Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conduit Searchbar


  • This topic is locked This topic is locked
26 replies to this topic

#1 SeanOC

SeanOC

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 02 April 2012 - 06:12 AM

Hi,

I have managed to become browser hijacked by this searchbar, which has slowed the computer considerably.


.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Sean at 22:52:10 on 2012-04-02
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.2975.1398 [GMT 12:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
G:\Windows\system32\wininit.exe
G:\Windows\system32\lsm.exe
G:\Windows\system32\svchost.exe -k DcomLaunch
G:\Windows\system32\svchost.exe -k RPCSS
G:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
G:\Windows\system32\svchost.exe -k NetworkService
G:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
G:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
G:\Windows\system32\svchost.exe -k netsvcs
G:\Windows\system32\svchost.exe -k LocalService
G:\Windows\System32\spoolsv.exe
G:\Program Files\Avira\AntiVir Desktop\sched.exe
G:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
G:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
G:\Program Files\Avira\AntiVir Desktop\avguard.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Avira\AntiVir Desktop\avshadow.exe
G:\Windows\system32\conhost.exe
G:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
G:\Windows\system32\svchost.exe -k imgsvc
G:\Windows\system32\Dwm.exe
G:\Windows\system32\taskhost.exe
G:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
G:\Windows\Explorer.EXE
G:\Program Files\Avira\AntiVir Desktop\avgnt.exe
G:\Program Files\COMODO\COMODO Internet Security\cfp.exe
G:\Windows\System32\hkcmd.exe
G:\Windows\System32\igfxpers.exe
G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
G:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
C:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Windows Live\Messenger\msnmsgr.exe
G:\Windows\system32\WUDFHost.exe
G:\Windows\System32\StikyNot.exe
G:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
G:\Program Files\Skype\Phone\Skype.exe
G:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
G:\Windows\system32\SearchIndexer.exe
G:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
G:\Program Files\Windows Media Player\wmpnetwk.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
G:\Windows\system32\conhost.exe
G:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
G:\Windows\system32\conhost.exe
G:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
G:\Windows\system32\conhost.exe
G:\Windows\System32\svchost.exe -k secsvcs
G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
G:\Windows\system32\svchost.exe -k SDRSVC
G:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Windows\system32\wuauclt.exe
G:\Windows\system32\taskeng.exe
G:\Windows\system32\WUDFHost.exe
G:\Windows\system32\taskeng.exe
G:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe
G:\Program Files\Google\Update\GoogleUpdate.exe
G:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
G:\Windows\system32\conhost.exe
G:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Windows\system32\vssvc.exe
G:\Windows\System32\svchost.exe -k swprv
G:\Windows\system32\rundll32.exe
G:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Windows\system32\conhost.exe
G:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - g:\program files\nch_en\prxtbNCH_.dll
mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - g:\program files\nch_en\prxtbNCH_.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - g:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - g:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - g:\program files\nch_en\prxtbNCH_.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - g:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - g:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - g:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - g:\program files\java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - g:\program files\kikin\ie_kikin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - g:\program files\google\chrome frame\application\18.0.1025.142\npchrome_frame.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - g:\program files\yontoo\YontooIEClient.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - g:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - g:\program files\nch_en\prxtbNCH_.dll
uRun: [msnmsgr] "g:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "g:\users\sean\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] g:\windows\system32\StikyNot.exe
uRun: [iCloudServices] g:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [Skype] "g:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [avgnt] "g:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "g:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [HotKeysCmds] g:\windows\system32\hkcmd.exe
mRun: [Persistence] g:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "g:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SmartSoft PDF Printer Agent] "g:\program files\smart pdf creator pro\SmartSoft PDF Printer Agent.exe"
mRun: [APSDaemon] "g:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - g:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - g:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - g:\program files\pokerstars\PokerStarsUpdate.exe
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - g:\program files\kikin\ie_kikin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - g:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - g:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{1A45AAA2-5DC4-4ED0-938B-EF375253646D} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{B73F15F2-1508-47DC-A003-3F3AC2E3AA42} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{B73F15F2-1508-47DC-A003-3F3AC2E3AA42}\1476E656376716E64656B6C657E646562747 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B73F15F2-1508-47DC-A003-3F3AC2E3AA42}\34053535 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{B73F15F2-1508-47DC-A003-3F3AC2E3AA42}\3586F62756C4962627162796563775966496 : DhcpNameServer = 202.126.207.10 202.126.207.193
TCP: Interfaces\{B73F15F2-1508-47DC-A003-3F3AC2E3AA42}\36166656E65647 : DhcpNameServer = 202.126.206.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - g:\program files\google\chrome frame\application\18.0.1025.142\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - g:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - g:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - g:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: g:\windows\system32\guard32.dll g:\windows\system32\guard32.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - g:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - g:\users\sean\appdata\roaming\mozilla\firefox\profiles\kb5pfudh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=109217&babsrc=HP_ss&mntrId=e6bfdeee00000000000000242b8a93f7
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109217&babsrc=adbartrp&mntrId=e6bfdeee00000000000000242b8a93f7&q=
FF - plugin: c:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: g:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: g:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: g:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: g:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: g:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: g:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: g:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: g:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: g:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: g:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: g:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: g:\users\sean\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: g:\users\sean\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: g:\windows\microsoft.net\framework\v4.0.20506\wpf\NPWPF.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 70f00ddd-87a2-4566-953f-664ac07b7417
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,PageRageTeases,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
FF - user.js: extensions.BabylonToolbar_i.id - e6bfdeee00000000000000242b8a93f7
FF - user.js: extensions.BabylonToolbar_i.hardId - e6bfdeee00000000000000242b8a93f7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:37:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;g:\windows\system32\drivers\cmdGuard.sys [2010-3-23 488208]
R1 cmdHlp;COMODO Internet Security Helper Driver;g:\windows\system32\drivers\cmdhlp.sys [2010-3-3 39640]
R1 vwififlt;Virtual WiFi Filter Driver;g:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;g:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;g:\program files\avira\antivir desktop\sched.exe [2010-3-26 136360]
R2 AntiVirService;Avira AntiVir Guard;g:\program files\avira\antivir desktop\avguard.exe [2010-3-26 269480]
R2 avgntflt;avgntflt;g:\windows\system32\drivers\avgntflt.sys [2010-3-26 66616]
R3 RTL8167;Realtek 8167 NT Driver;g:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
R3 SrvHsfHDA;SrvHsfHDA;g:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;g:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;g:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S2 gupdate;Google Update Service (gupdate);g:\program files\google\update\GoogleUpdate.exe [2011-3-18 136176]
S2 SkypeUpdate;Skype Updater;g:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;g:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;g:\windows\microsoft.net\framework\v4.0.20506\mscorsvw.exe [2009-5-6 104272]
S3 epmntdrv;epmntdrv;g:\windows\system32\epmntdrv.sys [2010-5-23 14216]
S3 EuGdiDrv;EuGdiDrv;g:\windows\system32\EuGdiDrv.sys [2010-5-23 8456]
S3 gupdatem;Google Update Service (gupdatem);g:\program files\google\update\GoogleUpdate.exe [2011-3-18 136176]
S3 SwitchBoard;Adobe SwitchBoard;g:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;g:\windows\system32\wat\WatAdminSvc.exe [2010-4-13 1343400]
S3 WPFFontCache_v0400;WPFFontCache_v0400;g:\windows\microsoft.net\framework\v4.0.30128\wpf\wpffontcache_v0400.exe --> g:\windows\microsoft.net\framework\v4.0.30128\wpf\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2012-04-01 10:15:32 -------- d-----w- g:\programdata\DAEMON Tools Lite
2012-03-31 13:33:44 -------- d-----w- g:\users\sean\appdata\local\Conduit
2012-03-31 13:33:43 -------- d-----w- g:\program files\NCH_EN
2012-03-30 08:10:24 6582328 ----a-w- g:\programdata\microsoft\windows defender\definition updates\{fca27ab2-e3c3-4661-8de8-695ebb9dd9a2}\mpengine.dll
2012-03-26 07:49:22 -------- d-----w- g:\program files\mp3DirectCut
2012-03-26 07:39:53 -------- d-----w- g:\program files\NCH Software
2012-03-19 19:10:39 3957616 ----a-w- g:\windows\system32\ntkrnlpa.exe
2012-03-19 19:10:34 3902320 ----a-w- g:\windows\system32\ntoskrnl.exe
2012-03-19 09:37:16 26600 ----a-w- g:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-19 09:37:16 107368 ----a-w- g:\windows\system32\GEARAspi.dll
2012-03-19 09:35:26 -------- d-----w- g:\program files\iPod
2012-03-14 19:13:43 2341376 ----a-w- g:\windows\system32\win32k.sys
2012-03-14 19:13:42 1074176 ----a-w- g:\windows\system32\DWrite.dll
2012-03-14 19:13:41 739840 ----a-w- g:\windows\system32\d2d1.dll
2012-03-14 19:13:41 218624 ----a-w- g:\windows\system32\d3d10_1core.dll
2012-03-14 19:13:41 161792 ----a-w- g:\windows\system32\d3d10_1.dll
2012-03-14 19:13:41 1170944 ----a-w- g:\windows\system32\d3d10warp.dll
2012-03-14 10:39:32 8192 ----a-w- g:\windows\system32\rdrmemptylst.exe
2012-03-14 10:39:32 57856 ----a-w- g:\windows\system32\rdpwsx.dll
2012-03-14 10:39:32 129536 ----a-w- g:\windows\system32\rdpcorekmts.dll
2012-03-14 10:39:29 826368 ----a-w- g:\windows\system32\rdpcore.dll
2012-03-14 10:39:29 24064 ----a-w- g:\windows\system32\drivers\tdtcp.sys
2012-03-14 10:39:29 177152 ----a-w- g:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-02-22 20:18:36 237072 ------w- g:\windows\system32\MpSigStub.exe
2012-02-14 22:01:50 4547944 ----a-w- g:\windows\system32\usbaaplrc.dll
2012-02-14 22:01:50 43520 ----a-w- g:\windows\system32\drivers\usbaapl.sys
2012-02-14 22:01:50 43520 ----a-w- g:\windows\system32\drivers\SET4DF1.tmp
2012-01-04 09:03:07 442880 ----a-w- g:\windows\system32\ntshrui.dll
.
============= FINISH: 22:56:38.26 ===============


Thanks for the assistance in advance.

Sean.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 PM

Posted 04 April 2012 - 05:24 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 SeanOC

SeanOC
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 04 April 2012 - 06:15 AM

Hi Gringo,

Thanks and here is the log from Combofix:


