Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus from clicking a link


  • This topic is locked This topic is locked
31 replies to this topic

#1 Zhang_1888

Zhang_1888

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 17 April 2012 - 11:52 PM

Hey everyone. I got a virus or something from clicking a link in my email like a fool. I just need some help trying to find out where it is and how to get rid of it. The virus is affecting my browser a ton and forcing pop ups and black screens on me T_T. Thanks.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Frank at 0:25:36 on 2012-04-18
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.2815.1862 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Frank\Desktop\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: GretechBHO Class: {f0181c6e-9218-4792-9f3c-e8df52b2f1ac} - c:\program files\gretech\gompicker\GomPickerBHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [HP Deskjet 3050A J611 series (NET)] "c:\program files\hp\hp deskjet 3050a j611 series\bin\ScanToPCActivationApp.exe" -deviceID "CN19E4312905PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\frank\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{C1588671-C17E-4352-A8F9-6593CDDC8693} : DhcpNameServer = 192.168.1.1 71.242.0.12
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\frank\appdata\roaming\mozilla\firefox\profiles\azmphh0x.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(general.useragent.extra.brc,
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.funmoods_i.hmpg, true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-13 612184]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-13 337880]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-13 20696]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-4-13 57688]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-13 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-10 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-11 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-25 2348352]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-9 382272]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-10 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-28 22344]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-28 52224]
S4 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-4-9 3063968]
.
=============== Created Last 30 ================
.
2012-04-18 04:20:31 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{366ddf80-5bf2-4b92-9868-dbf78e70c858}\offreg.dll
2012-04-18 00:48:52 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{60c4fb0e-42fd-406e-9e71-4749890c9603}\offreg.dll
2012-04-17 23:24:31 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{60c4fb0e-42fd-406e-9e71-4749890c9603}\mpengine.dll
2012-04-14 06:33:56 -------- d--h--w- c:\programdata\Common Files
2012-04-14 06:33:45 -------- d-----w- c:\users\frank\appdata\roaming\AVG2012
2012-04-14 06:32:22 -------- d-----w- c:\programdata\AVG2012
2012-04-14 06:32:02 -------- d-----w- c:\program files\AVG
2012-04-14 06:23:26 -------- d-----w- c:\program files\Trend Micro
2012-04-14 06:23:16 -------- d-----w- c:\users\frank\appdata\roaming\SUPERAntiSpyware.com
2012-04-14 06:23:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-14 06:23:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-14 06:20:15 -------- d-----w- c:\programdata\MFAData
2012-04-14 06:12:36 -------- d-s---w- C:\ComboFix
2012-04-14 02:04:46 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-14 02:04:45 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-14 02:04:43 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-14 02:03:34 41184 ----a-w- c:\windows\avastSS.scr
2012-04-14 02:03:17 -------- d-----w- c:\programdata\AVAST Software
2012-04-14 02:03:17 -------- d-----w- c:\program files\AVAST Software
2012-04-12 01:27:52 -------- d-----r- c:\program files\Skype
2012-04-12 00:45:59 -------- d-----w- c:\users\frank\appdata\local\SplitMediaLabs
2012-04-11 07:01:22 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 07:01:22 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 07:01:22 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 07:01:21 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 07:00:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 07:00:49 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 09:20:20 -------- d-----w- c:\program files\CCleaner
2012-04-09 15:22:30 4916384 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-04-05 19:32:28 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 18:34:07 -------- d-----w- c:\program files\iPod
2012-04-04 05:53:56 182160 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-03-21 17:47:34 -------- d-----w- c:\program files\iTunes
2012-03-21 01:17:24 -------- d-----w- c:\users\frank\appdata\roaming\NVIDIA
2012-03-21 01:17:11 -------- d-----w- c:\users\frank\appdata\roaming\cYo
2012-03-21 01:17:11 -------- d-----w- c:\users\frank\appdata\local\cYo
2012-03-21 01:16:12 -------- d-----w- c:\program files\ComicRack
2012-03-20 13:26:15 -------- d-----w- c:\program files\common files\Symantec Shared
2012-03-20 00:31:00 -------- d-----w- c:\users\frank\appdata\local\FileTypeAssistant
2012-03-20 00:20:55 -------- d-----w- c:\programdata\WeCareReminder
2012-03-20 00:13:50 -------- d-----w- c:\programdata\boost_interprocess
2012-03-20 00:04:27 -------- d-----w- c:\programdata\Tarma Installer
2012-03-20 00:04:15 143360 ----a-w- c:\program files\mozilla firefox\BabyFox.dll
2012-03-20 00:02:54 -------- d-----w- c:\programdata\Symantec
2012-03-20 00:02:46 -------- d-----w- c:\programdata\Norton
2012-03-20 00:02:32 -------- d-----w- c:\programdata\NortonInstaller
.
==================== Find3M ====================
.
2012-04-14 09:32:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 09:25:52 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 04:13:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13:00 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13:00 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13:00 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13:00 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-10 04:13:00 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:13:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 04:13:00 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 03:02:06 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00:44 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00:26 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00:26 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:00:26 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 01:05:44 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-09 03:59:54 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-02-09 03:59:54 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-02-07 15:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 08:46:50 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 0:25:58.55 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 PM

