Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili.com search redirect


  • This topic is locked This topic is locked
14 replies to this topic

#1 jflann

jflann

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 01 April 2012 - 06:20 PM

I'm using Firefox with google search enabled. Often, when clicking on a search result link, I get redirected to happili.com.

I suspect there might be additional viruses on the PC as well. A while back, I got some sort of infection that made much of my hard drives hidden. I think I ran malwarebytes to get rid of it, but now malwarebytes won't even run. Looking for some expert help here, which I really appreciated the last time I posted.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Justin at 18:11:38 on 2012-04-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4087.1494 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
G:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
G:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
G:\Program Files (x86)\Launchy\Launchy.exe
G:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\OEM03Mon.exe
G:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\DllHost.exe
G:\Program Files (x86)\Winamp\winamp.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
G:\Program Files\R\R-2.13.1\bin\x64\Rgui.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
G:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\NVIDIA Corporation\Display\NvTray.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
G:\Program Files (x86)\Deluge\deluge.exe
G:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\notepad.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Justin\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google.com
uInternet Settings,ProxyOverride = *.local
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
uRun: [Google Update] "C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "G:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Strong Malware Defender] "C:\ProgramData\9b49df\SM9b4_8050.exe" /s /d
uRun: [nescnr] rundll32.exe "C:\Users\Justin\AppData\Local\Temp\nescnr.dll",CreateTexture
uRun: [mlilar] rundll32.exe "C:\Users\Justin\AppData\Local\Temp\mlilar.dll",SetDoubleForDevice
mRun: [VirtualCloneDrive] "G:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "G:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Klagozehujo] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\dxmpDSr.dll",Startup
dRun: [uggiyrtj] C:\Windows\system32\config\systemprofile\AppData\Local\rwegrkinn\kbkxfnltssd.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - G:\Program Files (x86)\Launchy\Launchy.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: Interfaces\{960D916B-11D2-4374-9E56-EC116E640D3E} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{D765C584-FEFC-4815-BA38-B1A78D7FFF4C} : NameServer = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [VirtualCloneDrive] "G:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "G:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\tldufigl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: G:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-31 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 uvnc_service;uvnc_service;G:\Program Files\UltraVNC\winvnc.exe [2011-9-7 2169592]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-26 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-26 136176]
S3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM03Vfx.sys --> C:\Windows\system32\DRIVERS\OEM03Vfx.sys [?]
S3 OEM03Vid;Creative Camera OEM003 Driver;C:\Windows\system32\DRIVERS\OEM03Vid.sys --> C:\Windows\system32\DRIVERS\OEM03Vid.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-01 23:09:11 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21D5409F-15B1-4A0F-8D42-865196861F34}\mpengine.dll
2012-03-31 19:36:53 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-03-23 04:00:10 -------- d-----w- C:\Users\Justin\AppData\Local\{B29403FB-749C-11E1-826D-B8AC6F996F26}
2012-03-23 04:00:10 -------- d-----w- C:\Users\Justin\AppData\Local\{B293D16F-749C-11E1-826D-B8AC6F996F26}
2012-03-20 23:55:35 -------- d-----w- C:\Users\Justin\jagexcache
2012-03-19 21:54:28 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 21:54:28 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-03-31 19:25:27 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-29 18:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-17 12:46:01 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-01-17 12:45:56 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-01-17 12:45:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-01-08 19:47:16 281880 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-08 19:47:16 281880 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-01-08 19:47:05 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-01-08 18:26:18 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
.
============= FINISH: 18:12:57.50 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 PM

Posted 01 April 2012 - 11:47 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jflann

jflann
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 02 April 2012 - 11:56 AM

Hi Gringo, thanks for taking time to help me out.

I ran combofix without any problems. I did a couple searches via the firefox searchbar and was not redirected so that problem seems to be solved.

Here's the log incase anything else needs fixing. Thanks again!

ComboFix 12-04-01.03 - Justin 04/02/2012 11:20:31.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4087.2289 [GMT -5:00]
Running from: c:\users\Justin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Justin\AppData\Local\Temp\mlilar.dll
c:\users\Justin\AppData\Local\Temp\nescnr.dll
c:\users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Strong Malware Defender.lnk
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strong Malware Defender.lnk
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Strong Malware Defender.lnk
c:\users\Justin\Desktop\Strong Malware Defender.lnk
c:\users\Justin\Documents\~WRL0995.tmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\SETE194.tmp
c:\windows\TEMP\~B99A.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 16:24 . 2012-04-02 16:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-02 16:24 . 2012-04-02 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 23:09 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21D5409F-15B1-4A0F-8D42-865196861F34}\mpengine.dll
2012-03-31 19:37 . 2012-03-31 19:37 -------- d-----w- c:\users\UpdatusUser
2012-03-31 19:36 . 2012-02-29 20:59 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-03-31 19:26 . 2012-03-31 19:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-31 19:25 . 2012-03-31 19:25 -------- d-----w- c:\program files (x86)\Java
2012-03-23 04:00 . 2012-03-23 04:00 -------- d-----w- c:\users\Justin\AppData\Local\{B29403FB-749C-11E1-826D-B8AC6F996F26}
2012-03-23 04:00 . 2012-03-23 04:00 -------- d-----w- c:\users\Justin\AppData\Local\{B293D16F-749C-11E1-826D-B8AC6F996F26}
2012-03-20 23:55 . 2012-03-20 23:55 -------- d-----w- c:\users\Justin\jagexcache
2012-03-19 21:54 . 2012-03-19 21:54 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 21:54 . 2012-03-19 21:54 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 19:25 . 2010-07-28 02:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-01 00:02 . 2012-01-08 18:54 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2012-01-08 18:54 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2012-01-08 18:54 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2011-04-27 00:00 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2011-04-27 00:00 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-29 21:00 . 2011-04-08 04:19 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2011-04-08 04:19 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2011-04-08 04:19 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2011-04-08 04:19 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2011-04-08 04:19 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 18:26 . 2012-02-29 18:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-23 14:18 . 2010-07-26 21:42 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-08 19:47 . 2010-07-27 06:42 281880 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-01-08 19:47 . 2010-07-27 06:37 281880 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-01-08 19:47 . 2010-07-27 06:37 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-01-08 18:26 . 2010-07-27 06:37 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"Steam"="g:\program files (x86)\Steam\steam.exe" [2011-10-13 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="g:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"OEM03Mon.exe"="c:\windows\OEM03Mon.exe" [2007-05-19 36864]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="g:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launchy.lnk - g:\program files (x86)\Launchy\Launchy.exe [2010-7-30 380928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 136176]
R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\DRIVERS\OEM03Vfx.sys [x]
R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\DRIVERS\OEM03Vid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 uvnc_service;uvnc_service;g:\program files\UltraVNC\WinVNC.exe [2011-05-19 2169592]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 15:34]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 15:34]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545803500-693349282-3362692087-1000Core.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-31 18:31]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545803500-693349282-3362692087-1000UA.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-31 18:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = Google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{960D916B-11D2-4374-9E56-EC116E640D3E}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{D765C584-FEFC-4815-BA38-B1A78D7FFF4C}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\tldufigl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Strong Malware Defender - c:\programdata\9b49df\SM9b4_8050.exe
Wow6432Node-HKU-Default-Run-Klagozehujo - c:\windows\system32\config\systemprofile\AppData\Local\dxmpDSr.dll
Wow6432Node-HKU-Default-Run-uggiyrtj - c:\windows\system32\config\systemprofile\AppData\Local\rwegrkinn\kbkxfnltssd.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3545803500-693349282-3362692087-1000\Software\SecuROM\License information*]
"datasecu"=hex:d1,39,dd,61,88,c5,4b,a5,2a,6c,19,e8,fc,97,2a,3d,8c,d6,ee,c1,49,
15,e5,6e,54,a0,4d,95,ab,d8,25,3f,c9,12,7b,95,5e,cf,af,25,39,9d,0d,5e,76,a5,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-04-02 11:49:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 16:49
.
Pre-Run: 6,776,569,856 bytes free
Post-Run: 6,545,682,432 bytes free
.
- - End Of File - - FA648F1877B0EC1E3C10677486D73EB7

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 PM

Posted 02 April 2012 - 12:15 PM

Greetings

That is good news but lets run a couple more scans to make sure.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jflann

jflann
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 02 April 2012 - 12:40 PM

Hello again, here are those logs.