ComboFix 12-04-04.01 - Sean 04/04/2012 22:48:17.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.2975.2054 [GMT 12:00]
Running from: c:\downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
g:\programdata\Tarma Installer
g:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
g:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
g:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
g:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
g:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
g:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
g:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat
g:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
g:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
g:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setup.dll
g:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll
g:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.dat
g:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.exe
g:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.ico
g:\users\Sean\ia_remove.sh0941.tmp
g:\users\Sean\ia_remove.sh5335.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 11:06 . 2012-04-04 11:06 -------- d-----w- g:\users\Public\AppData\Local\temp
2012-04-04 11:06 . 2012-04-04 11:06 -------- d-----w- g:\users\Default\AppData\Local\temp
2012-04-04 11:06 . 2012-04-04 11:06 -------- d-----w- g:\users\Administrator\AppData\Local\temp
2012-04-01 10:15 . 2012-04-01 10:15 -------- d-----w- g:\programdata\DAEMON Tools Lite
2012-03-31 13:33 . 2012-03-31 13:33 -------- d-----w- g:\users\Sean\AppData\Local\Conduit
2012-03-31 13:33 . 2012-03-31 13:33 -------- d-----w- g:\program files\NCH_EN
2012-03-30 08:10 . 2012-03-14 02:15 6582328 ----a-w- g:\programdata\Microsoft\Windows Defender\Definition Updates\{FCA27AB2-E3C3-4661-8DE8-695EBB9DD9A2}\mpengine.dll
2012-03-26 07:49 . 2012-03-26 07:50 -------- d-----w- g:\program files\mp3DirectCut
2012-03-26 07:40 . 2012-03-26 07:40 -------- d-----w- g:\programdata\NCH Swift Sound
2012-03-26 07:39 . 2012-03-31 13:33 -------- d-----w- g:\program files\NCH Software
2012-03-19 19:53 . 2012-03-19 19:53 -------- d-----w- g:\program files\Common Files\Skype
2012-03-19 19:10 . 2011-11-19 14:25 3957616 ----a-w- g:\windows\system32\ntkrnlpa.exe
2012-03-19 19:10 . 2011-11-19 14:25 3902320 ----a-w- g:\windows\system32\ntoskrnl.exe
2012-03-19 09:37 . 2009-05-18 00:17 26600 ----a-w- g:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-19 09:37 . 2008-04-16 23:12 107368 ----a-w- g:\windows\system32\GEARAspi.dll
2012-03-19 09:35 . 2012-03-19 09:35 -------- d-----w- g:\program files\iPod
2012-03-14 19:13 . 2012-02-03 04:01 2341376 ----a-w- g:\windows\system32\win32k.sys
2012-03-14 19:13 . 2012-02-10 05:41 1074176 ----a-w- g:\windows\system32\DWrite.dll
2012-03-14 19:13 . 2012-02-10 05:41 218624 ----a-w- g:\windows\system32\d3d10_1core.dll
2012-03-14 19:13 . 2012-02-10 05:41 161792 ----a-w- g:\windows\system32\d3d10_1.dll
2012-03-14 19:13 . 2012-02-10 05:41 1170944 ----a-w- g:\windows\system32\d3d10warp.dll
2012-03-14 19:13 . 2012-02-10 05:41 739840 ----a-w- g:\windows\system32\d2d1.dll
2012-03-14 10:39 . 2012-01-25 05:44 57856 ----a-w- g:\windows\system32\rdpwsx.dll
2012-03-14 10:39 . 2012-01-25 05:44 129536 ----a-w- g:\windows\system32\rdpcorekmts.dll
2012-03-14 10:39 . 2012-01-25 05:40 8192 ----a-w- g:\windows\system32\rdrmemptylst.exe
2012-03-14 10:39 . 2012-02-15 05:44 826368 ----a-w- g:\windows\system32\rdpcore.dll
2012-03-14 10:39 . 2012-02-15 04:22 177152 ----a-w- g:\windows\system32\drivers\rdpwd.sys
2012-03-14 10:39 . 2012-02-15 04:22 24064 ----a-w- g:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 20:18 . 2010-03-26 02:43 237072 ------w- g:\windows\system32\MpSigStub.exe
2012-02-14 22:01 . 2012-02-14 22:01 4547944 ----a-w- g:\windows\system32\usbaaplrc.dll
2012-02-14 22:01 . 2012-02-14 22:01 43520 ----a-w- g:\windows\system32\drivers\usbaapl.sys
2012-02-14 22:01 . 2012-02-14 22:01 43520 ----a-w- g:\windows\system32\drivers\SET4DF1.tmp
2012-03-01 19:45 . 2011-03-25 09:51 134104 ----a-w- g:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "g:\program files\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
2011-05-09 08:49 176936 ----a-w- g:\program files\NCH_EN\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "g:\program files\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- g:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- g:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- g:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="g:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"iCloudServices"="g:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
"Skype"="g:\program files\Skype\Phone\Skype.exe" [2012-02-28 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="g:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"COMODO Internet Security"="g:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"HotKeysCmds"="g:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="g:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"GrooveMonitor"="g:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-24 31072]
"SmartSoft PDF Printer Agent"="g:\program files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe" [2011-07-19 50568]
"APSDaemon"="g:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=g:\windows\System32\guard32.dll g:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"125.252.224.88,255.255.255.252,192.168.0.200,1"=""
.
[HKLM\~\startupfolder\G:^Users^Sean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=g:\users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=g:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 15:44 500208 ------w- g:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-05-26 04:46 1159168 ------w- g:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-23 22:26 114688 ------w- g:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-26 02:06 136176 ----atw- g:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-09 11:05 46368 ----a-w- g:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 10:12 3872080 ----a-w- g:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 03:57 153136 ----a-w- g:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-09 11:07 29984 ----a-w- g:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-25 06:45 170520 ----a-w- g:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-30 21:01 328992 ----a-w- g:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2009-07-14 01:14 51712 ----a-w- g:\windows\Speech\Common\sapisvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-24 21:03 210472 ----a-w- g:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 01:37 517096 ----a-w- g:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 gupdate;Google Update Service (gupdate);g:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 136176]
R2 SkypeUpdate;Skype Updater;g:\program files\Skype\Updater\Updater.exe [2012-02-28 158856]
R3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;g:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [2009-05-05 104272]
R3 epmntdrv;epmntdrv;g:\windows\system32\epmntdrv.sys [2010-02-22 14216]
R3 EuGdiDrv;EuGdiDrv;g:\windows\system32\EuGdiDrv.sys [2010-02-22 8456]
R3 gupdatem;Google Update Service (gupdatem);g:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 136176]
R3 SwitchBoard;Adobe SwitchBoard;g:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;g:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1343400]
R3 WPFFontCache_v0400;WPFFontCache_v0400;g:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;g:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 488208]
S1 cmdHlp;COMODO Internet Security Helper Driver;g:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 39640]
S1 vwififlt;Virtual WiFi Filter Driver;g:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;g:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;g:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S3 RTL8167;Realtek 8167 NT Driver;g:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 SrvHsfHDA;SrvHsfHDA;g:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;g:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;g:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- g:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 21:09]
.
2012-04-04 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- g:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 21:09]
.
2012-04-03 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892213315-733465618-2972856026-1000Core.job
- g:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 02:06]
.
2012-04-04 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892213315-733465618-2972856026-1000UA.job
- g:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 02:06]
.
2012-04-03 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892213315-733465618-2972856026-500Core.job
- g:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 21:09]
.
2012-04-04 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892213315-733465618-2972856026-500UA.job
- g:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - g:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - g:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - g:\program files\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - g:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\kb5pfudh.default\
FF - prefs.js: browser.search.selectedEngine - NCH EN Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109217&babsrc=adbartrp&mntrId=e6bfdeee00000000000000242b8a93f7&q=
FF - user.js: extentions.y2layers.installId - 70f00ddd-87a2-4566-953f-664ac07b7417
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,PageRageTeases,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
FF - user.js: extensions.BabylonToolbar_i.id - e6bfdeee00000000000000242b8a93f7
FF - user.js: extensions.BabylonToolbar_i.hardId - e6bfdeee00000000000000242b8a93f7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:37
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - g:\program files\kikin\ie_kikin.dll
AddRemove-1ClickDownload - g:\program files\1ClickDownload\uninst.exe
AddRemove-ESET Online Scanner - g:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-Free PDF to Word Doc Converter_is1 - g:\program files\Free PDF to Word Doc Converter\unins000.exe
AddRemove-TuneUpMedia - g:\program files\TuneUpMedia\Uninstall.exe
AddRemove-ZillaTube - g:\zillatube\uninst.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - g:\progra~2\TARMAI~1\{889DF~1\Setup.exe
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - g:\program files\kikin\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(572)
g:\windows\System32\guard32.dll
.
- - - - - - - > 'lsass.exe'(508)
g:\windows\system32\guard32.dll
.
Completion time: 2012-04-04 23:11:25
ComboFix-quarantined-files.txt 2012-04-04 11:11
.
Pre-Run: 12,255,203,328 bytes free
Post-Run: 12,299,444,224 bytes free
.
- - End Of File - - 43EE9B2699D11249FFBB4B42A030C3BC


I didn't have any problems running this and the computer seems ok at the moment.

Sean.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 PM

Posted 04 April 2012 - 07:43 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 SeanOC

SeanOC
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 04 April 2012 - 03:13 PM

Hi Gringo,

Please find results below..