Posted 18 April 2012 - 11:48 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Zhang_1888

Zhang_1888
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 19 April 2012 - 03:44 AM

Here's the results of the Security Check after disabling -

Results of screen317's Security Check version 0.99.32
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Free Antivirus
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
CCleaner
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.2.202.233
Adobe Reader X (10.1.3)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

and here's the ComboFix Log

ComboFix 12-04-19.01 - Frank 04/19/2012 4:26.1.4 - x86
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.2815.2089 [GMT -4:00]
Running from: c:\users\Frank\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Frank\2134.rar
c:\users\Frank\2399.rar
c:\users\Frank\2401.rar
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\azmphh0x.default\searchplugins\bing-zugo.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-19 08:14 . 2012-04-19 08:14 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89395692-87E7-491A-9B4E-0943EF28B02B}\offreg.dll
2012-04-19 06:11 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89395692-87E7-491A-9B4E-0943EF28B02B}\mpengine.dll
2012-04-14 06:33 . 2012-04-14 06:33 -------- d--h--w- c:\programdata\Common Files
2012-04-14 06:33 . 2012-04-14 06:33 -------- d-----w- c:\users\Frank\AppData\Roaming\AVG2012
2012-04-14 06:32 . 2012-04-18 04:54 -------- d-----w- c:\programdata\AVG2012
2012-04-14 06:32 . 2012-04-14 06:32 -------- d-----w- c:\program files\AVG
2012-04-14 06:23 . 2012-04-14 06:23 -------- d-----w- c:\program files\Trend Micro
2012-04-14 06:23 . 2012-04-14 06:23 -------- d-----w- c:\users\Frank\AppData\Roaming\SUPERAntiSpyware.com
2012-04-14 06:23 . 2012-04-14 07:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-14 06:23 . 2012-04-14 06:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-14 06:20 . 2012-04-18 04:21 -------- d-----w- c:\programdata\MFAData
2012-04-14 02:04 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-14 02:04 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-14 02:04 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-14 02:04 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-14 02:04 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-14 02:04 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-14 02:03 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-14 02:03 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-14 02:03 . 2012-04-14 02:03 -------- d-----w- c:\programdata\AVAST Software
2012-04-14 02:03 . 2012-04-14 02:03 -------- d-----w- c:\program files\AVAST Software
2012-04-12 01:28 . 2012-04-19 07:50 -------- d-----w- c:\users\Frank\AppData\Roaming\Skype
2012-04-12 01:27 . 2012-04-12 01:27 -------- d-----w- c:\program files\Common Files\Skype
2012-04-12 01:27 . 2012-04-12 01:28 -------- d-----r- c:\program files\Skype
2012-04-12 01:27 . 2012-04-12 01:28 -------- d-----w- c:\programdata\Skype
2012-04-12 00:45 . 2012-04-12 00:45 -------- d-----w- c:\users\Frank\AppData\Local\SplitMediaLabs
2012-04-11 07:01 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 07:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 07:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 07:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 07:00 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 07:00 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 09:20 . 2012-04-10 09:20 -------- d-----w- c:\program files\CCleaner
2012-04-10 09:19 . 2012-04-10 09:20 -------- d-----w- c:\program files\Google
2012-04-09 15:22 . 2012-04-09 15:22 4916384 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-04-05 19:32 . 2012-04-14 09:32 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 18:34 . 2012-04-04 18:34 -------- d-----w- c:\program files\iPod
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 07:46 . 2012-04-10 09:30 -------- d-----w- c:\users\Frank\AppData\Roaming\Media Player Classic
2012-03-21 17:47 . 2012-04-04 18:34 -------- d-----w- c:\program files\iTunes
2012-03-21 01:17 . 2012-03-21 01:17 -------- d-----w- c:\users\Frank\AppData\Roaming\NVIDIA
2012-03-21 01:17 . 2012-03-21 01:17 -------- d-----w- c:\users\Frank\AppData\Roaming\cYo
2012-03-21 01:17 . 2012-03-21 01:17 -------- d-----w- c:\users\Frank\AppData\Local\cYo
2012-03-21 01:16 . 2012-03-21 01:17 -------- d-----w- c:\program files\ComicRack
2012-03-20 13:26 . 2012-04-12 13:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 09:32 . 2011-11-28 23:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2011-11-28 21:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 02:15 . 2011-11-29 23:52 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-22 09:25 . 2012-02-22 09:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-17 05:34 . 2012-03-13 17:45 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 17:45 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 17:45 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 16:36 . 2012-02-10 16:37 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B84AEE4-1EDB-4917-BE4E-3BDF60A2F487}\gapaengine.dll
2012-02-10 05:38 . 2012-03-13 19:27 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 04:13 . 2012-02-25 07:09 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-02-25 07:09 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2012-02-25 07:09 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-02-25 07:09 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-02-25 07:09 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-25 07:09 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-10 04:13 . 2012-02-25 07:09 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2012-02-25 07:09 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2012-02-25 07:09 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:13 . 2011-05-21 11:01 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2011-05-21 11:01 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 04:13 . 2009-07-13 22:09 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 03:02 . 2011-11-28 20:45 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-11-28 20:45 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-11-28 20:45 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-11-28 20:45 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:00 . 2011-11-28 20:45 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 01:05 . 2012-02-10 01:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-09 03:59 . 2012-02-21 21:33 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-02-09 03:59 . 2012-02-21 21:33 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54 . 2012-03-13 19:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-11-28 19:48 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 08:46 . 2012-01-31 08:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-01-25 05:32 . 2012-03-13 17:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-13 17:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-13 17:45 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 04:39 . 2012-04-16 07:15 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2012-02-29 4321112]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 12:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-12-15 03:07 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-04-14 06:25 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 136176]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 09:32]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 09:19]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 09:19]
.
2012-04-19 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-04-14 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-11-28 12:17]
.
2012-04-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7e2da4ca-e456-4f82-ab92-4efcdf6b5145.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-04-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c52329c9-3ff6-483b-9705-87eb25a87230.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\azmphh0x.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(general.useragent.extra.brc,
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.funmoods_i.hmpg, true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-19 04:40:30
ComboFix-quarantined-files.txt 2012-04-19 08:40
ComboFix2.txt 2011-11-27 07:50
.
Pre-Run: 86,892,027,904 bytes free
Post-Run: 87,720,497,152 bytes free
.
- - End Of File - - 1BFF3A0709BDE020959B466A251D1ED7