12:20:08.0865 3800 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
12:20:09.0351 3800 ============================================================
12:20:09.0351 3800 Current date / time: 2012/04/02 12:20:09.0351
12:20:09.0351 3800 SystemInfo:
12:20:09.0351 3800
12:20:09.0351 3800 OS Version: 6.1.7601 ServicePack: 1.0
12:20:09.0351 3800 Product type: Workstation
12:20:09.0351 3800 ComputerName: JUSTIN-RIG
12:20:09.0351 3800 UserName: Justin
12:20:09.0351 3800 Windows directory: C:\Windows
12:20:09.0351 3800 System windows directory: C:\Windows
12:20:09.0351 3800 Running under WOW64
12:20:09.0351 3800 Processor architecture: Intel x64
12:20:09.0351 3800 Number of processors: 4
12:20:09.0351 3800 Page size: 0x1000
12:20:09.0351 3800 Boot type: Normal boot
12:20:09.0351 3800 ============================================================
12:20:10.0343 3800 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:20:10.0360 3800 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:20:10.0377 3800 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:20:10.0400 3800 \Device\Harddisk1\DR1:
12:20:10.0400 3800 MBR used
12:20:10.0400 3800 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:20:10.0400 3800 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x655E000
12:20:10.0413 3800 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC66C800, BlocksNum 0x2C991000
12:20:10.0413 3800 \Device\Harddisk2\DR2:
12:20:10.0413 3800 MBR used
12:20:10.0413 3800 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3D090000
12:20:10.0413 3800 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3D090800, BlocksNum 0x37675000
12:20:10.0413 3800 \Device\Harddisk0\DR0:
12:20:10.0413 3800 MBR used
12:20:10.0413 3800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
12:20:10.0554 3800 Initialize success
12:20:10.0554 3800 ============================================================
12:20:14.0212 1448 ============================================================
12:20:14.0212 1448 Scan started
12:20:14.0212 1448 Mode: Manual;
12:20:14.0212 1448 ============================================================
12:20:15.0041 1448 !SASCORE (a0709b82fa3b5afad1467e565b8b3ba0) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:20:15.0042 1448 !SASCORE - ok
12:20:15.0160 1448 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:20:15.0162 1448 1394ohci - ok
12:20:15.0217 1448 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:20:15.0220 1448 ACPI - ok
12:20:15.0242 1448 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:20:15.0242 1448 AcpiPmi - ok
12:20:15.0280 1448 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:20:15.0285 1448 adp94xx - ok
12:20:15.0323 1448 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:20:15.0326 1448 adpahci - ok
12:20:15.0341 1448 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:20:15.0343 1448 adpu320 - ok
12:20:15.0368 1448 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:20:15.0369 1448 AeLookupSvc - ok
12:20:15.0408 1448 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
12:20:15.0413 1448 AFD - ok
12:20:15.0425 1448 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:20:15.0426 1448 agp440 - ok
12:20:15.0434 1448 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:20:15.0435 1448 ALG - ok
12:20:15.0445 1448 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:20:15.0445 1448 aliide - ok
12:20:15.0455 1448 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:20:15.0456 1448 amdide - ok
12:20:15.0469 1448 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:20:15.0470 1448 AmdK8 - ok
12:20:15.0481 1448 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:20:15.0482 1448 AmdPPM - ok
12:20:15.0490 1448 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:20:15.0491 1448 amdsata - ok
12:20:15.0508 1448 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:20:15.0510 1448 amdsbs - ok
12:20:15.0546 1448 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:20:15.0546 1448 amdxata - ok
12:20:15.0583 1448 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:20:15.0583 1448 AppID - ok
12:20:15.0594 1448 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:20:15.0595 1448 AppIDSvc - ok
12:20:15.0627 1448 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:20:15.0628 1448 Appinfo - ok
12:20:15.0731 1448 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:20:15.0732 1448 Apple Mobile Device - ok
12:20:15.0765 1448 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:20:15.0767 1448 AppMgmt - ok
12:20:15.0809 1448 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:20:15.0810 1448 arc - ok
12:20:15.0825 1448 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:20:15.0826 1448 arcsas - ok
12:20:15.0933 1448 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:20:15.0946 1448 aspnet_state - ok
12:20:15.0972 1448 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:20:15.0972 1448 AsyncMac - ok
12:20:16.0001 1448 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:20:16.0002 1448 atapi - ok
12:20:16.0064 1448 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:20:16.0070 1448 AudioEndpointBuilder - ok
12:20:16.0077 1448 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:20:16.0080 1448 AudioSrv - ok
12:20:16.0105 1448 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:20:16.0107 1448 AxInstSV - ok
12:20:16.0133 1448 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:20:16.0137 1448 b06bdrv - ok
12:20:16.0191 1448 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:20:16.0193 1448 b57nd60a - ok
12:20:16.0256 1448 BCM43XX (14b3d44414a353e85664be7c4db9747d) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:20:16.0268 1448 BCM43XX - ok
12:20:16.0291 1448 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:20:16.0291 1448 BDESVC - ok
12:20:16.0316 1448 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:20:16.0316 1448 Beep - ok
12:20:16.0363 1448 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:20:16.0369 1448 BFE - ok
12:20:16.0408 1448 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:20:16.0416 1448 BITS - ok
12:20:16.0451 1448 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:20:16.0452 1448 blbdrive - ok
12:20:16.0549 1448 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:20:16.0553 1448 Bonjour Service - ok
12:20:16.0567 1448 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:20:16.0568 1448 bowser - ok
12:20:16.0583 1448 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:20:16.0583 1448 BrFiltLo - ok
12:20:16.0591 1448 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:20:16.0592 1448 BrFiltUp - ok
12:20:16.0637 1448 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:20:16.0638 1448 Bridge - ok
12:20:16.0647 1448 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:20:16.0648 1448 BridgeMP - ok
12:20:16.0669 1448 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:20:16.0670 1448 Browser - ok
12:20:16.0689 1448 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:20:16.0692 1448 Brserid - ok
12:20:16.0704 1448 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:20:16.0705 1448 BrSerWdm - ok
12:20:16.0721 1448 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:20:16.0721 1448 BrUsbMdm - ok
12:20:16.0765 1448 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:20:16.0766 1448 BrUsbSer - ok
12:20:16.0781 1448 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:20:16.0781 1448 BTHMODEM - ok
12:20:16.0805 1448 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:20:16.0806 1448 bthserv - ok
12:20:16.0829 1448 catchme - ok
12:20:16.0842 1448 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:20:16.0843 1448 cdfs - ok
12:20:16.0900 1448 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:20:16.0901 1448 cdrom - ok
12:20:16.0941 1448 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:20:16.0942 1448 CertPropSvc - ok
12:20:16.0955 1448 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:20:16.0955 1448 circlass - ok
12:20:16.0974 1448 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:20:16.0977 1448 CLFS - ok
12:20:17.0024 1448 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:20:17.0025 1448 clr_optimization_v2.0.50727_32 - ok
12:20:17.0060 1448 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:20:17.0062 1448 clr_optimization_v2.0.50727_64 - ok
12:20:17.0154 1448 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:20:17.0155 1448 clr_optimization_v4.0.30319_32 - ok
12:20:17.0193 1448 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:20:17.0195 1448 clr_optimization_v4.0.30319_64 - ok
12:20:17.0236 1448 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:20:17.0236 1448 CmBatt - ok
12:20:17.0265 1448 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:20:17.0266 1448 cmdide - ok
12:20:17.0297 1448 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
12:20:17.0301 1448 CNG - ok
12:20:17.0324 1448 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:20:17.0324 1448 Compbatt - ok
12:20:17.0394 1448 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:20:17.0395 1448 CompositeBus - ok
12:20:17.0411 1448 COMSysApp - ok
12:20:17.0427 1448 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:20:17.0428 1448 crcdisk - ok
12:20:17.0490 1448 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:20:17.0492 1448 CryptSvc - ok
12:20:17.0507 1448 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:20:17.0512 1448 CSC - ok
12:20:17.0551 1448 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:20:17.0557 1448 CscService - ok
12:20:17.0575 1448 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:20:17.0580 1448 DcomLaunch - ok
12:20:17.0641 1448 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:20:17.0644 1448 defragsvc - ok
12:20:17.0676 1448 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:20:17.0677 1448 DfsC - ok