07:52:02.0059 3820 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
07:52:03.0351 3820 ============================================================
07:52:03.0351 3820 Current date / time: 2012/04/05 07:52:03.0351
07:52:03.0351 3820 SystemInfo:
07:52:03.0351 3820
07:52:03.0352 3820 OS Version: 6.1.7600 ServicePack: 0.0
07:52:03.0352 3820 Product type: Workstation
07:52:03.0352 3820 ComputerName: SEAN-PC
07:52:03.0352 3820 UserName: Sean
07:52:03.0352 3820 Windows directory: G:\Windows
07:52:03.0352 3820 System windows directory: G:\Windows
07:52:03.0352 3820 Processor architecture: Intel x86
07:52:03.0352 3820 Number of processors: 2
07:52:03.0352 3820 Page size: 0x1000
07:52:03.0352 3820 Boot type: Normal boot
07:52:03.0352 3820 ============================================================
07:52:04.0644 3820 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:52:04.0654 3820 \Device\Harddisk0\DR0:
07:52:04.0654 3820 MBR used
07:52:04.0654 3820 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1B2C9CDC
07:52:04.0654 3820 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C7B76F1, BlocksNum 0x763EEA6
07:52:04.0654 3820 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23DF9800, BlocksNum 0x1633EC1
07:52:04.0779 3820 Initialize success
07:52:04.0779 3820 ============================================================
07:52:06.0646 4552 ============================================================
07:52:06.0646 4552 Scan started
07:52:06.0646 4552 Mode: Manual;
07:52:06.0646 4552 ============================================================
07:52:07.0681 4552 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) G:\Windows\system32\DRIVERS\1394ohci.sys
07:52:07.0685 4552 1394ohci - ok
07:52:07.0741 4552 ACPI (f0e07d144c8685b8774bc32fc8da4df0) G:\Windows\system32\DRIVERS\ACPI.sys
07:52:07.0745 4552 ACPI - ok
07:52:07.0781 4552 AcpiPmi (98d81ca942d19f7d9153b095162ac013) G:\Windows\system32\DRIVERS\acpipmi.sys
07:52:07.0782 4552 AcpiPmi - ok
07:52:07.0916 4552 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) G:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:52:07.0918 4552 AdobeARMservice - ok
07:52:08.0022 4552 adp94xx (21e785ebd7dc90a06391141aac7892fb) G:\Windows\system32\DRIVERS\adp94xx.sys
07:52:08.0031 4552 adp94xx - ok
07:52:08.0061 4552 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) G:\Windows\system32\DRIVERS\adpahci.sys
07:52:08.0067 4552 adpahci - ok
07:52:08.0097 4552 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) G:\Windows\system32\DRIVERS\adpu320.sys
07:52:08.0100 4552 adpu320 - ok
07:52:08.0154 4552 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) G:\Windows\System32\aelupsvc.dll
07:52:08.0156 4552 AeLookupSvc - ok
07:52:08.0240 4552 AFD (0db7a48388d54d154ebec120461a0fcd) G:\Windows\system32\drivers\afd.sys
07:52:08.0246 4552 AFD - ok
07:52:08.0282 4552 agp440 (507812c3054c21cef746b6ee3d04dd6e) G:\Windows\system32\DRIVERS\agp440.sys
07:52:08.0284 4552 agp440 - ok
07:52:08.0330 4552 aic78xx (8b30250d573a8f6b4bd23195160d8707) G:\Windows\system32\DRIVERS\djsvs.sys
07:52:08.0333 4552 aic78xx - ok
07:52:08.0375 4552 ALG (18a54e132947cd98fea9accc57f98f13) G:\Windows\System32\alg.exe
07:52:08.0378 4552 ALG - ok
07:52:08.0403 4552 aliide (0d40bcf52ea90fc7df2aeab6503dea44) G:\Windows\system32\DRIVERS\aliide.sys
07:52:08.0405 4552 aliide - ok
07:52:08.0432 4552 amdagp (3c6600a0696e90a463771c7422e23ab5) G:\Windows\system32\DRIVERS\amdagp.sys
07:52:08.0435 4552 amdagp - ok
07:52:08.0467 4552 amdide (cd5914170297126b6266860198d1d4f0) G:\Windows\system32\DRIVERS\amdide.sys
07:52:08.0469 4552 amdide - ok
07:52:08.0503 4552 AmdK8 (00dda200d71bac534bf56a9db5dfd666) G:\Windows\system32\DRIVERS\amdk8.sys
07:52:08.0505 4552 AmdK8 - ok
07:52:08.0533 4552 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) G:\Windows\system32\DRIVERS\amdppm.sys
07:52:08.0536 4552 AmdPPM - ok
07:52:08.0589 4552 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) G:\Windows\system32\drivers\amdsata.sys
07:52:08.0592 4552 amdsata - ok
07:52:08.0643 4552 amdsbs (ea43af0c423ff267355f74e7a53bdaba) G:\Windows\system32\DRIVERS\amdsbs.sys
07:52:08.0647 4552 amdsbs - ok
07:52:08.0684 4552 amdxata (869e67d66be326a5a9159fba8746fa70) G:\Windows\system32\drivers\amdxata.sys
07:52:08.0685 4552 amdxata - ok
07:52:08.0771 4552 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) G:\Program Files\Avira\AntiVir Desktop\sched.exe
07:52:08.0773 4552 AntiVirSchedulerService - ok
07:52:08.0793 4552 AntiVirService (df5a3016052755c910a206058b4a1729) G:\Program Files\Avira\AntiVir Desktop\avguard.exe
07:52:08.0796 4552 AntiVirService - ok
07:52:08.0895 4552 AppID (feb834c02ce1e84b6a38f953ca067706) G:\Windows\system32\drivers\appid.sys
07:52:08.0897 4552 AppID - ok
07:52:08.0974 4552 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) G:\Windows\System32\appidsvc.dll
07:52:08.0976 4552 AppIDSvc - ok
07:52:09.0004 4552 Appinfo (7dead9e3f65dcb2794f2711003bbf650) G:\Windows\System32\appinfo.dll
07:52:09.0006 4552 Appinfo - ok
07:52:09.0156 4552 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) G:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:52:09.0158 4552 Apple Mobile Device - ok
07:52:09.0214 4552 AppMgmt (a45d184df6a8803da13a0b329517a64a) G:\Windows\System32\appmgmts.dll
07:52:09.0216 4552 AppMgmt - ok
07:52:09.0298 4552 arc (2932004f49677bd84dbc72edb754ffb3) G:\Windows\system32\DRIVERS\arc.sys
07:52:09.0300 4552 arc - ok
07:52:09.0329 4552 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) G:\Windows\system32\DRIVERS\arcsas.sys
07:52:09.0332 4552 arcsas - ok
07:52:09.0478 4552 aspnet_state (443e90fd419c840f80a8698b22ced361) G:\Windows\Microsoft.NET\Framework\v4.0.20506\aspnet_state.exe
07:52:09.0480 4552 aspnet_state - ok
07:52:09.0522 4552 AsyncMac (add2ade1c2b285ab8378d2daaf991481) G:\Windows\system32\DRIVERS\asyncmac.sys
07:52:09.0524 4552 AsyncMac - ok
07:52:09.0547 4552 atapi (338c86357871c167a96ab976519bf59e) G:\Windows\system32\DRIVERS\atapi.sys
07:52:09.0548 4552 atapi - ok
07:52:09.0646 4552 athr (614a60aee03a6151fdcbac295854a9cb) G:\Windows\system32\DRIVERS\athr.sys
07:52:09.0691 4552 athr - ok
07:52:09.0750 4552 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) G:\Windows\System32\Audiosrv.dll
07:52:09.0758 4552 AudioEndpointBuilder - ok
07:52:09.0795 4552 Audiosrv (510c873bfa135aa829f4180352772734) G:\Windows\System32\Audiosrv.dll
07:52:09.0800 4552 Audiosrv - ok
07:52:09.0850 4552 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) G:\Windows\system32\DRIVERS\avgntflt.sys
07:52:09.0851 4552 avgntflt - ok
07:52:09.0911 4552 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) G:\Windows\system32\DRIVERS\avipbb.sys
07:52:09.0913 4552 avipbb - ok
07:52:09.0956 4552 AxInstSV (dd6a431b43e34b91a767d1ce33728175) G:\Windows\System32\AxInstSV.dll
07:52:09.0959 4552 AxInstSV - ok
07:52:10.0019 4552 b06bdrv (1a231abec60fd316ec54c66715543cec) G:\Windows\system32\DRIVERS\bxvbdx.sys
07:52:10.0028 4552 b06bdrv - ok
07:52:10.0077 4552 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) G:\Windows\system32\DRIVERS\b57nd60x.sys
07:52:10.0082 4552 b57nd60x - ok
07:52:10.0147 4552 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) G:\Windows\System32\bdesvc.dll
07:52:10.0150 4552 BDESVC - ok
07:52:10.0182 4552 Beep (505506526a9d467307b3c393dedaf858) G:\Windows\system32\drivers\Beep.sys
07:52:10.0183 4552 Beep - ok
07:52:10.0239 4552 BFE (85ac71c045ceb054ed48a7841aae0c11) G:\Windows\System32\bfe.dll
07:52:10.0248 4552 BFE - ok
07:52:10.0309 4552 BITS (53f476476f55a27f580661bde09c4ec4) G:\Windows\system32\qmgr.dll
07:52:10.0321 4552 BITS - ok
07:52:10.0368 4552 blbdrive (2287078ed48fcfc477b05b20cf38f36f) G:\Windows\system32\DRIVERS\blbdrive.sys
07:52:10.0370 4552 blbdrive - ok
07:52:10.0470 4552 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) G:\Program Files\Bonjour\mDNSResponder.exe
07:52:10.0475 4552 Bonjour Service - ok
07:52:10.0539 4552 bowser (9a5c671b7fbae4865149bb11f59b91b2) G:\Windows\system32\DRIVERS\bowser.sys
07:52:10.0541 4552 bowser - ok
07:52:10.0564 4552 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) G:\Windows\system32\DRIVERS\BrFiltLo.sys
07:52:10.0566 4552 BrFiltLo - ok
07:52:10.0587 4552 BrFiltUp (56801ad62213a41f6497f96dee83755a) G:\Windows\system32\DRIVERS\BrFiltUp.sys
07:52:10.0588 4552 BrFiltUp - ok
07:52:10.0629 4552 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) G:\Windows\system32\DRIVERS\bridge.sys
07:52:10.0631 4552 BridgeMP - ok
07:52:10.0667 4552 Browser (598e1280e7ff3744f4b8329366cc5635) G:\Windows\System32\browser.dll
07:52:10.0669 4552 Browser - ok
07:52:10.0718 4552 Brserid (845b8ce732e67f3b4133164868c666ea) G:\Windows\System32\Drivers\Brserid.sys
07:52:10.0724 4552 Brserid - ok
07:52:10.0776 4552 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) G:\Windows\System32\Drivers\BrSerWdm.sys
07:52:10.0778 4552 BrSerWdm - ok
07:52:10.0835 4552 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) G:\Windows\System32\Drivers\BrUsbMdm.sys
07:52:10.0837 4552 BrUsbMdm - ok
07:52:10.0865 4552 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) G:\Windows\System32\Drivers\BrUsbSer.sys
07:52:10.0867 4552 BrUsbSer - ok
07:52:10.0898 4552 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) G:\Windows\system32\DRIVERS\bthmodem.sys
07:52:10.0900 4552 BTHMODEM - ok
07:52:10.0957 4552 bthserv (1df19c96eef6c29d1c3e1a8678e07190) G:\Windows\system32\bthserv.dll
07:52:10.0960 4552 bthserv - ok
07:52:11.0046 4552 catchme - ok
07:52:11.0126 4552 cdfs (77ea11b065e0a8ab902d78145ca51e10) G:\Windows\system32\DRIVERS\cdfs.sys
07:52:11.0128 4552 cdfs - ok
07:52:11.0170 4552 cdrom (ba6e70aa0e6091bc39de29477d866a77) G:\Windows\system32\DRIVERS\cdrom.sys
07:52:11.0173 4552 cdrom - ok
07:52:11.0233 4552 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) G:\Windows\System32\certprop.dll
07:52:11.0236 4552 CertPropSvc - ok
07:52:11.0265 4552 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) G:\Windows\system32\DRIVERS\circlass.sys
07:52:11.0267 4552 circlass - ok
07:52:11.0297 4552 CLFS (635181e0e9bbf16871bf5380d71db02d) G:\Windows\system32\CLFS.sys
07:52:11.0303 4552 CLFS - ok
07:52:11.0381 4552 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) G:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:52:11.0386 4552 clr_optimization_v2.0.50727_32 - ok
07:52:11.0491 4552 clr_optimization_v4.0.20506_32 (8a2d2b9877455b59fb6b891e2fe2e66a) G:\Windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe
07:52:11.0495 4552 clr_optimization_v4.0.20506_32 - ok
07:52:11.0582 4552 CmBatt (dea805815e587dad1dd2c502220b5616) G:\Windows\system32\DRIVERS\CmBatt.sys
07:52:11.0583 4552 CmBatt - ok
07:52:11.0734 4552 cmdAgent (d95bc532839d710bf6eb3f5e32314b3e) G:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
07:52:11.0756 4552 cmdAgent - ok
07:52:11.0815 4552 cmdGuard (544747035c7fa83d9e9d0a13f6e58bc4) G:\Windows\system32\DRIVERS\cmdguard.sys
07:52:11.0821 4552 cmdGuard - ok
07:52:11.0875 4552 cmdHlp (7faba2d3b4912b8762d1fec63ad12525) G:\Windows\system32\DRIVERS\cmdhlp.sys
07:52:11.0876 4552 cmdHlp - ok
07:52:11.0905 4552 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) G:\Windows\system32\DRIVERS\cmdide.sys
07:52:11.0907 4552 cmdide - ok
07:52:11.0973 4552 CNG (36c252e474b2ffa0f0fbbff20d92a640) G:\Windows\system32\Drivers\cng.sys
07:52:11.0981 4552 CNG - ok
07:52:12.0070 4552 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) G:\Windows\system32\drivers\CHDRT32.sys
07:52:12.0075 4552 CnxtHdAudService - ok
07:52:12.0109 4552 Compbatt (a6023d3823c37043986713f118a89bee) G:\Windows\system32\DRIVERS\compbatt.sys
07:52:12.0111 4552 Compbatt - ok
07:52:12.0151 4552 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) G:\Windows\system32\DRIVERS\CompositeBus.sys
07:52:12.0152 4552 CompositeBus - ok
07:52:12.0172 4552 COMSysApp - ok
07:52:12.0201 4552 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) G:\Windows\system32\DRIVERS\crcdisk.sys
07:52:12.0202 4552 crcdisk - ok
07:52:12.0257 4552 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) G:\Windows\system32\cryptsvc.dll
07:52:12.0261 4552 CryptSvc - ok
07:52:12.0311 4552 CSC (27c9490bdd0ae48911ab8cf1932591ed) G:\Windows\system32\drivers\csc.sys
07:52:12.0319 4552 CSC - ok
07:52:12.0358 4552 CscService (56fb5f222ea30d3d3fc459879772cb73) G:\Windows\System32\cscsvc.dll
07:52:12.0368 4552 CscService - ok
07:52:12.0424 4552 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) G:\Windows\system32\rpcss.dll
07:52:12.0435 4552 DcomLaunch - ok
07:52:12.0465 4552 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) G:\Windows\System32\defragsvc.dll
07:52:12.0472 4552 defragsvc - ok
07:52:12.0541 4552 DfsC (83d1ecea8faae75604c0fa49ac7ad996) G:\Windows\system32\Drivers\dfsc.sys
07:52:12.0544 4552 DfsC - ok
07:52:12.0596 4552 Dhcp (c56495fbd770712367cad35e5de72da6) G:\Windows\system32\dhcpcore.dll
07:52:12.0602 4552 Dhcp - ok
07:52:12.0649 4552 discache (1a050b0274bfb3890703d490f330c0da) G:\Windows\system32\drivers\discache.sys
07:52:12.0650 4552 discache - ok
07:52:12.0681 4552 Disk (565003f326f99802e68ca78f2a68e9ff) G:\Windows\system32\DRIVERS\disk.sys
07:52:12.0683 4552 Disk - ok
07:52:12.0743 4552 Dnscache (b15be77a2bacf9c3177d27518afe26a9) G:\Windows\System32\dnsrslvr.dll
07:52:12.0747 4552 Dnscache - ok
07:52:12.0788 4552 dot3svc (4408c85c21eea48eb0ce486baeef0502) G:\Windows\System32\dot3svc.dll
07:52:12.0794 4552 dot3svc - ok
07:52:12.0821 4552 DPS (7fa81c6e11caa594adb52084da73a1e5) G:\Windows\system32\dps.dll
07:52:12.0825 4552 DPS - ok
07:52:12.0871 4552 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) G:\Windows\system32\drivers\drmkaud.sys
07:52:12.0873 4552 drmkaud - ok
07:52:12.0942 4552 DXGKrnl (1679a4669326cb1a67cc95658d273234) G:\Windows\System32\drivers\dxgkrnl.sys
07:52:12.0970 4552 DXGKrnl - ok
07:52:13.0006 4552 EapHost (8600142fa91c1b96367d3300ad0f3f3a) G:\Windows\System32\eapsvc.dll
07:52:13.0009 4552 EapHost - ok
07:52:13.0168 4552 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) G:\Windows\system32\DRIVERS\evbdx.sys
07:52:13.0283 4552 ebdrv - ok
07:52:13.0327 4552 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) G:\Windows\System32\lsass.exe
07:52:13.0331 4552 EFS - ok
07:52:13.0419 4552 ehRecvr (1697c39978cd69f6fbc15302edcece1f) G:\Windows\ehome\ehRecvr.exe
07:52:13.0435 4552 ehRecvr - ok
07:52:13.0476 4552 ehSched (d389bff34f80caede417bf9d1507996a) G:\Windows\ehome\ehsched.exe
07:52:13.0479 4552 ehSched - ok
07:52:13.0565 4552 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) G:\Windows\system32\DRIVERS\elxstor.sys
07:52:13.0574 4552 elxstor - ok
07:52:13.0638 4552 epmntdrv (539ca34fbc74ec366a0d751028c32a08) G:\Windows\system32\epmntdrv.sys
07:52:13.0641 4552 epmntdrv - ok
07:52:13.0671 4552 ErrDev (8fc3208352dd3912c94367a206ab3f11) G:\Windows\system32\DRIVERS\errdev.sys
07:52:13.0672 4552 ErrDev - ok
07:52:13.0720 4552 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) G:\Windows\system32\EuGdiDrv.sys
07:52:13.0723 4552 EuGdiDrv - ok
07:52:13.0782 4552 EventSystem (f6916efc29d9953d5d0df06882ae8e16) G:\Windows\system32\es.dll
07:52:13.0788 4552 EventSystem - ok
07:52:13.0816 4552 exfat (2dc9108d74081149cc8b651d3a26207f) G:\Windows\system32\drivers\exfat.sys
07:52:13.0821 4552 exfat - ok
07:52:13.0849 4552 fastfat (7e0ab74553476622fb6ae36f73d97d35) G:\Windows\system32\drivers\fastfat.sys
07:52:13.0853 4552 fastfat - ok
07:52:13.0912 4552 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) G:\Windows\system32\fxssvc.exe
07:52:13.0929 4552 Fax - ok
07:52:13.0954 4552 fdc (e817a017f82df2a1f8cfdbda29388b29) G:\Windows\system32\DRIVERS\fdc.sys
07:52:13.0965 4552 fdc - ok
07:52:13.0992 4552 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) G:\Windows\system32\fdPHost.dll
07:52:13.0995 4552 fdPHost - ok
07:52:14.0018 4552 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) G:\Windows\system32\fdrespub.dll
07:52:14.0022 4552 FDResPub - ok
07:52:14.0037 4552 FileInfo (6cf00369c97f3cf563be99be983d13d8) G:\Windows\system32\drivers\fileinfo.sys
07:52:14.0040 4552 FileInfo - ok
07:52:14.0068 4552 Filetrace (42c51dc94c91da21cb9196eb64c45db9) G:\Windows\system32\drivers\filetrace.sys
07:52:14.0070 4552 Filetrace - ok
07:52:14.0185 4552 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
07:52:14.0215 4552 FLEXnet Licensing Service - ok
07:52:14.0247 4552 flpydisk (87907aa70cb3c56600f1c2fb8841579b) G:\Windows\system32\DRIVERS\flpydisk.sys
07:52:14.0267 4552 flpydisk - ok
07:52:14.0425 4552 FltMgr (7520ec808e0c35e0ee6f841294316653) G:\Windows\system32\drivers\fltmgr.sys
07:52:14.0430 4552 FltMgr - ok
07:52:14.0508 4552 FontCache (7fe4995528a7529a761875151ee3d512) G:\Windows\system32\FntCache.dll
07:52:14.0542 4552 FontCache - ok
07:52:14.0632 4552 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) G:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:52:14.0634 4552 FontCache3.0.0.0 - ok
07:52:14.0713 4552 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) G:\Windows\system32\drivers\FsDepends.sys
07:52:14.0715 4552 FsDepends - ok
07:52:14.0751 4552 Fs_Rec (a574b4360e438977038aae4bf60d79a2) G:\Windows\system32\drivers\Fs_Rec.sys
07:52:14.0752 4552 Fs_Rec - ok
07:52:14.0812 4552 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) G:\Windows\system32\DRIVERS\fvevol.sys
07:52:14.0817 4552 fvevol - ok
07:52:14.0866 4552 gagp30kx (65ee0c7a58b65e74ae05637418153938) G:\Windows\system32\DRIVERS\gagp30kx.sys
07:52:14.0868 4552 gagp30kx - ok
07:52:14.0935 4552 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) G:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:52:14.0937 4552 GEARAspiWDM - ok
07:52:14.0994 4552 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) G:\Windows\System32\gpsvc.dll
07:52:15.0012 4552 gpsvc - ok
07:52:15.0143 4552 gupdate (f02a533f517eb38333cb12a9e8963773) G:\Program Files\Google\Update\GoogleUpdate.exe
07:52:15.0145 4552 gupdate - ok
07:52:15.0191 4552 gupdatem (f02a533f517eb38333cb12a9e8963773) G:\Program Files\Google\Update\GoogleUpdate.exe
07:52:15.0193 4552 gupdatem - ok
07:52:15.0280 4552 hcw85cir (c44e3c2bab6837db337ddee7544736db) G:\Windows\system32\drivers\hcw85cir.sys
07:52:15.0281 4552 hcw85cir - ok
07:52:15.0330 4552 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) G:\Windows\system32\drivers\HdAudio.sys
07:52:15.0336 4552 HdAudAddService - ok
07:52:15.0376 4552 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) G:\Windows\system32\DRIVERS\HDAudBus.sys
07:52:15.0378 4552 HDAudBus - ok
07:52:15.0414 4552 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) G:\Windows\system32\DRIVERS\HidBatt.sys
07:52:15.0416 4552 HidBatt - ok
07:52:15.0451 4552 HidBth (89448f40e6df260c206a193a4683ba78) G:\Windows\system32\DRIVERS\hidbth.sys
07:52:15.0454 4552 HidBth - ok
07:52:15.0505 4552 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) G:\Windows\system32\DRIVERS\hidir.sys
07:52:15.0507 4552 HidIr - ok
07:52:15.0546 4552 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) G:\Windows\System32\hidserv.dll
07:52:15.0550 4552 hidserv - ok
07:52:15.0582 4552 HidUsb (25072fb35ac90b25f9e4e3bacf774102) G:\Windows\system32\DRIVERS\hidusb.sys
07:52:15.0584 4552 HidUsb - ok
07:52:15.0633 4552 hkmsvc (741c2a45ca8407e374aaba3e330b7872) G:\Windows\system32\kmsvc.dll
07:52:15.0638 4552 hkmsvc - ok
07:52:15.0683 4552 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) G:\Windows\system32\ListSvc.dll
07:52:15.0691 4552 HomeGroupListener - ok
07:52:15.0733 4552 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) G:\Windows\system32\provsvc.dll
07:52:15.0740 4552 HomeGroupProvider - ok
07:52:15.0808 4552 HpSAMD (295fdc419039090eb8b49ffdbb374549) G:\Windows\system32\DRIVERS\HpSAMD.sys
07:52:15.0810 4552 HpSAMD - ok
07:52:15.0860 4552 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) G:\Windows\system32\drivers\HTTP.sys
07:52:15.0870 4552 HTTP - ok
07:52:15.0890 4552 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) G:\Windows\system32\drivers\hwpolicy.sys
07:52:15.0891 4552 hwpolicy - ok
07:52:15.0931 4552 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) G:\Windows\system32\DRIVERS\i8042prt.sys
07:52:15.0934 4552 i8042prt - ok
07:52:16.0012 4552 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) G:\Windows\system32\drivers\iaStorV.sys
07:52:16.0023 4552 iaStorV - ok