Nothing has changed as of yet with my computer.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 PM

Posted 19 April 2012 - 05:28 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Zhang_1888

Zhang_1888
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 19 April 2012 - 01:04 PM

Hey Gringo_Pr! Here's my next set of logs -

10:03:20.0788 7976 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
10:03:21.0179 7976 ============================================================
10:03:21.0179 7976 Current date / time: 2012/04/19 10:03:21.0179
10:03:21.0179 7976 SystemInfo:
10:03:21.0179 7976
10:03:21.0179 7976 OS Version: 6.1.7601 ServicePack: 1.0
10:03:21.0179 7976 Product type: Workstation
10:03:21.0179 7976 ComputerName: FRANK-PC
10:03:21.0180 7976 UserName: Frank
10:03:21.0180 7976 Windows directory: C:\Windows
10:03:21.0180 7976 System windows directory: C:\Windows
10:03:21.0180 7976 Processor architecture: Intel x86
10:03:21.0180 7976 Number of processors: 4
10:03:21.0180 7976 Page size: 0x1000
10:03:21.0180 7976 Boot type: Normal boot
10:03:21.0180 7976 ============================================================
10:03:23.0814 7976 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:03:23.0946 7976 \Device\Harddisk0\DR0:
10:03:23.0946 7976 MBR partitions:
10:03:23.0946 7976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
10:03:24.0054 7976 C: <-> \Device\Harddisk0\DR0\Partition0
10:03:24.0195 7976 Initialize success
10:03:24.0195 7976 ============================================================
10:03:28.0455 6156 ============================================================
10:03:28.0455 6156 Scan started
10:03:28.0455 6156 Mode: Manual;
10:03:28.0455 6156 ============================================================
10:03:30.0652 6156 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:03:30.0656 6156 1394ohci - ok
10:03:30.0711 6156 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:03:30.0715 6156 ACPI - ok
10:03:30.0732 6156 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:03:30.0733 6156 AcpiPmi - ok
10:03:30.0816 6156 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:03:30.0819 6156 AdobeARMservice - ok
10:03:30.0890 6156 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:03:30.0895 6156 AdobeFlashPlayerUpdateSvc - ok
10:03:30.0952 6156 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:03:30.0959 6156 adp94xx - ok
10:03:30.0998 6156 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:03:31.0003 6156 adpahci - ok
10:03:31.0026 6156 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:03:31.0029 6156 adpu320 - ok
10:03:31.0074 6156 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
10:03:31.0076 6156 AeLookupSvc - ok
10:03:31.0144 6156 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:03:31.0150 6156 AFD - ok
10:03:31.0182 6156 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:03:31.0185 6156 agp440 - ok
10:03:31.0229 6156 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:03:31.0231 6156 aic78xx - ok
10:03:31.0272 6156 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
10:03:31.0274 6156 ALG - ok
10:03:31.0297 6156 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:03:31.0298 6156 aliide - ok
10:03:31.0318 6156 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:03:31.0320 6156 amdagp - ok
10:03:31.0336 6156 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:03:31.0337 6156 amdide - ok
10:03:31.0364 6156 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:03:31.0366 6156 AmdK8 - ok
10:03:31.0379 6156 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:03:31.0381 6156 AmdPPM - ok
10:03:31.0403 6156 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:03:31.0405 6156 amdsata - ok
10:03:31.0419 6156 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:03:31.0422 6156 amdsbs - ok
10:03:31.0444 6156 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:03:31.0446 6156 amdxata - ok
10:03:31.0486 6156 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:03:31.0489 6156 AppID - ok
10:03:31.0526 6156 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
10:03:31.0528 6156 AppIDSvc - ok
10:03:31.0566 6156 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
10:03:31.0567 6156 Appinfo - ok
10:03:31.0653 6156 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:03:31.0657 6156 Apple Mobile Device - ok
10:03:31.0716 6156 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:03:31.0719 6156 arc - ok
10:03:31.0731 6156 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:03:31.0734 6156 arcsas - ok
10:03:31.0829 6156 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:03:31.0878 6156 aspnet_state - ok
10:03:31.0929 6156 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
10:03:31.0931 6156 aswFsBlk - ok
10:03:31.0946 6156 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
10:03:31.0948 6156 aswMonFlt - ok
10:03:31.0967 6156 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys
10:03:31.0969 6156 aswRdr - ok
10:03:32.0007 6156 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
10:03:32.0041 6156 aswSnx - ok
10:03:32.0072 6156 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
10:03:32.0078 6156 aswSP - ok
10:03:32.0103 6156 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
10:03:32.0105 6156 aswTdi - ok
10:03:32.0142 6156 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:03:32.0144 6156 AsyncMac - ok
10:03:32.0176 6156 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:03:32.0178 6156 atapi - ok
10:03:32.0224 6156 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:03:32.0228 6156 AudioEndpointBuilder - ok
