 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:17:13.0699 0572 TermService - ok
21:17:13.0720 0572 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:17:13.0723 0572 Themes - ok
21:17:13.0747 0572 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:17:13.0748 0572 THREADORDER - ok
21:17:13.0801 0572 Tpkd (c676b0f52f2b6483afb88f79cabb011e) C:\Windows\system32\drivers\Tpkd.sys
21:17:13.0802 0572 Tpkd - ok
21:17:13.0823 0572 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:17:13.0826 0572 TrkWks - ok
21:17:13.0860 0572 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:17:13.0866 0572 TrustedInstaller - ok
21:17:13.0889 0572 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:17:13.0891 0572 tssecsrv - ok
21:17:13.0938 0572 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:17:13.0940 0572 tunnel - ok
21:17:13.0966 0572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:17:13.0968 0572 uagp35 - ok
21:17:13.0988 0572 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:17:13.0993 0572 udfs - ok
21:17:14.0020 0572 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:17:14.0024 0572 UI0Detect - ok
21:17:14.0052 0572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:17:14.0054 0572 uliagpkx - ok
21:17:14.0096 0572 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:17:14.0098 0572 umbus - ok
21:17:14.0111 0572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:17:14.0113 0572 UmPass - ok
21:17:14.0134 0572 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:17:14.0140 0572 upnphost - ok
21:17:14.0195 0572 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
21:17:14.0197 0572 usbaudio - ok
21:17:14.0226 0572 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:17:14.0228 0572 usbccgp - ok
21:17:14.0259 0572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:17:14.0261 0572 usbcir - ok
21:17:14.0300 0572 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
21:17:14.0301 0572 usbehci - ok
21:17:14.0355 0572 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:17:14.0359 0572 usbhub - ok
21:17:14.0397 0572 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
21:17:14.0399 0572 usbohci - ok
21:17:14.0439 0572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:17:14.0440 0572 usbprint - ok
21:17:14.0473 0572 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
21:17:14.0475 0572 USBSTOR - ok
21:17:14.0510 0572 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
21:17:14.0510 0572 usbuhci - ok
21:17:14.0541 0572 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:17:14.0541 0572 UxSms - ok
21:17:14.0572 0572 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:17:14.0588 0572 VaultSvc - ok
21:17:14.0635 0572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:17:14.0651 0572 vdrvroot - ok
21:17:14.0676 0572 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:17:14.0686 0572 vds - ok
21:17:14.0713 0572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:17:14.0715 0572 vga - ok
21:17:14.0724 0572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:17:14.0725 0572 VgaSave - ok
21:17:14.0741 0572 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:17:14.0744 0572 vhdmp - ok
21:17:14.0757 0572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:17:14.0758 0572 viaide - ok
21:17:14.0779 0572 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:17:14.0781 0572 volmgr - ok
21:17:14.0807 0572 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:17:14.0810 0572 volmgrx - ok
21:17:14.0830 0572 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:17:14.0834 0572 volsnap - ok
21:17:14.0892 0572 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\Windows\system32\DRIVERS\vsdatant.sys
21:17:14.0897 0572 Vsdatant - ok
21:17:14.0950 0572 vsmon - ok
21:17:14.0972 0572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:17:14.0975 0572 vsmraid - ok
21:17:15.0028 0572 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:17:15.0048 0572 VSS - ok
21:17:15.0064 0572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:17:15.0065 0572 vwifibus - ok
21:17:15.0091 0572 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:17:15.0096 0572 W32Time - ok
21:17:15.0120 0572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:17:15.0123 0572 WacomPen - ok
21:17:15.0166 0572 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:17:15.0168 0572 WANARP - ok
21:17:15.0182 0572 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:17:15.0183 0572 Wanarpv6 - ok
21:17:15.0241 0572 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:17:15.0257 0572 WatAdminSvc - ok
21:17:15.0291 0572 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:17:15.0312 0572 wbengine - ok
21:17:15.0328 0572 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:17:15.0332 0572 WbioSrvc - ok
21:17:15.0371 0572 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
21:17:15.0377 0572 wcncsvc - ok
21:17:15.0383 0572 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:17:15.0386 0572 WcsPlugInService - ok
21:17:15.0405 0572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:17:15.0407 0572 Wd - ok
21:17:15.0438 0572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:17:15.0444 0572 Wdf01000 - ok
21:17:15.0458 0572 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:17:15.0461 0572 WdiServiceHost - ok
21:17:15.0464 0572 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:17:15.0467 0572 WdiSystemHost - ok
21:17:15.0500 0572 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
21:17:15.0504 0572 WebClient - ok
21:17:15.0517 0572 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:17:15.0521 0572 Wecsvc - ok
21:17:15.0529 0572 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:17:15.0533 0572 wercplsupport - ok
21:17:15.0587 0572 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:17:15.0590 0572 WerSvc - ok
21:17:15.0629 0572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:17:15.0631 0572 WfpLwf - ok
21:17:15.0642 0572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:17:15.0642 0572 WIMMount - ok
21:17:15.0674 0572 WinDefend - ok
21:17:15.0674 0572 WinHttpAutoProxySvc - ok
21:17:15.0705 0572 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:17:15.0720 0572 Winmgmt - ok
21:17:15.0767 0572 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:17:15.0814 0572 WinRM - ok
21:17:15.0830 0572 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:17:15.0861 0572 Wlansvc - ok
21:17:15.0939 0572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:17:15.0939 0572 WmiAcpi - ok
21:17:15.0954 0572 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:17:15.0954 0572 wmiApSrv - ok
21:17:15.0970 0572 WMPNetworkSvc - ok
21:17:15.0986 0572 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:17:15.0986 0572 WPCSvc - ok
21:17:16.0001 0572 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:17:16.0001 0572 WPDBusEnum - ok
21:17:16.0032 0572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:17:16.0032 0572 ws2ifsl - ok
21:17:16.0064 0572 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
21:17:16.0064 0572 wscsvc - ok
21:17:16.0082 0572 WSearch - ok
21:17:16.0141 0572 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
21:17:16.0197 0572 wuauserv - ok
21:17:16.0219 0572 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:17:16.0221 0572 WudfPf - ok
21:17:16.0236 0572 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:17:16.0239 0572 WUDFRd - ok
21:17:16.0257 0572 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
21:17:16.0260 0572 wudfsvc - ok
21:17:16.0279 0572 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:17:16.0284 0572 WwanSvc - ok
21:17:16.0325 0572 MBR (0x1B8) (1a39ccde768b917df29a12fa7943f65a) \Device\Harddisk0\DR0
21:17:16.0509 0572 \Device\Harddisk0\DR0 - ok
21:17:16.0514 0572 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
21:17:23.0560 0572 \Device\Harddisk1\DR1 - ok
21:17:23.0576 0572 Boot (0x1200) (3e21a2b7be40e5bb8e6c4cf9d3fed8b8) \Device\Harddisk0\DR0\Partition0
21:17:23.0576 0572 \Device\Harddisk0\DR0\Partition0 - ok
21:17:23.0591 0572 Boot (0x1200) (6f4be58bee84f08bc053ba801487deaf) \Device\Harddisk0\DR0\Partition1
21:17:23.0591 0572 \Device\Harddisk0\DR0\Partition1 - ok
21:17:23.0622 0572 Boot (0x1200) (7f86f80acec80cea4e8e84ad2601f626) \Device\Harddisk0\DR0\Partition2
21:17:23.0622 0572 \Device\Harddisk0\DR0\Partition2 - ok
21:17:23.0622 0572 Boot (0x1200) (4f4aeaeba1d724b0d102e8ecd12e56c3) \Device\Harddisk1\DR1\Partition0
21:17:23.0622 0572 \Device\Harddisk1\DR1\Partition0 - ok
21:17:23.0622 0572 ============================================================
21:17:23.0622 0572 Scan finished
21:17:23.0622 0572 ============================================================
21:17:23.0638 5108 Detected object count: 0
21:17:23.0638 5108 Actual detected object count: 0