07:52:16.0146 4552 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) G:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:52:16.0176 4552 idsvc - ok
07:52:16.0596 4552 igfx (8266ae06df974e5ba047b3e9e9e70b3f) G:\Windows\system32\DRIVERS\igdkmd32.sys
07:52:16.0916 4552 igfx - ok
07:52:16.0995 4552 iirsp (4173ff5708f3236cf25195fecd742915) G:\Windows\system32\DRIVERS\iirsp.sys
07:52:16.0997 4552 iirsp - ok
07:52:17.0071 4552 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) G:\Windows\System32\ikeext.dll
07:52:17.0099 4552 IKEEXT - ok
07:52:17.0150 4552 inspect (aa686b40a4f837bc66ad3183b2bbd981) G:\Windows\system32\DRIVERS\inspect.sys
07:52:17.0152 4552 inspect - ok
07:52:17.0199 4552 intelide (a0f12f2c9ba6c72f3987ce780e77c130) G:\Windows\system32\DRIVERS\intelide.sys
07:52:17.0200 4552 intelide - ok
07:52:17.0233 4552 intelppm (3b514d27bfc4accb4037bc6685f766e0) G:\Windows\system32\DRIVERS\intelppm.sys
07:52:17.0235 4552 intelppm - ok
07:52:17.0279 4552 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) G:\Windows\system32\ipbusenum.dll
07:52:17.0284 4552 IPBusEnum - ok
07:52:17.0311 4552 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) G:\Windows\system32\DRIVERS\ipfltdrv.sys
07:52:17.0314 4552 IpFilterDriver - ok
07:52:17.0367 4552 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) G:\Windows\System32\iphlpsvc.dll
07:52:17.0376 4552 iphlpsvc - ok
07:52:17.0406 4552 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) G:\Windows\system32\DRIVERS\IPMIDrv.sys
07:52:17.0408 4552 IPMIDRV - ok
07:52:17.0439 4552 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) G:\Windows\system32\drivers\ipnat.sys
07:52:17.0442 4552 IPNAT - ok
07:52:17.0555 4552 iPod Service (ce004777b92dea56fe14ec900d20baa4) G:\Program Files\iPod\bin\iPodService.exe
07:52:17.0565 4552 iPod Service - ok
07:52:17.0587 4552 IRENUM (42996cff20a3084a56017b7902307e9f) G:\Windows\system32\drivers\irenum.sys
07:52:17.0589 4552 IRENUM - ok
07:52:17.0620 4552 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) G:\Windows\system32\DRIVERS\isapnp.sys
07:52:17.0622 4552 isapnp - ok
07:52:17.0664 4552 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) G:\Windows\system32\DRIVERS\msiscsi.sys
07:52:17.0668 4552 iScsiPrt - ok
07:52:17.0711 4552 kbdclass (adef52ca1aeae82b50df86b56413107e) G:\Windows\system32\DRIVERS\kbdclass.sys
07:52:17.0713 4552 kbdclass - ok
07:52:17.0753 4552 kbdhid (3d9f0ebf350edcfd6498057301455964) G:\Windows\system32\DRIVERS\kbdhid.sys
07:52:17.0755 4552 kbdhid - ok
07:52:17.0819 4552 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) G:\Windows\system32\lsass.exe
07:52:17.0823 4552 KeyIso - ok
07:52:17.0841 4552 KSecDD (0263364acb9c834ace52fb85c2c064ec) G:\Windows\system32\Drivers\ksecdd.sys
07:52:17.0844 4552 KSecDD - ok
07:52:17.0870 4552 KSecPkg (27391db553be2a4e2b0adeea2873b2af) G:\Windows\system32\Drivers\ksecpkg.sys
07:52:17.0873 4552 KSecPkg - ok
07:52:17.0937 4552 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) G:\Windows\system32\msdtckrm.dll
07:52:17.0948 4552 KtmRm - ok
07:52:18.0031 4552 LanmanServer (8f6bf790d3168224c16f2af68a84438c) G:\Windows\System32\srvsvc.dll
07:52:18.0040 4552 LanmanServer - ok
07:52:18.0096 4552 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) G:\Windows\System32\wkssvc.dll
07:52:18.0104 4552 LanmanWorkstation - ok
07:52:18.0195 4552 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) G:\Windows\system32\DRIVERS\lltdio.sys
07:52:18.0197 4552 lltdio - ok
07:52:18.0252 4552 lltdsvc (5700673e13a2117fa3b9020c852c01e2) G:\Windows\System32\lltdsvc.dll
07:52:18.0260 4552 lltdsvc - ok
07:52:18.0305 4552 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) G:\Windows\System32\lmhsvc.dll
07:52:18.0309 4552 lmhosts - ok
07:52:18.0348 4552 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) G:\Windows\system32\DRIVERS\lsi_fc.sys
07:52:18.0351 4552 LSI_FC - ok
07:52:18.0382 4552 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) G:\Windows\system32\DRIVERS\lsi_sas.sys
07:52:18.0385 4552 LSI_SAS - ok
07:52:18.0411 4552 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) G:\Windows\system32\DRIVERS\lsi_sas2.sys
07:52:18.0413 4552 LSI_SAS2 - ok
07:52:18.0430 4552 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) G:\Windows\system32\DRIVERS\lsi_scsi.sys
07:52:18.0433 4552 LSI_SCSI - ok
07:52:18.0480 4552 luafv (6703e366cc18d3b6e534f5cf7df39cee) G:\Windows\system32\drivers\luafv.sys
07:52:18.0483 4552 luafv - ok
07:52:18.0531 4552 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) G:\Windows\system32\Mcx2Svc.dll
07:52:18.0537 4552 Mcx2Svc - ok
07:52:18.0563 4552 megasas (0fff5b045293002ab38eb1fd1fc2fb74) G:\Windows\system32\DRIVERS\megasas.sys
07:52:18.0564 4552 megasas - ok
07:52:18.0618 4552 MegaSR (dcbab2920c75f390caf1d29f675d03d6) G:\Windows\system32\DRIVERS\MegaSR.sys
07:52:18.0623 4552 MegaSR - ok
07:52:18.0778 4552 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) G:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
07:52:18.0781 4552 Microsoft Office Groove Audit Service - ok
07:52:18.0819 4552 MMCSS (146b6f43a673379a3c670e86d89be5ea) G:\Windows\system32\mmcss.dll
07:52:18.0824 4552 MMCSS - ok
07:52:18.0850 4552 Modem (f001861e5700ee84e2d4e52c712f4964) G:\Windows\system32\drivers\modem.sys
07:52:18.0852 4552 Modem - ok
07:52:18.0889 4552 monitor (79d10964de86b292320e9dfe02282a23) G:\Windows\system32\DRIVERS\monitor.sys
07:52:18.0890 4552 monitor - ok
07:52:18.0936 4552 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) G:\Windows\system32\DRIVERS\mouclass.sys
07:52:18.0938 4552 mouclass - ok
07:52:18.0989 4552 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) G:\Windows\system32\DRIVERS\mouhid.sys
07:52:18.0990 4552 mouhid - ok
07:52:19.0023 4552 mountmgr (921c18727c5920d6c0300736646931c2) G:\Windows\system32\drivers\mountmgr.sys
07:52:19.0026 4552 mountmgr - ok
07:52:19.0064 4552 mpio (2af5997438c55fb79d33d015c30e1974) G:\Windows\system32\DRIVERS\mpio.sys
07:52:19.0067 4552 mpio - ok
07:52:19.0099 4552 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) G:\Windows\system32\drivers\mpsdrv.sys
07:52:19.0101 4552 mpsdrv - ok
07:52:19.0163 4552 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) G:\Windows\system32\mpssvc.dll
07:52:19.0192 4552 MpsSvc - ok
07:52:19.0231 4552 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) G:\Windows\system32\drivers\mrxdav.sys
07:52:19.0234 4552 MRxDAV - ok
07:52:19.0306 4552 mrxsmb (ca7570e42522e24324a12161db14ec02) G:\Windows\system32\DRIVERS\mrxsmb.sys
07:52:19.0310 4552 mrxsmb - ok
07:52:19.0366 4552 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) G:\Windows\system32\DRIVERS\mrxsmb10.sys
07:52:19.0371 4552 mrxsmb10 - ok
07:52:19.0400 4552 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) G:\Windows\system32\DRIVERS\mrxsmb20.sys
07:52:19.0403 4552 mrxsmb20 - ok
07:52:19.0444 4552 msahci (4326d168944123f38dd3b2d9c37a0b12) G:\Windows\system32\DRIVERS\msahci.sys
07:52:19.0446 4552 msahci - ok
07:52:19.0478 4552 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) G:\Windows\system32\DRIVERS\msdsm.sys
07:52:19.0481 4552 msdsm - ok
07:52:19.0520 4552 MSDTC (e1bce74a3bd9902b72599c0192a07e27) G:\Windows\System32\msdtc.exe
07:52:19.0527 4552 MSDTC - ok
07:52:19.0563 4552 Msfs (daefb28e3af5a76abcc2c3078c07327f) G:\Windows\system32\drivers\Msfs.sys
07:52:19.0565 4552 Msfs - ok
07:52:19.0589 4552 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) G:\Windows\System32\drivers\mshidkmdf.sys
07:52:19.0590 4552 mshidkmdf - ok
07:52:19.0607 4552 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) G:\Windows\system32\DRIVERS\msisadrv.sys
07:52:19.0609 4552 msisadrv - ok
07:52:19.0681 4552 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) G:\Windows\system32\iscsiexe.dll
07:52:19.0686 4552 MSiSCSI - ok
07:52:19.0702 4552 msiserver - ok
07:52:19.0747 4552 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) G:\Windows\system32\drivers\MSKSSRV.sys
07:52:19.0749 4552 MSKSSRV - ok
07:52:19.0788 4552 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) G:\Windows\system32\drivers\MSPCLOCK.sys
07:52:19.0789 4552 MSPCLOCK - ok
07:52:19.0809 4552 MSPQM (f456e973590d663b1073e9c463b40932) G:\Windows\system32\drivers\MSPQM.sys
07:52:19.0810 4552 MSPQM - ok
07:52:19.0847 4552 MsRPC (0e008fc4819d238c51d7c93e7b41e560) G:\Windows\system32\drivers\MsRPC.sys
07:52:19.0851 4552 MsRPC - ok
07:52:19.0881 4552 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) G:\Windows\system32\DRIVERS\mssmbios.sys
07:52:19.0882 4552 mssmbios - ok
07:52:19.0910 4552 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) G:\Windows\system32\drivers\MSTEE.sys
07:52:19.0912 4552 MSTEE - ok
07:52:19.0932 4552 MTConfig (33599130f44e1f34631cea241de8ac84) G:\Windows\system32\DRIVERS\MTConfig.sys
07:52:19.0934 4552 MTConfig - ok
07:52:19.0964 4552 Mup (159fad02f64e6381758c990f753bcc80) G:\Windows\system32\Drivers\mup.sys
07:52:19.0966 4552 Mup - ok
07:52:20.0022 4552 napagent (80284f1985c70c86f0b5f86da2dfe1df) G:\Windows\system32\qagentRT.dll
07:52:20.0040 4552 napagent - ok
07:52:20.0096 4552 NativeWifiP (26384429fcd85d83746f63e798ab1480) G:\Windows\system32\DRIVERS\nwifi.sys
07:52:20.0102 4552 NativeWifiP - ok
07:52:20.0277 4552 NBService (b498a14133bd09ad0817590ace4470ad) G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
07:52:20.0309 4552 NBService - ok
07:52:20.0358 4552 NDIS (23759d175a0a9baaf04d05047bc135a8) G:\Windows\system32\drivers\ndis.sys
07:52:20.0367 4552 NDIS - ok
07:52:20.0399 4552 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) G:\Windows\system32\DRIVERS\ndiscap.sys
07:52:20.0401 4552 NdisCap - ok
07:52:20.0443 4552 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) G:\Windows\system32\DRIVERS\ndistapi.sys
07:52:20.0445 4552 NdisTapi - ok
07:52:20.0488 4552 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) G:\Windows\system32\DRIVERS\ndisuio.sys
07:52:20.0490 4552 Ndisuio - ok
07:52:20.0517 4552 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) G:\Windows\system32\DRIVERS\ndiswan.sys
07:52:20.0521 4552 NdisWan - ok
07:52:20.0553 4552 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) G:\Windows\system32\drivers\NDProxy.sys
07:52:20.0555 4552 NDProxy - ok
07:52:20.0593 4552 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) G:\Windows\system32\DRIVERS\netbios.sys
07:52:20.0595 4552 NetBIOS - ok
07:52:20.0621 4552 NetBT (dd52a733bf4ca5af84562a5e2f963b91) G:\Windows\system32\DRIVERS\netbt.sys
07:52:20.0625 4552 NetBT - ok
07:52:20.0676 4552 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) G:\Windows\system32\lsass.exe
07:52:20.0680 4552 Netlogon - ok
07:52:20.0734 4552 Netman (7cccfca7510684768da22092d1fa4db2) G:\Windows\System32\netman.dll
07:52:20.0744 4552 Netman - ok
07:52:20.0876 4552 NetMsmqActivator (b5c0ea3c35e6e4d392a0414bc35fb934) G:\Windows\Microsoft.NET\Framework\v4.0.20506\SMSvcHost.exe
07:52:20.0881 4552 NetMsmqActivator - ok
07:52:20.0892 4552 NetPipeActivator (b5c0ea3c35e6e4d392a0414bc35fb934) G:\Windows\Microsoft.NET\Framework\v4.0.20506\SMSvcHost.exe
07:52:20.0895 4552 NetPipeActivator - ok
07:52:20.0963 4552 netprofm (8c338238c16777a802d6a9211eb2ba50) G:\Windows\System32\netprofm.dll
07:52:20.0972 4552 netprofm - ok
07:52:20.0984 4552 NetTcpActivator (b5c0ea3c35e6e4d392a0414bc35fb934) G:\Windows\Microsoft.NET\Framework\v4.0.20506\SMSvcHost.exe
07:52:20.0987 4552 NetTcpActivator - ok
07:52:20.0999 4552 NetTcpPortSharing (b5c0ea3c35e6e4d392a0414bc35fb934) G:\Windows\Microsoft.NET\Framework\v4.0.20506\SMSvcHost.exe
07:52:21.0002 4552 NetTcpPortSharing - ok
07:52:21.0093 4552 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) G:\Windows\system32\DRIVERS\nfrd960.sys
07:52:21.0095 4552 nfrd960 - ok
07:52:21.0168 4552 NlaSvc (2226496e34bd40734946a054b1cd657f) G:\Windows\System32\nlasvc.dll
07:52:21.0177 4552 NlaSvc - ok
07:52:21.0326 4552 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
07:52:21.0333 4552 NMIndexingService - ok
07:52:21.0357 4552 Npfs (1db262a9f8c087e8153d89bef3d2235f) G:\Windows\system32\drivers\Npfs.sys
07:52:21.0359 4552 Npfs - ok
07:52:21.0394 4552 nsi (ba387e955e890c8a88306d9b8d06bf17) G:\Windows\system32\nsisvc.dll
07:52:21.0399 4552 nsi - ok
07:52:21.0424 4552 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) G:\Windows\system32\drivers\nsiproxy.sys
07:52:21.0425 4552 nsiproxy - ok
07:52:21.0512 4552 Ntfs (187002ce05693c306f43c873f821381f) G:\Windows\system32\drivers\Ntfs.sys
07:52:21.0570 4552 Ntfs - ok
07:52:21.0593 4552 Null (f9756a98d69098dca8945d62858a812c) G:\Windows\system32\drivers\Null.sys
07:52:21.0594 4552 Null - ok
07:52:21.0648 4552 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) G:\Windows\system32\drivers\nvraid.sys
07:52:21.0651 4552 nvraid - ok
07:52:21.0702 4552 nvstor (4520b63899e867f354ee012d34e11536) G:\Windows\system32\drivers\nvstor.sys
07:52:21.0706 4552 nvstor - ok
07:52:21.0733 4552 nv_agp (5a0983915f02bae73267cc2a041f717d) G:\Windows\system32\DRIVERS\nv_agp.sys
07:52:21.0736 4552 nv_agp - ok
07:52:21.0867 4552 odserv (1f0e05dff4f5a833168e49be1256f002) G:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:52:21.0877 4552 odserv - ok
07:52:21.0904 4552 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) G:\Windows\system32\DRIVERS\ohci1394.sys
07:52:21.0907 4552 ohci1394 - ok
07:52:21.0984 4552 ose (5a432a042dae460abe7199b758e8606c) G:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:52:21.0988 4552 ose - ok
07:52:22.0035 4552 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) G:\Windows\system32\pnrpsvc.dll
07:52:22.0047 4552 p2pimsvc - ok
07:52:22.0090 4552 p2psvc (59c3ddd501e39e006dac31bf55150d91) G:\Windows\system32\p2psvc.dll
07:52:22.0101 4552 p2psvc - ok
07:52:22.0153 4552 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) G:\Windows\system32\DRIVERS\parport.sys
07:52:22.0155 4552 Parport - ok
07:52:22.0178 4552 partmgr (ff4218952b51de44fe910953a3e686b9) G:\Windows\system32\drivers\partmgr.sys
07:52:22.0180 4552 partmgr - ok
07:52:22.0207 4552 Parvdm (eb0a59f29c19b86479d36b35983daadc) G:\Windows\system32\DRIVERS\parvdm.sys
07:52:22.0208 4552 Parvdm - ok
07:52:22.0268 4552 PcaSvc (358ab7956d3160000726574083dfc8a6) G:\Windows\System32\pcasvc.dll
07:52:22.0276 4552 PcaSvc - ok
07:52:22.0313 4552 pci (c858cb77c577780ecc456a892e7e7d0f) G:\Windows\system32\DRIVERS\pci.sys
07:52:22.0317 4552 pci - ok
07:52:22.0352 4552 pciide (afe86f419014db4e5593f69ffe26ce0a) G:\Windows\system32\DRIVERS\pciide.sys
07:52:22.0354 4552 pciide - ok
07:52:22.0387 4552 pcmcia (f396431b31693e71e8a80687ef523506) G:\Windows\system32\DRIVERS\pcmcia.sys
07:52:22.0392 4552 pcmcia - ok
07:52:22.0421 4552 pcw (250f6b43d2b613172035c6747aeeb19f) G:\Windows\system32\drivers\pcw.sys
07:52:22.0423 4552 pcw - ok
07:52:22.0471 4552 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) G:\Windows\system32\drivers\peauth.sys
07:52:22.0486 4552 PEAUTH - ok
07:52:22.0561 4552 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) G:\Windows\system32\peerdistsvc.dll
07:52:22.0606 4552 PeerDistSvc - ok
07:52:22.0714 4552 pla (9c1bff7910c89a1d12e57343475840cb) G:\Windows\system32\pla.dll
07:52:22.0772 4552 pla - ok
07:52:22.0857 4552 PlugPlay (71def5ec79774c798342d0ea16e41780) G:\Windows\system32\umpnpmgr.dll
07:52:22.0869 4552 PlugPlay - ok
07:52:22.0891 4552 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) G:\Windows\system32\pnrpauto.dll
07:52:22.0897 4552 PNRPAutoReg - ok
07:52:22.0924 4552 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) G:\Windows\system32\pnrpsvc.dll
07:52:22.0933 4552 PNRPsvc - ok
07:52:22.0974 4552 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) G:\Windows\System32\ipsecsvc.dll
07:52:22.0984 4552 PolicyAgent - ok
07:52:23.0026 4552 Power (dbff83f709a91049621c1d35dd45c92c) G:\Windows\system32\umpo.dll
07:52:23.0036 4552 Power - ok
07:52:23.0101 4552 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) G:\Windows\system32\DRIVERS\raspptp.sys
07:52:23.0103 4552 PptpMiniport - ok
07:52:23.0194 4552 PQNTDrv (4228630829c0e521c43d882a00533374) G:\Windows\system32\drivers\PQNTDrv.sys
07:52:23.0195 4552 PQNTDrv - ok
07:52:23.0221 4552 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) G:\Windows\system32\DRIVERS\processr.sys
07:52:23.0223 4552 Processor - ok
07:52:23.0272 4552 ProfSvc (630cf26f0227498b7d5a92b12548960f) G:\Windows\system32\profsvc.dll
07:52:23.0281 4552 ProfSvc - ok
07:52:23.0333 4552 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) G:\Windows\system32\lsass.exe
07:52:23.0337 4552 ProtectedStorage - ok
07:52:23.0389 4552 Psched (6270ccae2a86de6d146529fe55b3246a) G:\Windows\system32\DRIVERS\pacer.sys
07:52:23.0391 4552 Psched - ok
07:52:23.0460 4552 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) G:\Windows\system32\Drivers\PxHelp20.sys
07:52:23.0462 4552 PxHelp20 - ok
07:52:23.0529 4552 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) G:\Windows\system32\DRIVERS\ql2300.sys
07:52:23.0586 4552 ql2300 - ok
07:52:23.0611 4552 ql40xx (b4dd51dd25182244b86737dc51af2270) G:\Windows\system32\DRIVERS\ql40xx.sys
07:52:23.0614 4552 ql40xx - ok
07:52:23.0661 4552 QWAVE (31ac809e7707eb580b2bdb760390765a) G:\Windows\system32\qwave.dll
07:52:23.0672 4552 QWAVE - ok
07:52:23.0696 4552 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) G:\Windows\system32\drivers\qwavedrv.sys
07:52:23.0698 4552 QWAVEdrv - ok
07:52:23.0728 4552 RasAcd (30a81b53c766d0133bb86d234e5556ab) G:\Windows\system32\DRIVERS\rasacd.sys
07:52:23.0729 4552 RasAcd - ok
07:52:23.0783 4552 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) G:\Windows\system32\DRIVERS\AgileVpn.sys
07:52:23.0785 4552 RasAgileVpn - ok
07:52:23.0814 4552 RasAuto (a60f1839849c0c00739787fd5ec03f13) G:\Windows\System32\rasauto.dll
07:52:23.0823 4552 RasAuto - ok
07:52:23.0852 4552 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) G:\Windows\system32\DRIVERS\rasl2tp.sys
07:52:23.0854 4552 Rasl2tp - ok
07:52:23.0900 4552 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) G:\Windows\System32\rasmans.dll
07:52:23.0911 4552 RasMan - ok
07:52:23.0933 4552 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) G:\Windows\system32\DRIVERS\raspppoe.sys
07:52:23.0936 4552 RasPppoe - ok
07:52:23.0976 4552 RasSstp (44101f495a83ea6401d886e7fd70096b) G:\Windows\system32\DRIVERS\rassstp.sys
07:52:23.0978 4552 RasSstp - ok
07:52:24.0011 4552 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) G:\Windows\system32\DRIVERS\rdbss.sys
07:52:24.0017 4552 rdbss - ok
07:52:24.0038 4552 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) G:\Windows\system32\DRIVERS\rdpbus.sys
07:52:24.0039 4552 rdpbus - ok
07:52:24.0060 4552 RDPCDD (1e016846895b15a99f9a176a05029075) G:\Windows\system32\DRIVERS\RDPCDD.sys
07:52:24.0061 4552 RDPCDD - ok
07:52:24.0109 4552 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) G:\Windows\system32\drivers\rdpdr.sys
07:52:24.0113 4552 RDPDR - ok
07:52:24.0153 4552 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) G:\Windows\system32\drivers\rdpencdd.sys
07:52:24.0154 4552 RDPENCDD - ok
07:52:24.0177 4552 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) G:\Windows\system32\drivers\rdprefmp.sys
07:52:24.0178 4552 RDPREFMP - ok
07:52:24.0226 4552 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) G:\Windows\system32\drivers\RDPWD.sys
07:52:24.0231 4552 RDPWD - ok
07:52:24.0277 4552 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) G:\Windows\system32\drivers\rdyboost.sys
07:52:24.0282 4552 rdyboost - ok
07:52:24.0328 4552 RemoteAccess (7b5e1419717fac363a31cc302895217a) G:\Windows\System32\mprdim.dll
07:52:24.0334 4552 RemoteAccess - ok
07:52:24.0401 4552 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) G:\Windows\system32\regsvc.dll
07:52:24.0408 4552 RemoteRegistry - ok
07:52:24.0430 4552 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) G:\Windows\System32\RpcEpMap.dll
07:52:24.0436 4552 RpcEptMapper - ok
07:52:24.0473 4552 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) G:\Windows\system32\locator.exe
07:52:24.0478 4552 RpcLocator - ok
07:52:24.0509 4552 RpcSs (b82cd39e336973359d7c9bf911e8e84f) G:\Windows\System32\rpcss.dll
07:52:24.0520 4552 RpcSs - ok
07:52:24.0582 4552 rspndr (032b0d36ad92b582d869879f5af5b928) G:\Windows\system32\DRIVERS\rspndr.sys
07:52:24.0585 4552 rspndr - ok
07:52:24.0643 4552 RTL8167 (7dfd48e24479b68b258d8770121155a0) G:\Windows\system32\DRIVERS\Rt86win7.sys