10:03:32.0324 6156 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:03:32.0327 6156 Audiosrv - ok
10:03:32.0419 6156 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:03:32.0420 6156 avast! Antivirus - ok
10:03:32.0462 6156 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
10:03:32.0465 6156 AxInstSV - ok
10:03:32.0511 6156 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:03:32.0519 6156 b06bdrv - ok
10:03:32.0542 6156 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:03:32.0548 6156 b57nd60x - ok
10:03:32.0598 6156 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
10:03:32.0601 6156 BDESVC - ok
10:03:32.0629 6156 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:03:32.0631 6156 Beep - ok
10:03:32.0684 6156 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
10:03:32.0687 6156 BFE - ok
10:03:32.0745 6156 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
10:03:32.0792 6156 BITS - ok
10:03:32.0886 6156 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:03:32.0888 6156 blbdrive - ok
10:03:32.0946 6156 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:03:32.0953 6156 Bonjour Service - ok
10:03:33.0016 6156 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:03:33.0020 6156 bowser - ok
10:03:33.0042 6156 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:03:33.0044 6156 BrFiltLo - ok
10:03:33.0087 6156 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:03:33.0130 6156 BrFiltUp - ok
10:03:33.0162 6156 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
10:03:33.0165 6156 BridgeMP - ok
10:03:33.0250 6156 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
10:03:33.0252 6156 Browser - ok
10:03:33.0297 6156 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:03:33.0354 6156 Brserid - ok
10:03:33.0375 6156 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:03:33.0378 6156 BrSerWdm - ok
10:03:33.0398 6156 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:03:33.0400 6156 BrUsbMdm - ok
10:03:33.0418 6156 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:03:33.0420 6156 BrUsbSer - ok
10:03:33.0503 6156 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:03:33.0505 6156 BTHMODEM - ok
10:03:33.0558 6156 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
10:03:33.0575 6156 bthserv - ok
10:03:33.0666 6156 catchme - ok
10:03:33.0768 6156 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:03:33.0771 6156 cdfs - ok
10:03:33.0793 6156 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
10:03:33.0797 6156 cdrom - ok
10:03:33.0843 6156 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:03:33.0845 6156 CertPropSvc - ok
10:03:33.0859 6156 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:03:33.0861 6156 circlass - ok
10:03:33.0930 6156 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:03:33.0936 6156 CLFS - ok
10:03:34.0000 6156 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:03:34.0017 6156 clr_optimization_v2.0.50727_32 - ok
10:03:34.0100 6156 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:03:34.0149 6156 clr_optimization_v4.0.30319_32 - ok
10:03:34.0221 6156 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:03:34.0225 6156 CmBatt - ok
10:03:34.0266 6156 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:03:34.0268 6156 cmdide - ok
10:03:34.0317 6156 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
10:03:34.0324 6156 CNG - ok
10:03:34.0375 6156 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:03:34.0378 6156 Compbatt - ok
10:03:34.0414 6156 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:03:34.0416 6156 CompositeBus - ok
10:03:34.0429 6156 COMSysApp - ok
10:03:34.0455 6156 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:03:34.0458 6156 crcdisk - ok
10:03:34.0505 6156 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
10:03:34.0507 6156 CryptSvc - ok
10:03:34.0551 6156 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:03:34.0577 6156 DcomLaunch - ok
10:03:34.0634 6156 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
10:03:34.0639 6156 defragsvc - ok
10:03:34.0713 6156 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:03:34.0716 6156 DfsC - ok
10:03:34.0760 6156 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
10:03:34.0763 6156 Dhcp - ok
10:03:34.0823 6156 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:03:34.0826 6156 discache - ok
10:03:34.0844 6156 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:03:34.0848 6156 Disk - ok
10:03:34.0901 6156 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
10:03:34.0903 6156 Dnscache - ok
10:03:34.0969 6156 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
10:03:34.0975 6156 dot3svc - ok
10:03:35.0062 6156 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
10:03:35.0066 6156 DPS - ok
10:03:35.0129 6156 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:03:35.0131 6156 drmkaud - ok
10:03:35.0310 6156 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:03:35.0323 6156 DXGKrnl - ok
10:03:35.0369 6156 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
10:03:35.0372 6156 EapHost - ok
10:03:35.0825 6156 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:03:36.0028 6156 ebdrv - ok
10:03:36.0162 6156 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
10:03:36.0166 6156 EFS - ok
10:03:36.0256 6156 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
10:03:36.0259 6156 ElbyCDIO - ok
10:03:36.0325 6156 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:03:36.0416 6156 elxstor - ok
10:03:36.0472 6156 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:03:36.0473 6156 ErrDev - ok