12:20:17.0718 1448 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:20:17.0721 1448 Dhcp - ok
12:20:17.0758 1448 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:20:17.0759 1448 discache - ok
12:20:17.0772 1448 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:20:17.0772 1448 Disk - ok
12:20:17.0800 1448 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:20:17.0802 1448 Dnscache - ok
12:20:17.0828 1448 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:20:17.0831 1448 dot3svc - ok
12:20:17.0894 1448 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:20:17.0896 1448 Dot4 - ok
12:20:17.0936 1448 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
12:20:17.0936 1448 Dot4Print - ok
12:20:17.0951 1448 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:20:17.0952 1448 dot4usb - ok
12:20:17.0980 1448 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:20:17.0982 1448 DPS - ok
12:20:18.0011 1448 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:20:18.0012 1448 drmkaud - ok
12:20:18.0043 1448 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:20:18.0047 1448 DXGKrnl - ok
12:20:18.0072 1448 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:20:18.0074 1448 EapHost - ok
12:20:18.0139 1448 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:20:18.0166 1448 ebdrv - ok
12:20:18.0188 1448 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
12:20:18.0206 1448 EFS - ok
12:20:18.0286 1448 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:20:18.0303 1448 ehRecvr - ok
12:20:18.0404 1448 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:20:18.0406 1448 ehSched - ok
12:20:18.0431 1448 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
12:20:18.0431 1448 ElbyCDIO - ok
12:20:18.0455 1448 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:20:18.0464 1448 elxstor - ok
12:20:18.0505 1448 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:20:18.0506 1448 ErrDev - ok
12:20:18.0534 1448 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:20:18.0538 1448 EventSystem - ok
12:20:18.0551 1448 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:20:18.0553 1448 exfat - ok
12:20:18.0579 1448 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:20:18.0581 1448 fastfat - ok
12:20:18.0645 1448 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:20:18.0651 1448 Fax - ok
12:20:18.0664 1448 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:20:18.0664 1448 fdc - ok
12:20:18.0686 1448 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:20:18.0686 1448 fdPHost - ok
12:20:18.0698 1448 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:20:18.0698 1448 FDResPub - ok
12:20:18.0739 1448 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:20:18.0739 1448 FileInfo - ok
12:20:18.0746 1448 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:20:18.0747 1448 Filetrace - ok
12:20:18.0810 1448 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:20:18.0816 1448 FLEXnet Licensing Service - ok
12:20:18.0833 1448 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:20:18.0833 1448 flpydisk - ok
12:20:18.0882 1448 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:20:18.0884 1448 FltMgr - ok
12:20:18.0919 1448 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:20:18.0929 1448 FontCache - ok
12:20:19.0014 1448 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:20:19.0014 1448 FontCache3.0.0.0 - ok
12:20:19.0032 1448 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:20:19.0033 1448 FsDepends - ok
12:20:19.0041 1448 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:20:19.0041 1448 Fs_Rec - ok
12:20:19.0085 1448 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:20:19.0087 1448 fvevol - ok
12:20:19.0123 1448 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:20:19.0124 1448 gagp30kx - ok
12:20:19.0151 1448 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:20:19.0151 1448 GEARAspiWDM - ok
12:20:19.0187 1448 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:20:19.0193 1448 gpsvc - ok
12:20:19.0300 1448 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:20:19.0301 1448 gupdate - ok
12:20:19.0320 1448 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:20:19.0321 1448 gupdatem - ok
12:20:19.0337 1448 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:20:19.0338 1448 hcw85cir - ok
12:20:19.0405 1448 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:20:19.0408 1448 HdAudAddService - ok
12:20:19.0421 1448 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:20:19.0422 1448 HDAudBus - ok
12:20:19.0435 1448 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:20:19.0435 1448 HidBatt - ok
12:20:19.0448 1448 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:20:19.0449 1448 HidBth - ok
12:20:19.0459 1448 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:20:19.0460 1448 HidIr - ok
12:20:19.0506 1448 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:20:19.0507 1448 hidserv - ok
12:20:19.0547 1448 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:20:19.0547 1448 HidUsb - ok
12:20:19.0577 1448 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:20:19.0579 1448 hkmsvc - ok
12:20:19.0609 1448 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:20:19.0612 1448 HomeGroupListener - ok
12:20:19.0647 1448 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:20:19.0650 1448 HomeGroupProvider - ok
12:20:19.0677 1448 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:20:19.0678 1448 HpSAMD - ok
12:20:19.0794 1448 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:20:19.0803 1448 HPSLPSVC - ok
12:20:19.0860 1448 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:20:19.0872 1448 HTTP - ok
12:20:19.0903 1448 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:20:19.0903 1448 hwpolicy - ok
12:20:19.0952 1448 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:20:19.0953 1448 i8042prt - ok
12:20:19.0964 1448 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:20:19.0968 1448 iaStorV - ok
12:20:20.0043 1448 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:20:20.0044 1448 IDriverT - ok
12:20:20.0131 1448 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:20:20.0140 1448 idsvc - ok
12:20:20.0195 1448 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:20:20.0195 1448 iirsp - ok
12:20:20.0214 1448 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:20:20.0222 1448 IKEEXT - ok
12:20:20.0273 1448 IntcAzAudAddService (d8bce8176cb1084c6f5830c019d47166) C:\Windows\system32\drivers\RTKVHD64.sys
12:20:20.0280 1448 IntcAzAudAddService - ok
12:20:20.0312 1448 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:20:20.0312 1448 intelide - ok
12:20:20.0341 1448 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:20:20.0341 1448 intelppm - ok
12:20:20.0369 1448 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:20:20.0370 1448 IPBusEnum - ok
12:20:20.0413 1448 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:20:20.0414 1448 IpFilterDriver - ok
12:20:20.0447 1448 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:20:20.0452 1448 iphlpsvc - ok
12:20:20.0476 1448 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:20:20.0477 1448 IPMIDRV - ok
12:20:20.0495 1448 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:20:20.0496 1448 IPNAT - ok
12:20:20.0551 1448 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
12:20:20.0559 1448 iPod Service - ok
12:20:20.0589 1448 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:20:20.0589 1448 IRENUM - ok
12:20:20.0605 1448 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:20:20.0605 1448 isapnp - ok
12:20:20.0641 1448 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:20:20.0644 1448 iScsiPrt - ok
12:20:20.0665 1448 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:20:20.0666 1448 kbdclass - ok
12:20:20.0692 1448 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:20:20.0692 1448 kbdhid - ok
12:20:20.0713 1448 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
12:20:20.0714 1448 KeyIso - ok
12:20:20.0727 1448 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
12:20:20.0728 1448 KSecDD - ok
12:20:20.0796 1448 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
12:20:20.0798 1448 KSecPkg - ok
12:20:20.0823 1448 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:20:20.0823 1448 ksthunk - ok
12:20:20.0853 1448 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:20:20.0857 1448 KtmRm - ok
12:20:20.0888 1448 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:20:20.0891 1448 LanmanServer - ok
12:20:20.0915 1448 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:20:20.0916 1448 LanmanWorkstation - ok
12:20:21.0038 1448 LiveUpdate (e8a9ac5f30833cd62e3530e2fdbf81df) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
12:20:21.0063 1448 LiveUpdate - ok
12:20:21.0131 1448 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:20:21.0132 1448 lltdio - ok
12:20:21.0155 1448 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:20:21.0159 1448 lltdsvc - ok
12:20:21.0173 1448 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:20:21.0174 1448 lmhosts - ok
12:20:21.0197 1448 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:20:21.0198 1448 LSI_FC - ok
12:20:21.0210 1448 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:20:21.0211 1448 LSI_SAS - ok
12:20:21.0225 1448 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:20:21.0226 1448 LSI_SAS2 - ok
12:20:21.0242 1448 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:20:21.0243 1448 LSI_SCSI - ok
12:20:21.0262 1448 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:20:21.0263 1448 luafv - ok
12:20:21.0292 1448 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:20:21.0294 1448 Mcx2Svc - ok
12:20:21.0305 1448 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:20:21.0305 1448 megasas - ok
12:20:21.0325 1448 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:20:21.0328 1448 MegaSR - ok