AswMBR


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-03 21:19:20
-----------------------------
21:19:20.570 OS Version: Windows x64 6.1.7600
21:19:20.570 Number of processors: 4 586 0x502
21:19:20.572 ComputerName: DROID-PC UserName: droid
21:19:25.963 Initialize success
21:19:58.709 AVAST engine defs: 12040302
21:20:12.636 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
21:20:12.638 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
21:20:12.643 Disk 0 MBR read successfully
21:20:12.645 Disk 0 MBR scan
21:20:12.649 Disk 0 unknown MBR code
21:20:12.651 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 90 MB offset 2048
21:20:12.657 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942704 MB offset 192780
21:20:12.691 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11065 MB offset 1930852352
21:20:12.700 Disk 0 scanning C:\Windows\system32\drivers
21:20:20.838 Service scanning
21:20:38.811 Modules scanning
21:20:38.816 Disk 0 trace - called modules:
21:20:38.831 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys storport.sys hal.dll nvstor64.sys
21:20:39.159 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e42060]
21:20:39.163 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8005cb48d0]
21:20:39.167 5 PCTCore64.sys[fffff880010f95d7] -> nt!IofCallDriver -> [0xfffffa8006245e40]
21:20:39.171 7 ACPI.sys[fffff88000e0e781] -> nt!IofCallDriver -> \Device\00000062[0xfffffa80058b79c0]
21:20:41.140 AVAST engine scan C:\Windows
21:20:44.595 AVAST engine scan C:\Windows\system32
21:24:22.151 AVAST engine scan C:\Windows\system32\drivers
21:24:58.858 AVAST engine scan C:\Users\droid
21:31:43.010 AVAST engine scan C:\ProgramData
21:33:16.465 File: C:\ProgramData\Microsoft\Windows\DRM\1133.tmp **INFECTED** Win32:Malware-gen
21:33:16.566 File: C:\ProgramData\Microsoft\Windows\DRM\CA3F.tmp **INFECTED** Win32:MalOb-HP [Cryp]
21:33:17.519 File: C:\ProgramData\Microsoft\Windows\DRM\CB5.tmp **INFECTED** Win32:Malware-gen
21:33:17.581 File: C:\ProgramData\Microsoft\Windows\DRM\CB5.tmp.dat **INFECTED** Win32:MalOb-HP [Cryp]
21:35:35.528 Scan finished successfully
21:35:46.612 Disk 0 MBR has been saved successfully to "C:\Users\droid\Desktop\MBR.dat"
21:35:46.618 The log file has been saved successfully to "C:\Users\droid\Desktop\aswMBR.txt"