07:52:24.0647 4552 RTL8167 - ok
07:52:24.0695 4552 s3cap (5423d8437051e89dd34749f242c98648) G:\Windows\system32\DRIVERS\vms3cap.sys
07:52:24.0696 4552 s3cap - ok
07:52:24.0738 4552 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) G:\Windows\system32\lsass.exe
07:52:24.0742 4552 SamSs - ok
07:52:24.0797 4552 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) G:\Windows\system32\DRIVERS\sbp2port.sys
07:52:24.0799 4552 sbp2port - ok
07:52:24.0844 4552 SCardSvr (8fc518ffe9519c2631d37515a68009c4) G:\Windows\System32\SCardSvr.dll
07:52:24.0853 4552 SCardSvr - ok
07:52:24.0886 4552 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) G:\Windows\system32\DRIVERS\scfilter.sys
07:52:24.0888 4552 scfilter - ok
07:52:24.0957 4552 Schedule (df1e5c82e4d09cf8105cc644980c4803) G:\Windows\system32\schedsvc.dll
07:52:24.0971 4552 Schedule - ok
07:52:25.0019 4552 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) G:\Windows\System32\certprop.dll
07:52:25.0021 4552 SCPolicySvc - ok
07:52:25.0051 4552 SDRSVC (5fd90abdbfaee85986802622cbb03446) G:\Windows\System32\SDRSVC.dll
07:52:25.0058 4552 SDRSVC - ok
07:52:25.0109 4552 secdrv (90a3935d05b494a5a39d37e71f09a677) G:\Windows\system32\drivers\secdrv.sys
07:52:25.0111 4552 secdrv - ok
07:52:25.0129 4552 seclogon (a59b3a4442c52060cc7a85293aa3546f) G:\Windows\system32\seclogon.dll
07:52:25.0136 4552 seclogon - ok
07:52:25.0163 4552 SENS (dcb7fcdcc97f87360f75d77425b81737) G:\Windows\system32\sens.dll
07:52:25.0169 4552 SENS - ok
07:52:25.0211 4552 SensrSvc (50087fe1ee447009c9cc2997b90de53f) G:\Windows\system32\sensrsvc.dll
07:52:25.0219 4552 SensrSvc - ok
07:52:25.0251 4552 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) G:\Windows\system32\DRIVERS\serenum.sys
07:52:25.0252 4552 Serenum - ok
07:52:25.0280 4552 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) G:\Windows\system32\DRIVERS\serial.sys
07:52:25.0283 4552 Serial - ok
07:52:25.0315 4552 sermouse (79bffb520327ff916a582dfea17aa813) G:\Windows\system32\DRIVERS\sermouse.sys
07:52:25.0316 4552 sermouse - ok
07:52:25.0399 4552 SessionEnv (8f55ce568c543d5adf45c409d16718fc) G:\Windows\system32\sessenv.dll
07:52:25.0406 4552 SessionEnv - ok
07:52:25.0430 4552 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) G:\Windows\system32\DRIVERS\sffdisk.sys
07:52:25.0431 4552 sffdisk - ok
07:52:25.0456 4552 sffp_mmc (932a68ee27833cfd57c1639d375f2731) G:\Windows\system32\DRIVERS\sffp_mmc.sys
07:52:25.0458 4552 sffp_mmc - ok
07:52:25.0478 4552 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) G:\Windows\system32\DRIVERS\sffp_sd.sys
07:52:25.0480 4552 sffp_sd - ok
07:52:25.0510 4552 sfloppy (db96666cc8312ebc45032f30b007a547) G:\Windows\system32\DRIVERS\sfloppy.sys
07:52:25.0511 4552 sfloppy - ok
07:52:25.0579 4552 SharedAccess (d1a079a0de2ea524513b6930c24527a2) G:\Windows\System32\ipnathlp.dll
07:52:25.0588 4552 SharedAccess - ok
07:52:25.0640 4552 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) G:\Windows\System32\shsvcs.dll
07:52:25.0649 4552 ShellHWDetection - ok
07:52:25.0678 4552 sisagp (2565cac0dc9fe0371bdce60832582b2e) G:\Windows\system32\DRIVERS\sisagp.sys
07:52:25.0680 4552 sisagp - ok
07:52:25.0716 4552 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) G:\Windows\system32\DRIVERS\SiSRaid2.sys
07:52:25.0718 4552 SiSRaid2 - ok
07:52:25.0759 4552 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) G:\Windows\system32\DRIVERS\sisraid4.sys
07:52:25.0761 4552 SiSRaid4 - ok
07:52:25.0879 4552 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) G:\Program Files\Skype\Updater\Updater.exe
07:52:25.0883 4552 SkypeUpdate - ok
07:52:25.0918 4552 Smb (3e21c083b8a01cb70ba1f09303010fce) G:\Windows\system32\DRIVERS\smb.sys
07:52:25.0921 4552 Smb - ok
07:52:25.0993 4552 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) G:\Windows\System32\snmptrap.exe
07:52:26.0000 4552 SNMPTRAP - ok
07:52:26.0038 4552 spldr (95cf1ae7527fb70f7816563cbc09d942) G:\Windows\system32\drivers\spldr.sys
07:52:26.0039 4552 spldr - ok
07:52:26.0091 4552 Spooler (d1bb750eb51694de183e08b9c33be5b2) G:\Windows\System32\spoolsv.exe
07:52:26.0101 4552 Spooler - ok
07:52:26.0244 4552 sppsvc (4c287f9069fedbd791178876ee9de536) G:\Windows\system32\sppsvc.exe
07:52:26.0364 4552 sppsvc - ok
07:52:26.0396 4552 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) G:\Windows\system32\sppuinotify.dll
07:52:26.0403 4552 sppuinotify - ok
07:52:26.0465 4552 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) G:\Windows\system32\DRIVERS\srv.sys
07:52:26.0473 4552 srv - ok
07:52:26.0507 4552 srv2 (414bb592cad8a79649d01f9d94318fb3) G:\Windows\system32\DRIVERS\srv2.sys
07:52:26.0514 4552 srv2 - ok
07:52:26.0564 4552 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) G:\Windows\system32\DRIVERS\VSTAZL3.SYS
07:52:26.0569 4552 SrvHsfHDA - ok
07:52:26.0629 4552 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) G:\Windows\system32\DRIVERS\VSTDPV3.SYS
07:52:26.0675 4552 SrvHsfV92 - ok
07:52:26.0719 4552 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) G:\Windows\system32\DRIVERS\VSTCNXT3.SYS
07:52:26.0747 4552 SrvHsfWinac - ok
07:52:26.0810 4552 srvnet (ff207d67700aa18242aaf985d3e7d8f4) G:\Windows\system32\DRIVERS\srvnet.sys
07:52:26.0813 4552 srvnet - ok
07:52:26.0860 4552 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) G:\Windows\System32\ssdpsrv.dll
07:52:26.0867 4552 SSDPSRV - ok
07:52:26.0926 4552 ssmdrv (a36ee93698802cd899f98bfd553d8185) G:\Windows\system32\DRIVERS\ssmdrv.sys
07:52:26.0927 4552 ssmdrv - ok
07:52:26.0954 4552 SstpSvc (d318f23be45d5e3a107469eb64815b50) G:\Windows\system32\sstpsvc.dll
07:52:26.0963 4552 SstpSvc - ok
07:52:27.0009 4552 stexstor (db32d325c192b801df274bfd12a7e72b) G:\Windows\system32\DRIVERS\stexstor.sys
07:52:27.0011 4552 stexstor - ok
07:52:27.0051 4552 StiSvc (a22825e7bb7018e8af3e229a5af17221) G:\Windows\System32\wiaservc.dll
07:52:27.0063 4552 StiSvc - ok
07:52:27.0101 4552 storflt (957e346ca948668f2496a6ccf6ff82cc) G:\Windows\system32\DRIVERS\vmstorfl.sys
07:52:27.0104 4552 storflt - ok
07:52:27.0134 4552 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) G:\Windows\system32\DRIVERS\storvsc.sys
07:52:27.0136 4552 storvsc - ok
07:52:27.0166 4552 swenum (e58c78a848add9610a4db6d214af5224) G:\Windows\system32\DRIVERS\swenum.sys
07:52:27.0168 4552 swenum - ok
07:52:27.0349 4552 SwitchBoard (f577910a133a592234ebaad3f3afa258) G:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
07:52:27.0364 4552 SwitchBoard - ok
07:52:27.0412 4552 swprv (a28bd92df340e57b024ba433165d34d7) G:\Windows\System32\swprv.dll
07:52:27.0422 4552 swprv - ok
07:52:27.0487 4552 SysMain (04105c8da62353589c29bdaeb8d88bd8) G:\Windows\system32\sysmain.dll
07:52:27.0541 4552 SysMain - ok
07:52:27.0564 4552 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) G:\Windows\System32\TabSvc.dll
07:52:27.0572 4552 TabletInputService - ok
07:52:27.0591 4552 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) G:\Windows\System32\tapisrv.dll
07:52:27.0603 4552 TapiSrv - ok
07:52:27.0630 4552 TBS (b799d9fdb26111737f58288d8dc172d9) G:\Windows\System32\tbssvc.dll
07:52:27.0637 4552 TBS - ok
07:52:27.0733 4552 Tcpip (56c198ac82efa622dd93e9e43575f79c) G:\Windows\system32\drivers\tcpip.sys
07:52:27.0780 4552 Tcpip - ok
07:52:27.0844 4552 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) G:\Windows\system32\DRIVERS\tcpip.sys
07:52:27.0860 4552 TCPIP6 - ok
07:52:27.0905 4552 tcpipreg (e64444523add154f86567c469bc0b17f) G:\Windows\system32\drivers\tcpipreg.sys
07:52:27.0906 4552 tcpipreg - ok
07:52:27.0941 4552 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) G:\Windows\system32\drivers\tdpipe.sys
07:52:27.0942 4552 TDPIPE - ok
07:52:27.0997 4552 TDTCP (7156308896d34ea75a582f9a09e50c17) G:\Windows\system32\drivers\tdtcp.sys
07:52:27.0999 4552 TDTCP - ok
07:52:28.0034 4552 tdx (cb39e896a2a83702d1737bfd402b3542) G:\Windows\system32\DRIVERS\tdx.sys
07:52:28.0037 4552 tdx - ok
07:52:28.0062 4552 TermDD (c36f41ee20e6999dbf4b0425963268a5) G:\Windows\system32\DRIVERS\termdd.sys
07:52:28.0064 4552 TermDD - ok
07:52:28.0116 4552 TermService (a01e50a04d7b1960b33e92b9080e6a94) G:\Windows\System32\termsrv.dll
07:52:28.0129 4552 TermService - ok
07:52:28.0157 4552 Themes (42fb6afd6b79d9fe07381609172e7ca4) G:\Windows\system32\themeservice.dll
07:52:28.0163 4552 Themes - ok
07:52:28.0203 4552 THREADORDER (146b6f43a673379a3c670e86d89be5ea) G:\Windows\system32\mmcss.dll
07:52:28.0207 4552 THREADORDER - ok
07:52:28.0244 4552 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) G:\Windows\System32\trkwks.dll
07:52:28.0252 4552 TrkWks - ok
07:52:28.0335 4552 TrustedInstaller (41a4c781d2286208d397d72099304133) G:\Windows\servicing\TrustedInstaller.exe
07:52:28.0338 4552 TrustedInstaller - ok
07:52:28.0406 4552 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) G:\Windows\system32\DRIVERS\tssecsrv.sys
07:52:28.0408 4552 tssecsrv - ok
07:52:28.0451 4552 tunnel (3e461d890a97f9d4c168f5fda36e1d00) G:\Windows\system32\DRIVERS\tunnel.sys
07:52:28.0454 4552 tunnel - ok
07:52:28.0479 4552 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) G:\Windows\system32\DRIVERS\uagp35.sys
07:52:28.0482 4552 uagp35 - ok
07:52:28.0524 4552 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) G:\Windows\system32\DRIVERS\udfs.sys
07:52:28.0529 4552 udfs - ok
07:52:28.0588 4552 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) G:\Windows\system32\UI0Detect.exe
07:52:28.0596 4552 UI0Detect - ok
07:52:28.0624 4552 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) G:\Windows\system32\DRIVERS\uliagpkx.sys
07:52:28.0626 4552 uliagpkx - ok
07:52:28.0671 4552 umbus (049b3a50b3d646baeeee9eec9b0668dc) G:\Windows\system32\DRIVERS\umbus.sys
07:52:28.0673 4552 umbus - ok
07:52:28.0714 4552 UmPass (7550ad0c6998ba1cb4843e920ee0feac) G:\Windows\system32\DRIVERS\umpass.sys
07:52:28.0720 4552 UmPass - ok
07:52:28.0779 4552 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) G:\Windows\System32\umrdp.dll
07:52:28.0789 4552 UmRdpService - ok
07:52:28.0837 4552 upnphost (833fbb672460efce8011d262175fad33) G:\Windows\System32\upnphost.dll
07:52:28.0847 4552 upnphost - ok
07:52:28.0921 4552 USBAAPL (eafe1e00739afe6c51487a050e772e17) G:\Windows\system32\Drivers\usbaapl.sys
07:52:28.0923 4552 USBAAPL - ok
07:52:29.0000 4552 usbaudio (2436a42aab4ad48a9b714e5b0f344627) G:\Windows\system32\drivers\usbaudio.sys
07:52:29.0005 4552 usbaudio - ok
07:52:29.0053 4552 usbccgp (c31ae588e403042632dc796cf09e30b0) G:\Windows\system32\DRIVERS\usbccgp.sys
07:52:29.0055 4552 usbccgp - ok
07:52:29.0113 4552 usbcir (04ec7cec62ec3b6d9354eee93327fc82) G:\Windows\system32\DRIVERS\usbcir.sys
07:52:29.0116 4552 usbcir - ok
07:52:29.0162 4552 usbehci (e4c436d914768ce965d5e659ba7eebd8) G:\Windows\system32\DRIVERS\usbehci.sys
07:52:29.0164 4552 usbehci - ok
07:52:29.0243 4552 usbhub (bdcd7156ec37448f08633fd899823620) G:\Windows\system32\DRIVERS\usbhub.sys
07:52:29.0249 4552 usbhub - ok
07:52:29.0299 4552 usbohci (eb2d819a639015253c871cda09d91d58) G:\Windows\system32\drivers\usbohci.sys
07:52:29.0300 4552 usbohci - ok
07:52:29.0337 4552 usbprint (797d862fe0875e75c7cc4c1ad7b30252) G:\Windows\system32\DRIVERS\usbprint.sys
07:52:29.0338 4552 usbprint - ok
07:52:29.0385 4552 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) G:\Windows\system32\DRIVERS\usbscan.sys
07:52:29.0387 4552 usbscan - ok
07:52:29.0440 4552 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) G:\Windows\system32\DRIVERS\USBSTOR.SYS
07:52:29.0442 4552 USBSTOR - ok
07:52:29.0484 4552 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) G:\Windows\system32\DRIVERS\usbuhci.sys
07:52:29.0486 4552 usbuhci - ok
07:52:29.0571 4552 usbvideo (b5f6a992d996282b7fae7048e50af83a) G:\Windows\System32\Drivers\usbvideo.sys
07:52:29.0577 4552 usbvideo - ok
07:52:29.0613 4552 UxSms (081e6e1c91aec36758902a9f727cd23c) G:\Windows\System32\uxsms.dll
07:52:29.0620 4552 UxSms - ok
07:52:29.0672 4552 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) G:\Windows\system32\lsass.exe
07:52:29.0676 4552 VaultSvc - ok
07:52:29.0730 4552 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) G:\Windows\system32\DRIVERS\vdrvroot.sys
07:52:29.0731 4552 vdrvroot - ok
07:52:29.0767 4552 vds (8c4e7c49d3641bc9e299e466a7f8867d) G:\Windows\System32\vds.exe
07:52:29.0787 4552 vds - ok
07:52:29.0819 4552 vga (17c408214ea61696cec9c66e388b14f3) G:\Windows\system32\DRIVERS\vgapnp.sys
07:52:29.0821 4552 vga - ok
07:52:29.0850 4552 VgaSave (8e38096ad5c8570a6f1570a61e251561) G:\Windows\System32\drivers\vga.sys
07:52:29.0852 4552 VgaSave - ok
07:52:29.0890 4552 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) G:\Windows\system32\DRIVERS\vhdmp.sys
07:52:29.0894 4552 vhdmp - ok
07:52:29.0940 4552 viaagp (c829317a37b4bea8f39735d4b076e923) G:\Windows\system32\DRIVERS\viaagp.sys
07:52:29.0943 4552 viaagp - ok
07:52:29.0974 4552 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) G:\Windows\system32\DRIVERS\viac7.sys
07:52:29.0976 4552 ViaC7 - ok
07:52:30.0003 4552 viaide (e43574f6a56a0ee11809b48c09e4fd3c) G:\Windows\system32\DRIVERS\viaide.sys
07:52:30.0004 4552 viaide - ok
07:52:30.0044 4552 vmbus (379b349f65f453d2a6e75ea6b7448e49) G:\Windows\system32\DRIVERS\vmbus.sys
07:52:30.0044 4552 vmbus - ok
07:52:30.0075 4552 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) G:\Windows\system32\DRIVERS\VMBusHID.sys
07:52:30.0075 4552 VMBusHID - ok
07:52:30.0106 4552 volmgr (384e5a2aa49934295171e499f86ba6f3) G:\Windows\system32\DRIVERS\volmgr.sys
07:52:30.0106 4552 volmgr - ok
07:52:30.0157 4552 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) G:\Windows\system32\drivers\volmgrx.sys
07:52:30.0164 4552 volmgrx - ok
07:52:30.0190 4552 volsnap (58df9d2481a56edde167e51b334d44fd) G:\Windows\system32\DRIVERS\volsnap.sys
07:52:30.0195 4552 volsnap - ok
07:52:30.0262 4552 vsmraid (9dfa0cc2f8855a04816729651175b631) G:\Windows\system32\DRIVERS\vsmraid.sys
07:52:30.0266 4552 vsmraid - ok
07:52:30.0349 4552 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) G:\Windows\system32\vssvc.exe
07:52:30.0367 4552 VSS - ok
07:52:30.0398 4552 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) G:\Windows\system32\DRIVERS\vwifibus.sys
07:52:30.0399 4552 vwifibus - ok
07:52:30.0435 4552 vwififlt (7090d3436eeb4e7da3373090a23448f7) G:\Windows\system32\DRIVERS\vwififlt.sys
07:52:30.0438 4552 vwififlt - ok
07:52:30.0468 4552 W32Time (55187fd710e27d5095d10a472c8baf1c) G:\Windows\system32\w32time.dll
07:52:30.0477 4552 W32Time - ok
07:52:30.0514 4552 WacomPen (de3721e89c653aa281428c8a69745d90) G:\Windows\system32\DRIVERS\wacompen.sys
07:52:30.0516 4552 WacomPen - ok
07:52:30.0559 4552 WANARP (692a712062146e96d28ba0b7d75de31b) G:\Windows\system32\DRIVERS\wanarp.sys
07:52:30.0562 4552 WANARP - ok
07:52:30.0583 4552 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) G:\Windows\system32\DRIVERS\wanarp.sys
07:52:30.0584 4552 Wanarpv6 - ok
07:52:30.0712 4552 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) G:\Windows\system32\Wat\WatAdminSvc.exe
07:52:30.0770 4552 WatAdminSvc - ok
07:52:30.0858 4552 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) G:\Windows\system32\wbengine.exe
07:52:30.0914 4552 wbengine - ok
07:52:30.0940 4552 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) G:\Windows\System32\wbiosrvc.dll
07:52:30.0950 4552 WbioSrvc - ok
07:52:31.0006 4552 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) G:\Windows\System32\wcncsvc.dll
07:52:31.0015 4552 wcncsvc - ok
07:52:31.0059 4552 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) G:\Windows\System32\WcsPlugInService.dll
07:52:31.0067 4552 WcsPlugInService - ok
07:52:31.0117 4552 Wd (1112a9badacb47b7c0bb0392e3158dff) G:\Windows\system32\DRIVERS\wd.sys
07:52:31.0119 4552 Wd - ok
07:52:31.0160 4552 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) G:\Windows\system32\drivers\Wdf01000.sys
07:52:31.0169 4552 Wdf01000 - ok
07:52:31.0197 4552 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) G:\Windows\system32\wdi.dll
07:52:31.0205 4552 WdiServiceHost - ok
07:52:31.0213 4552 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) G:\Windows\system32\wdi.dll
07:52:31.0222 4552 WdiSystemHost - ok
07:52:31.0252 4552 WebClient (d87c7d2c517f82a5ab7a73e203063d9e) G:\Windows\System32\webclnt.dll
07:52:31.0264 4552 WebClient - ok
07:52:31.0290 4552 Wecsvc (760f0afe937a77cff27153206534f275) G:\Windows\system32\wecsvc.dll
07:52:31.0298 4552 Wecsvc - ok
07:52:31.0339 4552 wercplsupport (ac804569bb2364fb6017370258a4091b) G:\Windows\System32\wercplsupport.dll
07:52:31.0346 4552 wercplsupport - ok
07:52:31.0386 4552 WerSvc (08e420d873e4fd85241ee2421b02c4a4) G:\Windows\System32\WerSvc.dll
07:52:31.0395 4552 WerSvc - ok
07:52:31.0446 4552 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) G:\Windows\system32\DRIVERS\wfplwf.sys
07:52:31.0447 4552 WfpLwf - ok
07:52:31.0475 4552 WIMMount (5cf95b35e59e2a38023836fff31be64c) G:\Windows\system32\drivers\wimmount.sys
07:52:31.0476 4552 WIMMount - ok
07:52:31.0577 4552 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) G:\Program Files\Windows Defender\mpsvc.dll
07:52:31.0604 4552 WinDefend - ok
07:52:31.0640 4552 WinHttpAutoProxySvc - ok
07:52:31.0721 4552 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) G:\Windows\system32\wbem\WMIsvc.dll
07:52:31.0726 4552 Winmgmt - ok
07:52:31.0810 4552 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) G:\Windows\system32\WsmSvc.dll
07:52:31.0867 4552 WinRM - ok
07:52:31.0951 4552 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) G:\Windows\system32\DRIVERS\WinUsb.sys
07:52:31.0953 4552 WinUsb - ok
07:52:32.0027 4552 Wlansvc (16935c98ff639d185086a3529b1f2067) G:\Windows\System32\wlansvc.dll
07:52:32.0061 4552 Wlansvc - ok
07:52:32.0107 4552 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) G:\Windows\system32\DRIVERS\wmiacpi.sys
07:52:32.0109 4552 WmiAcpi - ok
07:52:32.0206 4552 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) G:\Windows\system32\wbem\WmiApSrv.exe
07:52:32.0208 4552 wmiApSrv - ok
07:52:32.0332 4552 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) G:\Program Files\Windows Media Player\wmpnetwk.exe
07:52:32.0346 4552 WMPNetworkSvc - ok
07:52:32.0377 4552 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) G:\Windows\System32\wpcsvc.dll
07:52:32.0385 4552 WPCSvc - ok
07:52:32.0416 4552 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) G:\Windows\system32\wpdbusenum.dll
07:52:32.0425 4552 WPDBusEnum - ok
07:52:32.0514 4552 WPFFontCache_v0400 - ok
07:52:32.0572 4552 ws2ifsl (6db3276587b853bf886b69528fdb048c) G:\Windows\system32\drivers\ws2ifsl.sys
07:52:32.0573 4552 ws2ifsl - ok
07:52:32.0617 4552 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) G:\Windows\system32\wscsvc.dll
07:52:32.0625 4552 wscsvc - ok
07:52:32.0641 4552 WSearch - ok
07:52:32.0743 4552 wuauserv (a33408cc036f9c08142b11be5e93f0a1) G:\Windows\system32\wuaueng.dll
07:52:32.0772 4552 wuauserv - ok
07:52:32.0804 4552 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) G:\Windows\system32\drivers\WudfPf.sys
07:52:32.0807 4552 WudfPf - ok
07:52:32.0847 4552 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) G:\Windows\system32\DRIVERS\WUDFRd.sys
07:52:32.0851 4552 WUDFRd - ok
07:52:32.0879 4552 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) G:\Windows\System32\WUDFSvc.dll
07:52:32.0887 4552 wudfsvc - ok
07:52:32.0917 4552 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) G:\Windows\System32\wwansvc.dll
07:52:32.0926 4552 WwanSvc - ok
07:52:32.0986 4552 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:52:33.0028 4552 \Device\Harddisk0\DR0 - ok
07:52:33.0036 4552 Boot (0x1200) (38536a8e9c641d5224b889103f6c6d5b) \Device\Harddisk0\DR0\Partition0
07:52:33.0041 4552 \Device\Harddisk0\DR0\Partition0 - ok
07:52:33.0064 4552 Boot (0x1200) (a2b18b69f799b9d80647bd48f6b58796) \Device\Harddisk0\DR0\Partition1
07:52:33.0067 4552 \Device\Harddisk0\DR0\Partition1 - ok
07:52:33.0090 4552 Boot (0x1200) (6e7eb8db22772962ab193f82b439e2ce) \Device\Harddisk0\DR0\Partition2
07:52:33.0092 4552 \Device\Harddisk0\DR0\Partition2 - ok
07:52:33.0093 4552 ============================================================
07:52:33.0093 4552 Scan finished
07:52:33.0093 4552 ============================================================
07:52:33.0123 4668 Detected object count: 0
07:52:33.0123 4668 Actual detected object count: 0