12:20:21.0400 1448 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:20:21.0401 1448 Microsoft Office Groove Audit Service - ok
12:20:21.0420 1448 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:20:21.0421 1448 MMCSS - ok
12:20:21.0432 1448 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:20:21.0433 1448 Modem - ok
12:20:21.0458 1448 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:20:21.0458 1448 monitor - ok
12:20:21.0497 1448 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:20:21.0498 1448 mouclass - ok
12:20:21.0525 1448 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:20:21.0526 1448 mouhid - ok
12:20:21.0555 1448 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:20:21.0556 1448 mountmgr - ok
12:20:21.0587 1448 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:20:21.0588 1448 mpio - ok
12:20:21.0608 1448 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:20:21.0609 1448 mpsdrv - ok
12:20:21.0645 1448 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:20:21.0653 1448 MpsSvc - ok
12:20:21.0681 1448 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:20:21.0682 1448 MRxDAV - ok
12:20:21.0712 1448 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:20:21.0714 1448 mrxsmb - ok
12:20:21.0731 1448 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:20:21.0734 1448 mrxsmb10 - ok
12:20:21.0740 1448 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:20:21.0741 1448 mrxsmb20 - ok
12:20:21.0750 1448 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:20:21.0750 1448 msahci - ok
12:20:21.0764 1448 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:20:21.0766 1448 msdsm - ok
12:20:21.0785 1448 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:20:21.0787 1448 MSDTC - ok
12:20:21.0803 1448 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:20:21.0803 1448 Msfs - ok
12:20:21.0810 1448 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:20:21.0811 1448 mshidkmdf - ok
12:20:21.0821 1448 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:20:21.0821 1448 msisadrv - ok
12:20:21.0847 1448 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:20:21.0849 1448 MSiSCSI - ok
12:20:21.0853 1448 msiserver - ok
12:20:21.0876 1448 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:20:21.0876 1448 MSKSSRV - ok
12:20:21.0894 1448 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:20:21.0894 1448 MSPCLOCK - ok
12:20:21.0899 1448 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:20:21.0900 1448 MSPQM - ok
12:20:21.0927 1448 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:20:21.0930 1448 MsRPC - ok
12:20:21.0946 1448 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:20:21.0946 1448 mssmbios - ok
12:20:21.0972 1448 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:20:21.0972 1448 MSTEE - ok
12:20:21.0986 1448 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:20:21.0987 1448 MTConfig - ok
12:20:22.0007 1448 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:20:22.0008 1448 Mup - ok
12:20:22.0038 1448 mv61xx (42ab117ab98ac93f487b2913ee4fbdd8) C:\Windows\system32\DRIVERS\mv61xx.sys
12:20:22.0040 1448 mv61xx - ok
12:20:22.0073 1448 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:20:22.0078 1448 napagent - ok
12:20:22.0104 1448 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:20:22.0107 1448 NativeWifiP - ok
12:20:22.0141 1448 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:20:22.0149 1448 NDIS - ok
12:20:22.0182 1448 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:20:22.0182 1448 NdisCap - ok
12:20:22.0211 1448 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:20:22.0213 1448 NdisTapi - ok
12:20:22.0251 1448 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:20:22.0252 1448 Ndisuio - ok
12:20:22.0279 1448 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:20:22.0281 1448 NdisWan - ok
12:20:22.0312 1448 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:20:22.0313 1448 NDProxy - ok
12:20:22.0370 1448 Net Driver HPZ12 (d4f51e88c71bf8f06ea1be320b0bb75b) C:\Windows\system32\HPZinw12.dll
12:20:22.0371 1448 Net Driver HPZ12 - ok
12:20:22.0378 1448 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:20:22.0378 1448 NetBIOS - ok
12:20:22.0392 1448 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:20:22.0394 1448 NetBT - ok
12:20:22.0411 1448 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
12:20:22.0412 1448 Netlogon - ok
12:20:22.0445 1448 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:20:22.0449 1448 Netman - ok
12:20:22.0527 1448 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:20:22.0528 1448 NetMsmqActivator - ok
12:20:22.0541 1448 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:20:22.0541 1448 NetPipeActivator - ok
12:20:22.0557 1448 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:20:22.0562 1448 netprofm - ok
12:20:22.0566 1448 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:20:22.0567 1448 NetTcpActivator - ok
12:20:22.0569 1448 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:20:22.0570 1448 NetTcpPortSharing - ok
12:20:22.0583 1448 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:20:22.0584 1448 nfrd960 - ok
12:20:22.0620 1448 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:20:22.0623 1448 NlaSvc - ok
12:20:22.0630 1448 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:20:22.0631 1448 Npfs - ok
12:20:22.0653 1448 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:20:22.0654 1448 nsi - ok
12:20:22.0663 1448 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:20:22.0663 1448 nsiproxy - ok
12:20:22.0710 1448 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:20:22.0724 1448 Ntfs - ok
12:20:22.0737 1448 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:20:22.0737 1448 Null - ok
12:20:22.0770 1448 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
12:20:22.0771 1448 NVHDA - ok
12:20:22.0975 1448 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:20:23.0030 1448 nvlddmkm - ok
12:20:23.0108 1448 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:20:23.0110 1448 nvraid - ok
12:20:23.0137 1448 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:20:23.0139 1448 nvstor - ok
12:20:23.0186 1448 NVSvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
12:20:23.0194 1448 NVSvc - ok
12:20:23.0279 1448 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:20:23.0298 1448 nvUpdatusService - ok
12:20:23.0328 1448 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:20:23.0329 1448 nv_agp - ok
12:20:23.0395 1448 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:20:23.0400 1448 odserv - ok
12:20:23.0429 1448 OEM03Vfx (766f689564bc30e5a91f8621ce65ad68) C:\Windows\system32\DRIVERS\OEM03Vfx.sys
12:20:23.0430 1448 OEM03Vfx - ok
12:20:23.0441 1448 OEM03Vid (629e3b4efee35fcce8c6b78dd3fb9044) C:\Windows\system32\DRIVERS\OEM03Vid.sys
12:20:23.0444 1448 OEM03Vid - ok
12:20:23.0473 1448 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:20:23.0474 1448 ohci1394 - ok
12:20:23.0508 1448 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:20:23.0509 1448 ose - ok
12:20:23.0539 1448 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:20:23.0542 1448 p2pimsvc - ok
12:20:23.0561 1448 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:20:23.0566 1448 p2psvc - ok
12:20:23.0587 1448 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:20:23.0588 1448 Parport - ok
12:20:23.0615 1448 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:20:23.0616 1448 partmgr - ok
12:20:23.0626 1448 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:20:23.0628 1448 PcaSvc - ok
12:20:23.0658 1448 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:20:23.0660 1448 pci - ok
12:20:23.0695 1448 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:20:23.0695 1448 pciide - ok
12:20:23.0711 1448 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:20:23.0714 1448 pcmcia - ok
12:20:23.0731 1448 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:20:23.0731 1448 pcw - ok
12:20:23.0750 1448 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:20:23.0756 1448 PEAUTH - ok
12:20:23.0795 1448 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:20:23.0807 1448 PeerDistSvc - ok
12:20:23.0850 1448 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:20:23.0851 1448 PerfHost - ok
12:20:23.0897 1448 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:20:23.0909 1448 pla - ok
12:20:23.0944 1448 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
12:20:23.0949 1448 PlugPlay - ok
12:20:24.0014 1448 Pml Driver HPZ12 (9a80707d8b6c1806531bfd7399b3cc76) C:\Windows\system32\HPZipm12.dll
12:20:24.0015 1448 Pml Driver HPZ12 - ok
12:20:24.0037 1448 PnkBstrA - ok
12:20:24.0057 1448 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:20:24.0058 1448 PNRPAutoReg - ok
12:20:24.0077 1448 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:20:24.0079 1448 PNRPsvc - ok
12:20:24.0094 1448 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:20:24.0099 1448 PolicyAgent - ok
12:20:24.0138 1448 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:20:24.0140 1448 Power - ok
12:20:24.0193 1448 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:20:24.0194 1448 PptpMiniport - ok
12:20:24.0211 1448 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:20:24.0212 1448 Processor - ok
12:20:24.0249 1448 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:20:24.0251 1448 ProfSvc - ok
12:20:24.0274 1448 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
12:20:24.0274 1448 ProtectedStorage - ok
12:20:24.0298 1448 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:20:24.0300 1448 Psched - ok
12:20:24.0327 1448 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:20:24.0339 1448 ql2300 - ok
12:20:24.0354 1448 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:20:24.0356 1448 ql40xx - ok