10:03:36.0527 6156 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
10:03:36.0530 6156 EventSystem - ok
10:03:36.0575 6156 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:03:36.0611 6156 exfat - ok
10:03:36.0726 6156 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:03:36.0730 6156 fastfat - ok
10:03:36.0779 6156 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
10:03:36.0783 6156 Fax - ok
10:03:36.0807 6156 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:03:36.0809 6156 fdc - ok
10:03:36.0954 6156 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
10:03:36.0958 6156 fdPHost - ok
10:03:37.0078 6156 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
10:03:37.0081 6156 FDResPub - ok
10:03:37.0103 6156 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:03:37.0106 6156 FileInfo - ok
10:03:37.0120 6156 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:03:37.0122 6156 Filetrace - ok
10:03:37.0197 6156 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:03:37.0209 6156 FLEXnet Licensing Service - ok
10:03:37.0240 6156 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:03:37.0241 6156 flpydisk - ok
10:03:37.0307 6156 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:03:37.0311 6156 FltMgr - ok
10:03:37.0397 6156 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
10:03:37.0431 6156 FontCache - ok
10:03:37.0530 6156 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:03:37.0535 6156 FontCache3.0.0.0 - ok
10:03:37.0593 6156 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:03:37.0595 6156 FsDepends - ok
10:03:37.0662 6156 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
10:03:37.0664 6156 Fs_Rec - ok
10:03:37.0702 6156 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:03:37.0706 6156 fvevol - ok
10:03:37.0728 6156 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:03:37.0731 6156 gagp30kx - ok
10:03:37.0766 6156 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:03:37.0769 6156 GEARAspiWDM - ok
10:03:37.0836 6156 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
10:03:37.0878 6156 gpsvc - ok
10:03:37.0963 6156 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:03:37.0966 6156 gupdate - ok
10:03:37.0973 6156 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:03:37.0974 6156 gupdatem - ok
10:03:38.0032 6156 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:03:38.0034 6156 hcw85cir - ok
10:03:38.0073 6156 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:03:38.0078 6156 HdAudAddService - ok
10:03:38.0094 6156 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:03:38.0097 6156 HDAudBus - ok
10:03:38.0121 6156 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:03:38.0123 6156 HidBatt - ok
10:03:38.0144 6156 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:03:38.0147 6156 HidBth - ok
10:03:38.0167 6156 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:03:38.0169 6156 HidIr - ok
10:03:38.0206 6156 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
10:03:38.0209 6156 hidserv - ok
10:03:38.0231 6156 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
10:03:38.0232 6156 HidUsb - ok
10:03:38.0273 6156 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
10:03:38.0276 6156 hkmsvc - ok
10:03:38.0320 6156 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
10:03:38.0327 6156 HomeGroupListener - ok
10:03:38.0372 6156 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
10:03:38.0379 6156 HomeGroupProvider - ok
10:03:38.0430 6156 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:03:38.0442 6156 HpSAMD - ok
10:03:38.0493 6156 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:03:38.0501 6156 HTTP - ok
10:03:38.0542 6156 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:03:38.0544 6156 hwpolicy - ok
10:03:38.0577 6156 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:03:38.0580 6156 i8042prt - ok
10:03:38.0608 6156 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:03:38.0616 6156 iaStorV - ok
10:03:38.0758 6156 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:03:38.0818 6156 idsvc - ok
10:03:38.0861 6156 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:03:38.0863 6156 iirsp - ok
10:03:38.0916 6156 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
10:03:38.0923 6156 IKEEXT - ok
10:03:38.0956 6156 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:03:38.0958 6156 intelide - ok
10:03:38.0978 6156 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:03:38.0980 6156 intelppm - ok
10:03:39.0006 6156 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
10:03:39.0011 6156 IPBusEnum - ok
10:03:39.0073 6156 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:03:39.0075 6156 IpFilterDriver - ok
10:03:39.0119 6156 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
10:03:39.0130 6156 iphlpsvc - ok
10:03:39.0165 6156 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:03:39.0167 6156 IPMIDRV - ok
10:03:39.0192 6156 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:03:39.0196 6156 IPNAT - ok
10:03:39.0249 6156 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
10:03:39.0282 6156 iPod Service - ok
10:03:39.0317 6156 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:03:39.0319 6156 IRENUM - ok
10:03:39.0347 6156 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:03:39.0349 6156 isapnp - ok
10:03:39.0375 6156 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:03:39.0381 6156 iScsiPrt - ok
10:03:39.0412 6156 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
10:03:39.0414 6156 kbdclass - ok
10:03:39.0430 6156 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