and also...


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-05 07:56:37
-----------------------------
07:56:37.166 OS Version: Windows 6.1.7600
07:56:37.166 Number of processors: 2 586 0xF0D
07:56:37.166 ComputerName: SEAN-PC UserName: Sean
07:56:37.915 Initialize success
08:11:56.969 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:11:57.009 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 11
08:11:57.038 Disk 0 MBR read successfully
08:11:57.043 Disk 0 MBR scan
08:11:57.049 Disk 0 Windows 7 default MBR code
08:11:57.056 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 222611 MB offset 63
08:11:57.082 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60541 MB offset 477853425
08:11:57.107 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11367 MB offset 601856000
08:11:57.118 Disk 0 scanning sectors +625137345
08:11:57.177 Disk 0 scanning G:\Windows\system32\drivers
08:12:03.923 Service scanning
08:12:19.576 Modules scanning
08:12:29.429 Disk 0 trace - called modules:
08:12:29.480 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
08:12:29.496 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8650b030]
08:12:29.497 3 CLASSPNP.SYS[8b5ac59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86029908]
08:12:29.513 Scan finished successfully
08:12:50.854 Disk 0 MBR has been saved successfully to "G:\Users\Sean\Desktop\MBR.dat"
08:12:50.876 The log file has been saved successfully to "G:\Users\Sean\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 PM