12:20:24.0376 1448 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:20:24.0379 1448 QWAVE - ok
12:20:24.0393 1448 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:20:24.0394 1448 QWAVEdrv - ok
12:20:24.0406 1448 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:20:24.0407 1448 RasAcd - ok
12:20:24.0433 1448 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:20:24.0434 1448 RasAgileVpn - ok
12:20:24.0452 1448 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:20:24.0454 1448 RasAuto - ok
12:20:24.0466 1448 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:20:24.0467 1448 Rasl2tp - ok
12:20:24.0497 1448 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:20:24.0500 1448 RasMan - ok
12:20:24.0523 1448 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:20:24.0526 1448 RasPppoe - ok
12:20:24.0541 1448 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:20:24.0541 1448 RasSstp - ok
12:20:24.0566 1448 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:20:24.0568 1448 rdbss - ok
12:20:24.0582 1448 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:20:24.0582 1448 rdpbus - ok
12:20:24.0592 1448 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:20:24.0592 1448 RDPCDD - ok
12:20:24.0626 1448 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:20:24.0628 1448 RDPDR - ok
12:20:24.0651 1448 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:20:24.0651 1448 RDPENCDD - ok
12:20:24.0660 1448 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:20:24.0661 1448 RDPREFMP - ok
12:20:24.0707 1448 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
12:20:24.0708 1448 RdpVideoMiniport - ok
12:20:24.0739 1448 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:20:24.0741 1448 RDPWD - ok
12:20:24.0767 1448 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:20:24.0769 1448 rdyboost - ok
12:20:24.0791 1448 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:20:24.0792 1448 RemoteAccess - ok
12:20:24.0818 1448 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:20:24.0821 1448 RemoteRegistry - ok
12:20:24.0836 1448 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:20:24.0837 1448 RpcEptMapper - ok
12:20:24.0852 1448 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:20:24.0852 1448 RpcLocator - ok
12:20:24.0885 1448 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
12:20:24.0888 1448 RpcSs - ok
12:20:24.0912 1448 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:20:24.0913 1448 rspndr - ok
12:20:24.0936 1448 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:20:24.0937 1448 s3cap - ok
12:20:24.0960 1448 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
12:20:24.0961 1448 SamSs - ok
12:20:25.0037 1448 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:20:25.0037 1448 SASDIFSV - ok
12:20:25.0059 1448 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:20:25.0060 1448 SASKUTIL - ok
12:20:25.0092 1448 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:20:25.0093 1448 sbp2port - ok
12:20:25.0111 1448 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:20:25.0114 1448 SCardSvr - ok
12:20:25.0142 1448 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:20:25.0142 1448 scfilter - ok
12:20:25.0179 1448 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:20:25.0189 1448 Schedule - ok
12:20:25.0220 1448 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:20:25.0221 1448 SCPolicySvc - ok
12:20:25.0256 1448 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:20:25.0259 1448 SDRSVC - ok
12:20:25.0279 1448 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:20:25.0280 1448 secdrv - ok
12:20:25.0308 1448 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:20:25.0309 1448 seclogon - ok
12:20:25.0333 1448 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:20:25.0334 1448 SENS - ok
12:20:25.0344 1448 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:20:25.0345 1448 SensrSvc - ok
12:20:25.0366 1448 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:20:25.0367 1448 Serenum - ok
12:20:25.0376 1448 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:20:25.0377 1448 Serial - ok
12:20:25.0408 1448 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:20:25.0409 1448 sermouse - ok
12:20:25.0449 1448 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:20:25.0451 1448 SessionEnv - ok
12:20:25.0474 1448 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:20:25.0475 1448 sffdisk - ok
12:20:25.0487 1448 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:20:25.0487 1448 sffp_mmc - ok
12:20:25.0499 1448 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:20:25.0500 1448 sffp_sd - ok
12:20:25.0510 1448 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:20:25.0511 1448 sfloppy - ok
12:20:25.0549 1448 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:20:25.0553 1448 SharedAccess - ok
12:20:25.0576 1448 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:20:25.0580 1448 ShellHWDetection - ok
12:20:25.0597 1448 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:20:25.0598 1448 SiSRaid2 - ok
12:20:25.0608 1448 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:20:25.0609 1448 SiSRaid4 - ok
12:20:25.0623 1448 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:20:25.0625 1448 Smb - ok
12:20:25.0642 1448 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:20:25.0643 1448 SNMPTRAP - ok
12:20:25.0689 1448 speedfan (7455ed832a33fef453407f5411c3342d) C:\Windows\syswow64\speedfan.sys
12:20:25.0690 1448 speedfan - ok
12:20:25.0698 1448 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:20:25.0698 1448 spldr - ok
12:20:25.0712 1448 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:20:25.0718 1448 Spooler - ok
12:20:25.0783 1448 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:20:25.0812 1448 sppsvc - ok
12:20:25.0835 1448 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:20:25.0837 1448 sppuinotify - ok
12:20:25.0867 1448 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
12:20:25.0871 1448 srv - ok
12:20:25.0909 1448 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
12:20:25.0913 1448 srv2 - ok
12:20:25.0926 1448 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
12:20:25.0928 1448 srvnet - ok
12:20:25.0959 1448 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:20:25.0962 1448 SSDPSRV - ok
12:20:25.0978 1448 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:20:25.0979 1448 SstpSvc - ok
12:20:26.0021 1448 Steam Client Service - ok
12:20:26.0090 1448 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:20:26.0092 1448 Stereo Service - ok
12:20:26.0119 1448 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:20:26.0120 1448 stexstor - ok
12:20:26.0146 1448 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
12:20:26.0146 1448 StillCam - ok
12:20:26.0183 1448 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:20:26.0189 1448 stisvc - ok
12:20:26.0237 1448 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:20:26.0238 1448 storflt - ok
12:20:26.0249 1448 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:20:26.0250 1448 storvsc - ok
12:20:26.0270 1448 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:20:26.0270 1448 swenum - ok
12:20:26.0297 1448 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:20:26.0303 1448 swprv - ok
12:20:26.0317 1448 Synth3dVsc - ok
12:20:26.0365 1448 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:20:26.0379 1448 SysMain - ok
12:20:26.0409 1448 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:20:26.0411 1448 TabletInputService - ok
12:20:26.0428 1448 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:20:26.0432 1448 TapiSrv - ok
12:20:26.0453 1448 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:20:26.0455 1448 TBS - ok
12:20:26.0488 1448 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
12:20:26.0503 1448 Tcpip - ok
12:20:26.0532 1448 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
12:20:26.0540 1448 TCPIP6 - ok
12:20:26.0571 1448 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:20:26.0571 1448 tcpipreg - ok
12:20:26.0594 1448 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:20:26.0594 1448 TDPIPE - ok
12:20:26.0607 1448 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:20:26.0608 1448 TDTCP - ok
12:20:26.0635 1448 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:20:26.0636 1448 tdx - ok
12:20:26.0665 1448 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:20:26.0665 1448 TermDD - ok
12:20:26.0692 1448 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:20:26.0698 1448 TermService - ok
12:20:26.0713 1448 Themes (9201be2bab8a9ff8e20d8439ae3bb04d) C:\Windows\system32\themeservice.dll
12:20:26.0714 1448 Themes - ok
12:20:26.0735 1448 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:20:26.0736 1448 THREADORDER - ok
12:20:26.0748 1448 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:20:26.0750 1448 TrkWks - ok
12:20:26.0788 1448 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:20:26.0789 1448 TrustedInstaller - ok
12:20:26.0815 1448 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:20:26.0816 1448 tssecsrv - ok
12:20:26.0839 1448 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:20:26.0840 1448 TsUsbFlt - ok
12:20:26.0845 1448 tsusbhub - ok
12:20:26.0892 1448 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:20:26.0893 1448 tunnel - ok
12:20:26.0905 1448 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:20:26.0907 1448 uagp35 - ok
12:20:26.0937 1448 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:20:26.0940 1448 udfs - ok
12:20:26.0954 1448 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:20:26.0955 1448 UI0Detect - ok
12:20:26.0971 1448 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:20:26.0972 1448 uliagpkx - ok
12:20:27.0007 1448 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:20:27.0007 1448 umbus - ok
12:20:27.0023 1448 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:20:27.0024 1448 UmPass - ok