10:03:39.0432 6156 kbdhid - ok
10:03:39.0460 6156 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:03:39.0463 6156 KeyIso - ok
10:03:39.0481 6156 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
10:03:39.0483 6156 KSecDD - ok
10:03:39.0503 6156 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
10:03:39.0507 6156 KSecPkg - ok
10:03:39.0553 6156 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
10:03:39.0562 6156 KtmRm - ok
10:03:39.0673 6156 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
10:03:39.0679 6156 LanmanServer - ok
10:03:39.0778 6156 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
10:03:39.0799 6156 LanmanWorkstation - ok
10:03:39.0887 6156 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:03:39.0889 6156 lltdio - ok
10:03:39.0937 6156 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
10:03:39.0943 6156 lltdsvc - ok
10:03:39.0967 6156 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
10:03:39.0971 6156 lmhosts - ok
10:03:40.0008 6156 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:03:40.0010 6156 LSI_FC - ok
10:03:40.0031 6156 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:03:40.0034 6156 LSI_SAS - ok
10:03:40.0056 6156 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:03:40.0058 6156 LSI_SAS2 - ok
10:03:40.0080 6156 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:03:40.0211 6156 LSI_SCSI - ok
10:03:40.0261 6156 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:03:40.0263 6156 luafv - ok
10:03:40.0304 6156 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
10:03:40.0306 6156 MBAMProtector - ok
10:03:40.0386 6156 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:03:40.0414 6156 MBAMService - ok
10:03:40.0465 6156 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
10:03:40.0468 6156 MBAMSwissArmy - ok
10:03:40.0508 6156 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:03:40.0510 6156 megasas - ok
10:03:40.0536 6156 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:03:40.0541 6156 MegaSR - ok
10:03:40.0587 6156 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:03:40.0591 6156 MMCSS - ok
10:03:40.0620 6156 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:03:40.0632 6156 Modem - ok
10:03:40.0660 6156 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:03:40.0662 6156 monitor - ok
10:03:40.0695 6156 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:03:40.0698 6156 mouclass - ok
10:03:40.0711 6156 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:03:40.0714 6156 mouhid - ok
10:03:40.0783 6156 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:03:40.0823 6156 mountmgr - ok
10:03:40.0909 6156 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
10:03:40.0912 6156 MpFilter - ok
10:03:40.0936 6156 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:03:40.0940 6156 mpio - ok
10:03:40.0959 6156 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
10:03:40.0961 6156 MpNWMon - ok
10:03:41.0017 6156 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:03:41.0029 6156 mpsdrv - ok
10:03:41.0083 6156 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
10:03:41.0089 6156 MpsSvc - ok
10:03:41.0138 6156 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:03:41.0142 6156 MRxDAV - ok
10:03:41.0184 6156 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:03:41.0187 6156 mrxsmb - ok
10:03:41.0211 6156 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:03:41.0217 6156 mrxsmb10 - ok
10:03:41.0264 6156 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:03:41.0267 6156 mrxsmb20 - ok
10:03:41.0300 6156 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:03:41.0301 6156 msahci - ok
10:03:41.0325 6156 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:03:41.0372 6156 msdsm - ok
10:03:41.0433 6156 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
10:03:41.0441 6156 MSDTC - ok
10:03:41.0497 6156 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:03:41.0499 6156 Msfs - ok
10:03:41.0516 6156 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:03:41.0518 6156 mshidkmdf - ok
10:03:41.0532 6156 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:03:41.0534 6156 msisadrv - ok
10:03:41.0575 6156 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
10:03:41.0580 6156 MSiSCSI - ok
10:03:41.0591 6156 msiserver - ok
10:03:41.0625 6156 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:03:41.0639 6156 MSKSSRV - ok
10:03:41.0712 6156 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
10:03:41.0713 6156 MsMpSvc - ok
10:03:41.0751 6156 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:03:41.0753 6156 MSPCLOCK - ok
10:03:41.0796 6156 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:03:41.0798 6156 MSPQM - ok
10:03:41.0827 6156 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:03:41.0831 6156 MsRPC - ok
10:03:41.0863 6156 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:03:41.0864 6156 mssmbios - ok
10:03:41.0886 6156 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:03:41.0888 6156 MSTEE - ok
10:03:41.0919 6156 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:03:41.0921 6156 MTConfig - ok
10:03:41.0946 6156 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:03:41.0948 6156 Mup - ok
10:03:41.0999 6156 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
10:03:42.0005 6156 napagent - ok
10:03:42.0109 6156 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:03:42.0116 6156 NativeWifiP - ok
10:03:42.0151 6156 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:03:42.0162 6156 NDIS - ok