Posted 04 April 2012 - 04:05 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
g:\users\Sean\AppData\Local\Conduit

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948


Firefox::
FF - ProfilePath - g:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\kb5pfudh.default\
FF - prefs.js: browser.search.selectedEngine - NCH EN Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109217&babsrc=adbartrp&mntrId=e6bfdeee00000000000000242b8a93f7&q=
FF - user.js: extentions.y2layers.installId - 70f00ddd-87a2-4566-953f-664ac07b7417
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,PageRageTeases,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
FF - user.js: extensions.BabylonToolbar_i.id - e6bfdeee00000000000000242b8a93f7
FF - user.js: extensions.BabylonToolbar_i.hardId - e6bfdeee00000000000000242b8a93f7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:37
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 SeanOC

SeanOC
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 05 April 2012 - 07:24 AM

ClearJavaCache::
KillAll::
Folder::
g:\users\Sean\AppData\Local\Conduit

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948


Firefox::
FF - ProfilePath - g:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\kb5pfudh.default\
FF - prefs.js: browser.search.selectedEngine - NCH EN Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109217&babsrc=adbartrp&mntrId=e6bfdeee00000000000000242b8a93f7&q=
FF - user.js: extentions.y2layers.installId - 70f00ddd-87a2-4566-953f-664ac07b7417
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,PageRageTeases,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
FF - user.js: extensions.BabylonToolbar_i.id - e6bfdeee00000000000000242b8a93f7
FF - user.js: extensions.BabylonToolbar_i.hardId - e6bfdeee00000000000000242b8a93f7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:37
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Computer seems ok for now,

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 PM

Posted 05 April 2012 - 11:06 AM

Hello


You sent me the script - I would like to see the report from combofix when you ran the script



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 SeanOC

SeanOC
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 05 April 2012 - 02:23 PM

DOH! Sorry Gringo. Here it is now...