12:20:27.0055 1448 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:20:27.0058 1448 UmRdpService - ok
12:20:27.0088 1448 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:20:27.0092 1448 upnphost - ok
12:20:27.0125 1448 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:20:27.0125 1448 USBAAPL64 - ok
12:20:27.0148 1448 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:20:27.0150 1448 usbaudio - ok
12:20:27.0165 1448 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
12:20:27.0166 1448 usbccgp - ok
12:20:27.0198 1448 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:20:27.0199 1448 usbcir - ok
12:20:27.0222 1448 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
12:20:27.0223 1448 usbehci - ok
12:20:27.0246 1448 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
12:20:27.0250 1448 usbhub - ok
12:20:27.0269 1448 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
12:20:27.0269 1448 usbohci - ok
12:20:27.0296 1448 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:20:27.0296 1448 usbprint - ok
12:20:27.0323 1448 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:20:27.0324 1448 usbscan - ok
12:20:27.0335 1448 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:20:27.0336 1448 USBSTOR - ok
12:20:27.0351 1448 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
12:20:27.0351 1448 usbuhci - ok
12:20:27.0401 1448 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:20:27.0403 1448 usbvideo - ok
12:20:27.0496 1448 uvnc_service (e7474dca1148597d841e8599d4ac4859) G:\Program Files\UltraVNC\WinVNC.exe
12:20:27.0504 1448 uvnc_service - ok
12:20:27.0542 1448 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:20:27.0543 1448 UxSms - ok
12:20:27.0560 1448 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
12:20:27.0561 1448 VaultSvc - ok
12:20:27.0582 1448 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
12:20:27.0583 1448 VClone - ok
12:20:27.0607 1448 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:20:27.0607 1448 vdrvroot - ok
12:20:27.0642 1448 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:20:27.0648 1448 vds - ok
12:20:27.0665 1448 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:20:27.0666 1448 vga - ok
12:20:27.0670 1448 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:20:27.0671 1448 VgaSave - ok
12:20:27.0676 1448 VGPU - ok
12:20:27.0692 1448 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:20:27.0695 1448 vhdmp - ok
12:20:27.0725 1448 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:20:27.0725 1448 viaide - ok
12:20:27.0761 1448 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:20:27.0763 1448 vmbus - ok
12:20:27.0780 1448 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:20:27.0780 1448 VMBusHID - ok
12:20:27.0794 1448 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:20:27.0795 1448 volmgr - ok
12:20:27.0822 1448 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:20:27.0825 1448 volmgrx - ok
12:20:27.0844 1448 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:20:27.0846 1448 volsnap - ok
12:20:27.0861 1448 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:20:27.0862 1448 vsmraid - ok
12:20:27.0910 1448 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:20:27.0924 1448 VSS - ok
12:20:27.0938 1448 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:20:27.0939 1448 vwifibus - ok
12:20:27.0964 1448 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:20:27.0965 1448 vwififlt - ok
12:20:27.0985 1448 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:20:27.0990 1448 W32Time - ok
12:20:28.0006 1448 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:20:28.0007 1448 WacomPen - ok
12:20:28.0036 1448 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:20:28.0037 1448 WANARP - ok
12:20:28.0039 1448 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:20:28.0040 1448 Wanarpv6 - ok
12:20:28.0077 1448 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:20:28.0090 1448 wbengine - ok
12:20:28.0112 1448 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:20:28.0115 1448 WbioSrvc - ok
12:20:28.0144 1448 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:20:28.0149 1448 wcncsvc - ok
12:20:28.0160 1448 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:20:28.0161 1448 WcsPlugInService - ok
12:20:28.0173 1448 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:20:28.0173 1448 Wd - ok
12:20:28.0195 1448 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:20:28.0201 1448 Wdf01000 - ok
12:20:28.0216 1448 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:20:28.0217 1448 WdiServiceHost - ok
12:20:28.0220 1448 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:20:28.0221 1448 WdiSystemHost - ok
12:20:28.0253 1448 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:20:28.0257 1448 WebClient - ok
12:20:28.0271 1448 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:20:28.0274 1448 Wecsvc - ok
12:20:28.0284 1448 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:20:28.0286 1448 wercplsupport - ok
12:20:28.0314 1448 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:20:28.0316 1448 WerSvc - ok
12:20:28.0338 1448 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:20:28.0338 1448 WfpLwf - ok
12:20:28.0351 1448 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:20:28.0352 1448 WIMMount - ok
12:20:28.0382 1448 WinDefend - ok
12:20:28.0386 1448 WinHttpAutoProxySvc - ok
12:20:28.0508 1448 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:20:28.0551 1448 Winmgmt - ok
12:20:28.0637 1448 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:20:28.0654 1448 WinRM - ok
12:20:28.0699 1448 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:20:28.0700 1448 WinUsb - ok
12:20:28.0736 1448 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:20:28.0744 1448 Wlansvc - ok
12:20:28.0849 1448 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:20:28.0868 1448 wlidsvc - ok
12:20:28.0896 1448 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:20:28.0897 1448 WmiAcpi - ok
12:20:28.0942 1448 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:20:28.0944 1448 wmiApSrv - ok
12:20:28.0987 1448 WMPNetworkSvc - ok
12:20:29.0016 1448 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:20:29.0017 1448 WPCSvc - ok
12:20:29.0042 1448 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:20:29.0044 1448 WPDBusEnum - ok
12:20:29.0073 1448 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:20:29.0073 1448 ws2ifsl - ok
12:20:29.0082 1448 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:20:29.0083 1448 wscsvc - ok
12:20:29.0088 1448 WSearch - ok
12:20:29.0142 1448 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:20:29.0163 1448 wuauserv - ok
12:20:29.0187 1448 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:20:29.0189 1448 WudfPf - ok
12:20:29.0202 1448 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:20:29.0204 1448 WUDFRd - ok
12:20:29.0234 1448 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:20:29.0236 1448 wudfsvc - ok
12:20:29.0263 1448 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:20:29.0266 1448 WwanSvc - ok
12:20:29.0314 1448 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
12:20:29.0320 1448 xnacc - ok
12:20:29.0361 1448 yukonw7 (6affd75c6807b3dd3ab018e27b88ef95) C:\Windows\system32\DRIVERS\yk62x64.sys
12:20:29.0364 1448 yukonw7 - ok
12:20:29.0386 1448 MBR (0x1B8) (8e734bd7aa1d4f7e9af58df495f6cf9e) \Device\Harddisk1\DR1
12:20:29.0413 1448 \Device\Harddisk1\DR1 - ok
12:20:29.0415 1448 MBR (0x1B8) (0792f22bcc85cfd3b28324561fffcabb) \Device\Harddisk2\DR2
12:20:31.0406 1448 \Device\Harddisk2\DR2 - ok
12:20:31.0408 1448 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:20:31.0410 1448 \Device\Harddisk0\DR0 - ok
12:20:31.0420 1448 Boot (0x1200) (ea461d864a23c2552acaffb715c05efa) \Device\Harddisk1\DR1\Partition0
12:20:31.0420 1448 \Device\Harddisk1\DR1\Partition0 - ok
12:20:31.0429 1448 Boot (0x1200) (c2d80d27340b4541f3a0f166b854dfb2) \Device\Harddisk1\DR1\Partition1
12:20:31.0430 1448 \Device\Harddisk1\DR1\Partition1 - ok
12:20:31.0442 1448 Boot (0x1200) (1e821f5cf77cb6db75a6e4b5c143f1d7) \Device\Harddisk1\DR1\Partition2
12:20:31.0442 1448 \Device\Harddisk1\DR1\Partition2 - ok
12:20:31.0444 1448 Boot (0x1200) (21080217f561daebf15f043d72159280) \Device\Harddisk2\DR2\Partition0
12:20:31.0446 1448 \Device\Harddisk2\DR2\Partition0 - ok
12:20:31.0447 1448 Boot (0x1200) (a1a4c9032328af624be9cbaa5c3d5729) \Device\Harddisk2\DR2\Partition1
12:20:31.0448 1448 \Device\Harddisk2\DR2\Partition1 - ok
12:20:31.0450 1448 Boot (0x1200) (2d52d06f2ca780b7751f2b563936fa0b) \Device\Harddisk0\DR0\Partition0
12:20:31.0451 1448 \Device\Harddisk0\DR0\Partition0 - ok
12:20:31.0451 1448 ============================================================
12:20:31.0451 1448 Scan finished
12:20:31.0451 1448 ============================================================
12:20:31.0457 5080 Detected object count: 0
12:20:31.0457 5080 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-02 12:27:32
-----------------------------
12:27:32.842 OS Version: Windows x64 6.1.7601 Service Pack 1
12:27:32.842 Number of processors: 4 586 0x1E05
12:27:32.842 ComputerName: JUSTIN-RIG UserName: Justin
12:27:33.042 Initialze error C000010E - driver not loaded
12:27:35.953 AVAST engine defs: 12040200
12:27:42.293 Service scanning
12:27:56.742 Modules scanning
12:27:56.744 Disk 0 trace - called modules:
12:27:56.746
12:27:56.914 AVAST engine scan C:\Windows
12:27:58.395 AVAST engine scan C:\Windows\system32
12:29:38.798 AVAST engine scan C:\Windows\system32\drivers
12:29:46.391 AVAST engine scan C:\Users\Justin
12:36:35.423 AVAST engine scan C:\ProgramData
12:37:00.595 Scan finished successfully
12:38:49.059 The log file has been saved successfully to "C:\Users\Justin\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 PM