Thanks!!!

droid

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 03 April 2012 - 09:04 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\ProgramData\Microsoft\Windows\DRM

FireFox::
FF - ProfilePath - c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 droid17

droid17
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 03 April 2012 - 09:52 PM

Hi Gringo,

Here is the latest combofix run. It seems like the redirects are alot less frequent.

Thanks!

ComboFix 12-04-01.03 - droid 04/03/2012 22:15:31.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3425 [GMT -4:00]
Running from: c:\users\droid\Desktop\ComboFix.exe
Command switches used :: c:\users\droid\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM
c:\programdata\Microsoft\Windows\DRM\1133.tmp
c:\programdata\Microsoft\Windows\DRM\blackbox.bin
c:\programdata\Microsoft\Windows\DRM\CA3F.tmp
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-2914634615-2659660835-422284269-1000\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.bla
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.tmp
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01_64.key
c:\programdata\Microsoft\Windows\DRM\CB5.tmp
c:\programdata\Microsoft\Windows\DRM\CB5.tmp.dat
c:\programdata\Microsoft\Windows\DRM\drmstore.hds
c:\programdata\Microsoft\Windows\DRM\IndivBox.key
c:\programdata\Microsoft\Windows\DRM\IndivBox_64.key
c:\programdata\Microsoft\Windows\DRM\v2ksndv.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.sec
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 02:37 . 2012-04-04 02:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-31 22:35 . 2012-01-09 08:26 24360 ----a-w- c:\windows\system32\drivers\avhips.sys
2012-03-31 22:35 . 2012-01-09 08:26 20264 ----a-w- c:\windows\system32\drivers\avfsmn.sys
2012-03-31 22:34 . 2012-03-31 22:34 -------- d-----w- c:\program files (x86)\Anvisoft
2012-03-25 00:41 . 2012-03-25 00:41 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-24 16:49 . 2012-03-24 16:49 -------- d-----w- c:\users\droid\AppData\Roaming\Malwarebytes
2012-03-24 16:48 . 2012-03-28 01:08 -------- d-----w- c:\programdata\Malwarebytes
2012-03-24 16:48 . 2012-03-24 16:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 16:48 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 07:02 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:02 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:02 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:12 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:12 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:12 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 21:12 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 21:12 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 21:12 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 21:12 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 21:12 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-13 21:12 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-13 21:12 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-13 21:12 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-13 18:25 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 18:25 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 18:25 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 18:25 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 18:25 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 18:25 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 18:25 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-11 15:21 . 2012-03-11 15:21 -------- d-----w- c:\users\droid\AppData\Local\Threat Expert
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 02:14 . 2012-01-26 03:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-06 05:15 . 2012-01-31 07:34 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BE87992-4EB6-4E56-AE40-935DF3228BB8}\mpengine.dll
2012-01-05 14:35 . 2012-01-05 14:07 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-01-05 14:35 . 2012-01-05 14:07 233488 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-03_03.17.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-03 03:16 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-03 03:29 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-03 03:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 03:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-13 17:32 . 2012-04-03 03:31 43976 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-03 03:31 34450 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-16 02:15 . 2012-04-03 14:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-16 02:15 . 2012-03-20 13:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-16 02:15 . 2012-03-20 13:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-16 02:15 . 2012-04-03 14:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 14:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-20 13:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-03 03:29 . 2012-04-03 03:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-03 03:16 . 2012-04-03 03:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-03 03:29 . 2012-04-03 03:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-03 03:16 . 2012-04-03 03:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-04-03 03:33 624162 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-03 02:26 624162 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-03 02:26 106538 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-03 03:33 106538 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-03 03:28 342544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-03 02:21 342544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-03-14 07:20 . 2012-04-03 02:21 464784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-03-14 07:20 . 2012-04-03 03:28 464784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2009-07-14 04:54 . 2012-04-03 03:16 1130496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 03:29 1130496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-16 03:42 . 2012-04-03 02:21 1258268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2914634615-2659660835-422284269-1000-8192.dat
+ 2010-05-16 03:42 . 2012-04-03 03:28 1258268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2914634615-2659660835-422284269-1000-8192.dat
- 2009-07-14 02:34 . 2012-04-03 02:35 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-04-03 12:40 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-06-16 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-10-14 114688]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-02-03 715048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-02-03 296232]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S1 avfsmn;avfsmn;c:\windows\system32\DRIVERS\avfsmn.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\avhips.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [x]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MboxAudioDevMon;Mbox Audio Device Monitor;c:\program files (x86)\Avid\Mbox\AudioDevMon.exe [2010-05-25 1919504]
S2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;c:\program files (x86)\Avid\Mbox Mini\AudioDevMon.exe [2010-05-06 1919504]
S2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;c:\program files (x86)\Avid\Mbox Pro\AudioDevMon.exe [2010-06-11 1919504]
S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2011-05-27 4407152]
S2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:\program files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-06 1636872]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBOXMINI;Service for Avid Mbox Mini;c:\windows\system32\DRIVERS\AvidMboxMini.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 53658977
*NewlyCreated* - ASWMBR
*Deregistered* - 53658977
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914634615-2659660835-422284269-1000Core.job
- c:\users\droid\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-16 04:34]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914634615-2659660835-422284269-1000UA.job
- c:\users\droid\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-16 04:34]
.
2012-04-02 c:\windows\Tasks\HPCeeScheduleFordroid.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2012-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
2012-04-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-04-02 c:\windows\Tasks\RegCure.job
- c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 1125504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\droid\AppData\Roaming\Mozilla\Firefox\Profiles\qvmyt2s6.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z206&install_date=20111015
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG2012\Firefox4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-03 22:39:54
ComboFix-quarantined-files.txt 2012-04-04 02:39
ComboFix2.txt 2012-04-03 03:22
.
Pre-Run: 907,390,738,432 bytes free
Post-Run: 907,448,541,184 bytes free
.
- - End Of File - - C11AAF59ECDD3E1FE329C567F4969123