10:03:42.0184 6156 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:03:42.0186 6156 NdisCap - ok
10:03:42.0215 6156 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:03:42.0217 6156 NdisTapi - ok
10:03:42.0260 6156 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:03:42.0262 6156 Ndisuio - ok
10:03:42.0283 6156 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:03:42.0287 6156 NdisWan - ok
10:03:42.0331 6156 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:03:42.0333 6156 NDProxy - ok
10:03:42.0353 6156 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:03:42.0356 6156 NetBIOS - ok
10:03:42.0423 6156 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:03:42.0428 6156 NetBT - ok
10:03:42.0458 6156 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:03:42.0462 6156 Netlogon - ok
10:03:42.0506 6156 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
10:03:42.0511 6156 Netman - ok
10:03:42.0583 6156 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:03:42.0603 6156 NetMsmqActivator - ok
10:03:42.0618 6156 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:03:42.0620 6156 NetPipeActivator - ok
10:03:42.0665 6156 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
10:03:42.0671 6156 netprofm - ok
10:03:42.0679 6156 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:03:42.0681 6156 NetTcpActivator - ok
10:03:42.0686 6156 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:03:42.0688 6156 NetTcpPortSharing - ok
10:03:42.0759 6156 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:03:42.0762 6156 nfrd960 - ok
10:03:42.0805 6156 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:03:42.0807 6156 NisDrv - ok
10:03:42.0847 6156 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
10:03:42.0852 6156 NisSrv - ok
10:03:42.0901 6156 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
10:03:42.0906 6156 NlaSvc - ok
10:03:42.0977 6156 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:03:42.0979 6156 Npfs - ok
10:03:43.0022 6156 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
10:03:43.0035 6156 nsi - ok
10:03:43.0081 6156 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:03:43.0082 6156 nsiproxy - ok
10:03:43.0161 6156 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:03:43.0212 6156 Ntfs - ok
10:03:43.0235 6156 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:03:43.0237 6156 Null - ok
10:03:43.0290 6156 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
10:03:43.0296 6156 NVENETFD - ok
10:03:43.0589 6156 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:03:43.0792 6156 nvlddmkm - ok
10:03:43.0833 6156 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:03:43.0836 6156 nvraid - ok
10:03:43.0863 6156 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:03:43.0865 6156 nvstor - ok
10:03:43.0938 6156 nvsvc (70145ade9efe2ce296dd5fc761b4969b) C:\Windows\system32\nvvsvc.exe
10:03:43.0980 6156 nvsvc - ok
10:03:44.0141 6156 nvUpdatusService (d3acc38a963b71bd4d2dfdc1050219b9) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:03:44.0234 6156 nvUpdatusService - ok
10:03:44.0266 6156 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:03:44.0269 6156 nv_agp - ok
10:03:44.0338 6156 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:03:44.0349 6156 odserv - ok
10:03:44.0398 6156 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:03:44.0400 6156 ohci1394 - ok
10:03:44.0422 6156 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:03:44.0427 6156 ose - ok
10:03:44.0480 6156 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:03:44.0496 6156 p2pimsvc - ok
10:03:44.0543 6156 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
10:03:44.0552 6156 p2psvc - ok
10:03:44.0592 6156 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:03:44.0595 6156 Parport - ok
10:03:44.0632 6156 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
10:03:44.0635 6156 partmgr - ok
10:03:44.0662 6156 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:03:44.0664 6156 Parvdm - ok
10:03:44.0690 6156 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
10:03:44.0741 6156 PcaSvc - ok
10:03:44.0774 6156 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:03:44.0778 6156 pci - ok
10:03:44.0799 6156 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:03:44.0801 6156 pciide - ok
10:03:44.0827 6156 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:03:44.0832 6156 pcmcia - ok
10:03:44.0851 6156 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:03:44.0854 6156 pcw - ok
10:03:44.0878 6156 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:03:44.0888 6156 PEAUTH - ok
10:03:44.0967 6156 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
10:03:45.0019 6156 pla - ok
10:03:45.0084 6156 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
10:03:45.0091 6156 PlugPlay - ok
10:03:45.0148 6156 PnkBstrA (831883b107684301f48ace752c963984) C:\Windows\system32\PnkBstrA.exe
10:03:45.0154 6156 PnkBstrA - ok
10:03:45.0191 6156 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
10:03:45.0196 6156 PNRPAutoReg - ok
10:03:45.0229 6156 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:03:45.0234 6156 PNRPsvc - ok
10:03:45.0260 6156 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
10:03:45.0268 6156 PolicyAgent - ok
10:03:45.0310 6156 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
10:03:45.0316 6156 Power - ok
10:03:45.0559 6156 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:03:45.0638 6156 PptpMiniport - ok
10:03:45.0658 6156 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:03:45.0661 6156 Processor - ok
10:03:45.0682 6156 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