Posted 02 April 2012 - 12:45 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jflann

jflann
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 02 April 2012 - 01:04 PM

Here we go, Gringo:

Everything seems to be running smoothly.

ComboFix 12-04-01.03 - Justin 04/02/2012 12:49:21.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4087.2433 [GMT -5:00]
Running from: c:\users\Justin\Desktop\ComboFix.exe
Command switches used :: c:\users\Justin\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 17:53 . 2012-04-02 17:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-02 17:53 . 2012-04-02 17:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 23:09 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21D5409F-15B1-4A0F-8D42-865196861F34}\mpengine.dll
2012-03-31 19:37 . 2012-03-31 19:37 -------- d-----w- c:\users\UpdatusUser
2012-03-31 19:36 . 2012-02-29 20:59 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-03-31 19:26 . 2012-03-31 19:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-31 19:25 . 2012-03-31 19:25 -------- d-----w- c:\program files (x86)\Java
2012-03-23 04:00 . 2012-03-23 04:00 -------- d-----w- c:\users\Justin\AppData\Local\{B29403FB-749C-11E1-826D-B8AC6F996F26}
2012-03-23 04:00 . 2012-03-23 04:00 -------- d-----w- c:\users\Justin\AppData\Local\{B293D16F-749C-11E1-826D-B8AC6F996F26}
2012-03-20 23:55 . 2012-03-20 23:55 -------- d-----w- c:\users\Justin\jagexcache
2012-03-19 21:54 . 2012-03-19 21:54 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 21:54 . 2012-03-19 21:54 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 19:25 . 2010-07-28 02:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-01 00:02 . 2012-01-08 18:54 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2012-01-08 18:54 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2012-01-08 18:54 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2011-04-27 00:00 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2011-04-27 00:00 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-29 21:00 . 2011-04-08 04:19 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2011-04-08 04:19 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2011-04-08 04:19 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2011-04-08 04:19 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2011-04-08 04:19 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 18:26 . 2012-02-29 18:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-23 14:18 . 2010-07-26 21:42 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-08 19:47 . 2010-07-27 06:42 281880 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-01-08 19:47 . 2010-07-27 06:37 281880 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-01-08 19:47 . 2010-07-27 06:37 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-01-08 18:26 . 2010-07-27 06:37 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_16.43.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-04-02 16:54 32318 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-26 16:12 . 2012-04-02 16:54 18084 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3545803500-693349282-3362692087-1000_UserData.bin
- 2009-07-14 05:30 . 2012-03-31 19:37 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-04-02 16:49 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2010-08-20 18:03 . 2012-04-02 16:51 3576 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-04-02 16:42 . 2012-04-02 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-02 17:54 . 2012-04-02 17:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-02 16:42 . 2012-04-02 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-02 17:54 . 2012-04-02 17:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-02 03:19 655438 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-02 16:56 655438 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-02 03:19 118564 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-02 16:56 118564 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2012-04-02 16:49 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-03-31 19:37 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-03-31 19:37 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-04-02 16:49 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-04-02 16:25 488804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-02 17:53 488804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-07-26 22:57 . 2012-04-02 17:53 48802331 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3545803500-693349282-3362692087-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"Steam"="g:\program files (x86)\Steam\steam.exe" [2011-10-13 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="g:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"OEM03Mon.exe"="c:\windows\OEM03Mon.exe" [2007-05-19 36864]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="g:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launchy.lnk - g:\program files (x86)\Launchy\Launchy.exe [2010-7-30 380928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 136176]
R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\DRIVERS\OEM03Vfx.sys [x]
R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\DRIVERS\OEM03Vid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 uvnc_service;uvnc_service;g:\program files\UltraVNC\WinVNC.exe [2011-05-19 2169592]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 15:34]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 15:34]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545803500-693349282-3362692087-1000Core.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-31 18:31]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545803500-693349282-3362692087-1000UA.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-31 18:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = Google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{960D916B-11D2-4374-9E56-EC116E640D3E}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{D765C584-FEFC-4815-BA38-B1A78D7FFF4C}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\tldufigl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3545803500-693349282-3362692087-1000\Software\SecuROM\License information*]
"datasecu"=hex:d1,39,dd,61,88,c5,4b,a5,2a,6c,19,e8,fc,97,2a,3d,8c,d6,ee,c1,49,
15,e5,6e,54,a0,4d,95,ab,d8,25,3f,c9,12,7b,95,5e,cf,af,25,39,9d,0d,5e,76,a5,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-04-02 12:59:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 17:59
ComboFix2.txt 2012-04-02 16:49
.
Pre-Run: 6,301,908,992 bytes free
Post-Run: 6,361,513,984 bytes free
.
- - End Of File - - 5E8262FE28709B34634D90B0FC86E580