ComboFix 12-04-04.01 - Sean 06/04/2012 6:51.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.2975.1980 [GMT 12:00]
Running from: c:\downloads\ComboFix.exe
Command switches used :: g:\users\Sean\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
g:\users\Sean\AppData\Local\Conduit
g:\users\Sean\AppData\Local\Conduit\CT2801948\NCH_ENAutoUpdateHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 19:08 . 2012-04-05 19:08 -------- d-----w- g:\users\Public\AppData\Local\temp
2012-04-05 19:08 . 2012-04-05 19:08 -------- d-----w- g:\users\Default\AppData\Local\temp
2012-04-05 19:08 . 2012-04-05 19:08 -------- d-----w- g:\users\Administrator\AppData\Local\temp
2012-04-01 10:15 . 2012-04-01 10:15 -------- d-----w- g:\programdata\DAEMON Tools Lite
2012-03-31 13:33 . 2012-03-31 13:33 -------- d-----w- g:\program files\NCH_EN
2012-03-26 07:49 . 2012-03-26 07:50 -------- d-----w- g:\program files\mp3DirectCut
2012-03-26 07:40 . 2012-03-26 07:40 -------- d-----w- g:\programdata\NCH Swift Sound
2012-03-26 07:39 . 2012-03-31 13:33 -------- d-----w- g:\program files\NCH Software
2012-03-19 19:53 . 2012-03-19 19:53 -------- d-----w- g:\program files\Common Files\Skype
2012-03-19 19:10 . 2011-11-19 14:25 3957616 ----a-w- g:\windows\system32\ntkrnlpa.exe
2012-03-19 19:10 . 2011-11-19 14:25 3902320 ----a-w- g:\windows\system32\ntoskrnl.exe
2012-03-19 09:37 . 2009-05-18 00:17 26600 ----a-w- g:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-19 09:37 . 2008-04-16 23:12 107368 ----a-w- g:\windows\system32\GEARAspi.dll
2012-03-19 09:35 . 2012-03-19 09:35 -------- d-----w- g:\program files\iPod
2012-03-14 19:13 . 2012-02-03 04:01 2341376 ----a-w- g:\windows\system32\win32k.sys
2012-03-14 19:13 . 2012-02-10 05:41 1074176 ----a-w- g:\windows\system32\DWrite.dll
2012-03-14 19:13 . 2012-02-10 05:41 218624 ----a-w- g:\windows\system32\d3d10_1core.dll
2012-03-14 19:13 . 2012-02-10 05:41 161792 ----a-w- g:\windows\system32\d3d10_1.dll
2012-03-14 19:13 . 2012-02-10 05:41 1170944 ----a-w- g:\windows\system32\d3d10warp.dll
2012-03-14 19:13 . 2012-02-10 05:41 739840 ----a-w- g:\windows\system32\d2d1.dll
2012-03-14 10:39 . 2012-01-25 05:44 57856 ----a-w- g:\windows\system32\rdpwsx.dll
2012-03-14 10:39 . 2012-01-25 05:44 129536 ----a-w- g:\windows\system32\rdpcorekmts.dll
2012-03-14 10:39 . 2012-01-25 05:40 8192 ----a-w- g:\windows\system32\rdrmemptylst.exe
2012-03-14 10:39 . 2012-02-15 05:44 826368 ----a-w- g:\windows\system32\rdpcore.dll
2012-03-14 10:39 . 2012-02-15 04:22 177152 ----a-w- g:\windows\system32\drivers\rdpwd.sys
2012-03-14 10:39 . 2012-02-15 04:22 24064 ----a-w- g:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 02:15 . 2012-04-04 19:42 6582328 ----a-w- g:\programdata\Microsoft\Windows Defender\Definition Updates\{E345EF6B-BA01-41CC-8381-7FD599781950}\mpengine.dll
2012-02-22 20:18 . 2010-03-26 02:43 237072 ------w- g:\windows\system32\MpSigStub.exe
2012-02-14 22:01 . 2012-02-14 22:01 4547944 ----a-w- g:\windows\system32\usbaaplrc.dll
2012-02-14 22:01 . 2012-02-14 22:01 43520 ----a-w- g:\windows\system32\drivers\usbaapl.sys
2012-02-14 22:01 . 2012-02-14 22:01 43520 ----a-w- g:\windows\system32\drivers\SET4DF1.tmp
2012-03-01 19:45 . 2011-03-25 09:51 134104 ----a-w- g:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "g:\program files\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
2011-05-09 08:49 176936 ----a-w- g:\program files\NCH_EN\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "g:\program files\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- g:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- g:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- g:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="g:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"iCloudServices"="g:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
"Skype"="g:\program files\Skype\Phone\Skype.exe" [2012-02-28 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="g:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"COMODO Internet Security"="g:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"HotKeysCmds"="g:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="g:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"GrooveMonitor"="g:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-24 31072]
"SmartSoft PDF Printer Agent"="g:\program files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe" [2011-07-19 50568]
"APSDaemon"="g:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=g:\windows\System32\guard32.dll g:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"125.252.224.88,255.255.255.252,192.168.0.200,1"=""
.
[HKLM\~\startupfolder\G:^Users^Sean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=g:\users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=g:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 15:44 500208 ------w- g:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-05-26 04:46 1159168 ------w- g:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-23 22:26 114688 ------w- g:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-26 02:06 136176 ----atw- g:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-09 11:05 46368 ----a-w- g:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 10:12 3872080 ----a-w- g:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 03:57 153136 ----a-w- g:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-09 11:07 29984 ----a-w- g:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-25 06:45 170520 ----a-w- g:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-30 21:01 328992 ----a-w- g:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2009-07-14 01:14 51712 ----a-w- g:\windows\Speech\Common\sapisvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-24 21:03 210472 ----a-w- g:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 01:37 517096 ----a-w- g:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 gupdate;Google Update Service (gupdate);g:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 136176]
R2 SkypeUpdate;Skype Updater;g:\program files\Skype\Updater\Updater.exe [2012-02-28 158856]
R3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;g:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [2009-05-05 104272]
R3 epmntdrv;epmntdrv;g:\windows\system32\epmntdrv.sys [2010-02-22 14216]
R3 EuGdiDrv;EuGdiDrv;g:\windows\system32\EuGdiDrv.sys [2010-02-22 8456]
R3 gupdatem;Google Update Service (gupdatem);g:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 136176]
R3 SwitchBoard;Adobe SwitchBoard;g:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;g:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1343400]
R3 WPFFontCache_v0400;WPFFontCache_v0400;g:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;g:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 488208]
S1 cmdHlp;COMODO Internet Security Helper Driver;g:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 39640]
S1 vwififlt;Virtual WiFi Filter Driver;g:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;g:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;g:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S3 RTL8167;Realtek 8167 NT Driver;g:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 SrvHsfHDA;SrvHsfHDA;g:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;g:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;g:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- g:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 21:09]
.
2012-04-05 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- g:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 21:09]
.
2012-04-05 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892213315-733465618-2972856026-1000Core.job
- g:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 02:06]
.
2012-04-05 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892213315-733465618-2972856026-1000UA.job
- g:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 02:06]
.
2012-04-04 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892213315-733465618-2972856026-500Core.job
- g:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 21:09]
.
2012-04-05 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892213315-733465618-2972856026-500UA.job
- g:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 21:09]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - g:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - g:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - g:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\kb5pfudh.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(504)
g:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(5544)
g:\windows\system32\guard32.dll
g:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Other Running Processes ------------------------
.
g:\program files\COMODO\COMODO Internet Security\cmdagent.exe
g:\windows\system32\WUDFHost.exe
g:\program files\Avira\AntiVir Desktop\avguard.exe
g:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
g:\program files\Bonjour\mDNSResponder.exe
g:\program files\Avira\AntiVir Desktop\avshadow.exe
g:\windows\system32\conhost.exe
g:\windows\system32\taskhost.exe
g:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
g:\windows\system32\conhost.exe
g:\windows\system32\WUDFHost.exe
g:\program files\iPod\bin\iPodService.exe
g:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iTunes\iTunes.exe
g:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
g:\windows\system32\conhost.exe
g:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
g:\windows\system32\conhost.exe
g:\program files\Common Files\Apple\Mobile Device Support\ATH.exe
g:\windows\system32\conhost.exe
g:\program files\COMODO\COMODO Internet Security\cfpupdat.exe
g:\program files\Common Files\Apple\Mobile Device Support\SyncServer.exe
g:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-04-06 07:18:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-05 19:18
ComboFix2.txt 2012-04-04 11:11
.
Pre-Run: 12,446,543,872 bytes free
Post-Run: 12,178,173,952 bytes free
.
- - End Of File - - 266A7187A344E4C069C1E6BED122F538

Thanks!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 PM

Posted 05 April 2012 - 02:34 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

BitTorrent
BitTorrentBar Toolbar
Java™ 6 Update 26
Yontoo 1.10.01
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 SeanOC

SeanOC
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 06 April 2012 - 08:47 AM

Hi Gringo,

Firstly, the MBAM log:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.05.11

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Sean :: SEAN-PC [administrator]

6/04/2012 11:32:39 a.m.
mbam-log-2012-04-06 (11-32-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218481
Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


and Hijack this log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:46:36 a.m., on 7/04/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16930)
Boot mode: Normal

Running processes:
G:\Windows\system32\Dwm.exe
G:\Windows\system32\taskhost.exe
G:\Program Files\Avira\AntiVir Desktop\avgnt.exe
G:\Program Files\COMODO\COMODO Internet Security\cfp.exe
G:\Windows\System32\hkcmd.exe
G:\Windows\System32\igfxpers.exe
G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
G:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
C:\Program Files\iTunes\iTunesHelper.exe
G:\Windows\System32\StikyNot.exe
G:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
G:\Program Files\Skype\Phone\Skype.exe
G:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
G:\Windows\system32\conhost.exe
G:\Windows\Explorer.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
G:\Windows\system32\conhost.exe
G:\Windows\system32\notepad.exe
G:\Windows\system32\taskhost.exe
G:\Windows\notepad.exe
G:\Windows\system32\taskeng.exe
G:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe
G:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe
G:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe
G:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
G:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
G:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - G:\Program Files\NCH_EN\prxtbNCH_.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - G:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (file missing)
O2 - BHO: NCH EN - {37483b40-c254-4a72-bda4-22ee90182c1e} - G:\Program Files\NCH_EN\prxtbNCH_.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - G:\Program Files\Google\Chrome Frame\Application\18.0.1025.151\npchrome_frame.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - G:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (file missing)
O3 - Toolbar: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - G:\Program Files\NCH_EN\prxtbNCH_.dll
O4 - HKLM\..\Run: [avgnt] "G:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "G:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [HotKeysCmds] G:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] G:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SmartSoft PDF Printer Agent] "G:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe"
O4 - HKLM\..\Run: [APSDaemon] "G:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] G:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [iCloudServices] G:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [Skype] "G:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://G:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - (no file)
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - G:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - G:\Program Files\Google\Chrome Frame\Application\18.0.1025.151\npchrome_frame.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: G:\Windows\System32\guard32.dll G:\Windows\System32\guard32.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - G:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - G:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - G:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - G:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - G:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - G:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - G:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @G:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - G:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe (file missing)

--
End of file - 9029 bytes


...computer seems ok now still and no problems, apart from the installation of java which failed.

Edited by SeanOC, 06 April 2012 - 08:48 AM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 PM

Posted 06 April 2012 - 01:47 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
      O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 SeanOC

SeanOC
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 06 April 2012 - 04:42 PM

Hi gringo,

ESET is trying to download components, but comes up with a message saying:

"Cannot get Update: Is Proxy Configured?"

Thanks.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 PM

Posted 06 April 2012 - 05:51 PM

Hello

try resetting IE - go here and scroll down and click on show all and click on the fix-it button - http://windows.microsoft.com/en-US/windows-vista/Reset-Internet-Explorer-8-settings


if that does not work then try this one

F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go HERE to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new window

    In Interner Explorer
  • It will require an activex control, please install it
  • Click Accept

  • In Firefox
  • It will require an Add-on to be installed, please install it
  • Order to install the Add-on Firefox needs to be restarted, please do so
[*]Click Full System Scan
[*]It will now download the scanner this may take a while please be patient
[*]It will then start scanning wait for the scan to finish
[*]Click Automatic cleaning (recommended)
[*]Wait for it finish the cleaning process
[*]Click show report
[*]This will open up a window with the results of the scan copy and paste those results as a reply to this topic[/list]

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 PM

Posted 09 April 2012 - 12:04 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users