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 03 April 2012 - 10:06 PM

Hello


In wihich browsers does the redirect happen

I want you to check all browsers that are inbstalled on the computer



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 droid17

droid17
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 04 April 2012 - 11:27 AM

It looks like only Chrome now. IE and FF look good!

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 04 April 2012 - 02:33 PM

Hello


Uninstall chrom and if asked about user data or settings remove that also - reinstall chrome and check both browsers again



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 droid17

droid17
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 04 April 2012 - 04:46 PM

Hi Gringo,

Uninstalled deleted data reinstalled and it seems to be working!!!!

Thanks!

droid

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 04 April 2012 - 04:58 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1 MUI
Bing Bar
Java™ 6 Update 20
ZoneAlarm Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 droid17

droid17
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 04 April 2012 - 05:30 PM

Hi Gringo,

Here are the logs.

Thanks!

MBAM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.04.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
droid :: DROID-PC [administrator]

Protection: Enabled

4/4/2012 6:04:27 PM
mbam-log-2012-04-04 (18-04-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205005
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HighJackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:28:15 PM, on 4/4/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\thinkorswim\thinkorswim.exe
c:\program files (x86)\thinkorswim\jre\bin\java.exe
C:\Program Files (x86)\thinkorswim\usergui\1814.21\IeEmbed.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Users\droid\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\droid\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O9 - Extra button: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\droid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\droid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra button: Sportsbook.com - {a0cadf8e-1c3d-4463-89f9-b6db8e1fe580} - C:\Users\droid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sportsbook.com\Sportsbook.com.lnk (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid Technology, Inc. - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Avid Technology, Inc. - C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mbox Audio Device Monitor (MboxAudioDevMon) - Avid - C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
O23 - Service: Mbox Mini Audio Device Monitor (MboxMiniAudioDevMon) - Avid - C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe
O23 - Service: Mbox Pro Audio Device Monitor (MboxProAudioDevMon) - Avid - C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe
O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files (x86)\MediaMall\MediaMallServer.exe
O23 - Service: MIDISPORT Audio Device Monitor (MIDISPORTAudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12675 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 04 April 2012 - 06:02 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
      O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
      O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
      O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
      O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users