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 PM

Posted 02 April 2012 - 01:08 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jflann

jflann
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 02 April 2012 - 01:11 PM

Greetings,

Here's that report:

Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Age of Empires III: Complete Collection
Apple Application Support
Apple Software Update
Battlefield 2: Deluxe Edition
Battlefield 3™
Battlefield: Bad Company 2
Battlelog Web Plugins
BSC Cleanitol TM
Company of Heroes
Counter-Strike: Source
Coupon Printer for Windows
Day of Defeat: Source
DC++
Deluge 1.3.1
DH Driver Cleaner Professional Edition
Diablo II
El-Rail Facelift Mod 1.0
Empire: Total War
ESN Sonar
Exact Audio Copy 1.0beta1
ffdshow [rev 1723] [2007-12-24]
FLAC 1.2.1b (remove only)
foobar2000 v1.1.6
Foxit Reader
FoxyTunes for Firefox
G-Force
Garry's Mod
Google Chrome
Google Earth
Google Update Helper
Grand Theft Auto IV
GTK2-Runtime
HandBrake 0.9.5
HijackThis 2.0.2
Hitman Blood Money
ImgBurn
Java Auto Updater
Java™ 6 Update 31
Just Cause 2
Killing Floor
Launchy 2.5
Left 4 Dead 2
LiveUpdate 3.3 (Symantec Corporation)
Mafia
Mafia II
Malwarebytes' Anti-Malware
ManyCam 2.5.48 (remove only)
marvell 61xx
Marvell Miniport Driver
Medieval CUE Splitter
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MilkDrop for Winamp 2x (remove only)
Mozilla Firefox 11.0 (x86 en-US)
Mozilla Thunderbird 11.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Network Addon Mod Version 29
NoiseCradle
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OnLive
OpenTTD 1.0.5
Origin
PDF Settings
Portal
Project64 1.6
PS_AIO_06_C4700_SW_Min
PS_AIO_07_D110_SW_Min
PunkBuster Services
RealHighway Mod Version 4.1.0
Realtek High Definition Audio Driver
RuneScape Launcher 1.2
SC4Mapper
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sid Meier's Civilization IV
Sid Meier's Civilization IV: Warlords
SimCity 4 Rush Hour
Skype™ 4.2
SpeedFan (remove only)
SpywareBlaster 4.3
Steam
Team Fortress 2
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 World Adventures
Toolbox
Trine
Unigine Heaven DX11 Benchmark 2.5 version 2.5
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
VirtualCloneDrive
VLC media player 1.0.5
Winamp
Winamp Detector Plug-in
Worms2
Wurm Online 2.7.4-2655
ZENcast Organizer

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 PM

Posted 02 April 2012 - 01:13 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jflann

jflann
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 02 April 2012 - 01:41 PM

Hey,

I've removed uTorrent with Revo. I ran CCleaner.

Here is the malwarebytes log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.02.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Justin :: JUSTIN-RIG [administrator]

4/2/2012 1:30:07 PM
mbam-log-2012-04-02 (13-30-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236723
Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=8050&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Users\Justin\AppData\Roaming\Strong Malware Defender (Rogue.StrongMalwareDefender) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Justin\AppData\Roaming\Strong Malware Defender\cookies.sqlite (Rogue.StrongMalwareDefender) -> Quarantined and deleted successfully.
C:\Users\Justin\AppData\Roaming\Strong Malware Defender\Instructions.ini (Rogue.StrongMalwareDefender) -> Quarantined and deleted successfully.

(end)


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:40:23 PM, on 4/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
G:\Program Files (x86)\Launchy\Launchy.exe
G:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\OEM03Mon.exe
G:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "G:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Steam] "G:\Program Files (x86)\Steam\steam.exe" -silent
O4 - Global Startup: Launchy.lnk = G:\Program Files (x86)\Launchy\Launchy.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{960D916B-11D2-4374-9E56-EC116E640D3E}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{D765C584-FEFC-4815-BA38-B1A78D7FFF4C}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: uvnc_service - UltraVNC - G:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8742 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 PM

Posted 02 April 2012 - 02:02 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
      O4 - HKCU\..\Run: [Steam] "G:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - Global Startup: Launchy.lnk = G:\Program Files (x86)\Launchy\Launchy.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jflann

jflann
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 02 April 2012 - 04:59 PM

Oh no! It's back! My searches are being redirected again :(


Here we go:

C:\MGtools\Process.exe Win32/PrcView application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\cgxvqksq[1].htm Win32/Adware.Lifze application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\bsvqbwql[1].htm a variant of Win32/Kryptik.FRZ trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\cgxvqksq[1].htm Win32/Adware.Lifze application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\bsvqbwql[1].htm a variant of Win32/Kryptik.FRZ trojan
N:\Important Files and Backups\Desktop\img\d2install.iso NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan
N:\Important Files and Backups\Desktop\img\d2install2.iso NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan
N:\Important Files and Backups\Desktop\img\d2play.iso NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan

Edited by jflann, 02 April 2012 - 05:51 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 PM

Posted 02 April 2012 - 05:59 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\MGtools\Process.exe"
    rd /s /q "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\"
    rd /s /q "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 PM

Posted 05 April 2012 - 01:05 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users