10:03:45.0686 6156 ProfSvc - ok
10:03:45.0715 6156 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:03:45.0719 6156 ProtectedStorage - ok
10:03:45.0738 6156 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:03:45.0741 6156 Psched - ok
10:03:45.0808 6156 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:03:45.0842 6156 ql2300 - ok
10:03:45.0868 6156 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:03:45.0936 6156 ql40xx - ok
10:03:45.0987 6156 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
10:03:45.0995 6156 QWAVE - ok
10:03:46.0018 6156 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:03:46.0021 6156 QWAVEdrv - ok
10:03:46.0043 6156 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:03:46.0045 6156 RasAcd - ok
10:03:46.0083 6156 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:03:46.0085 6156 RasAgileVpn - ok
10:03:46.0101 6156 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
10:03:46.0107 6156 RasAuto - ok
10:03:46.0129 6156 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:03:46.0132 6156 Rasl2tp - ok
10:03:46.0174 6156 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
10:03:46.0199 6156 RasMan - ok
10:03:46.0223 6156 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:03:46.0225 6156 RasPppoe - ok
10:03:46.0245 6156 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:03:46.0248 6156 RasSstp - ok
10:03:46.0306 6156 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:03:46.0312 6156 rdbss - ok
10:03:46.0375 6156 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:03:46.0399 6156 rdpbus - ok
10:03:46.0437 6156 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:03:46.0439 6156 RDPCDD - ok
10:03:46.0457 6156 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:03:46.0459 6156 RDPENCDD - ok
10:03:46.0479 6156 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:03:46.0481 6156 RDPREFMP - ok
10:03:46.0527 6156 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
10:03:46.0531 6156 RDPWD - ok
10:03:46.0570 6156 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:03:46.0574 6156 rdyboost - ok
10:03:46.0603 6156 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
10:03:46.0608 6156 RemoteAccess - ok
10:03:46.0646 6156 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
10:03:46.0652 6156 RemoteRegistry - ok
10:03:46.0671 6156 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
10:03:46.0675 6156 RpcEptMapper - ok
10:03:46.0729 6156 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
10:03:46.0732 6156 RpcLocator - ok
10:03:46.0778 6156 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:03:46.0785 6156 RpcSs - ok
10:03:46.0847 6156 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:03:46.0850 6156 rspndr - ok
10:03:46.0873 6156 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:03:46.0876 6156 SamSs - ok
10:03:46.0941 6156 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:03:46.0944 6156 SASDIFSV - ok
10:03:46.0978 6156 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:03:46.0982 6156 SASKUTIL - ok
10:03:47.0016 6156 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:03:47.0058 6156 sbp2port - ok
10:03:47.0123 6156 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
10:03:47.0130 6156 SCardSvr - ok
10:03:47.0194 6156 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:03:47.0196 6156 scfilter - ok
10:03:47.0254 6156 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
10:03:47.0288 6156 Schedule - ok
10:03:47.0328 6156 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:03:47.0330 6156 SCPolicySvc - ok
10:03:47.0373 6156 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
10:03:47.0380 6156 SDRSVC - ok
10:03:47.0416 6156 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:03:47.0419 6156 secdrv - ok
10:03:47.0457 6156 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
10:03:47.0462 6156 seclogon - ok
10:03:47.0481 6156 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
10:03:47.0485 6156 SENS - ok
10:03:47.0519 6156 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
10:03:47.0525 6156 SensrSvc - ok
10:03:47.0545 6156 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:03:47.0547 6156 Serenum - ok
10:03:47.0559 6156 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:03:47.0562 6156 Serial - ok
10:03:47.0605 6156 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:03:47.0607 6156 sermouse - ok
10:03:47.0669 6156 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
10:03:47.0674 6156 SessionEnv - ok
10:03:47.0731 6156 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:03:47.0733 6156 sffdisk - ok
10:03:47.0746 6156 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:03:47.0748 6156 sffp_mmc - ok
10:03:47.0774 6156 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:03:47.0775 6156 sffp_sd - ok
10:03:47.0800 6156 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:03:47.0802 6156 sfloppy - ok
10:03:47.0888 6156 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
10:03:47.0896 6156 SharedAccess - ok
10:03:47.0949 6156 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
10:03:47.0956 6156 ShellHWDetection - ok
10:03:48.0002 6156 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:03:48.0004 6156 sisagp - ok
10:03:48.0025 6156 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:03:48.0028 6156 SiSRaid2 - ok
10:03:48.0051 6156 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:03:48.0055 6156 SiSRaid4 - ok
10:03:48.0232 6156 Skype C2C Service (192d93ee7ae6a3c599c96cd8d736e914) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:03:48.0340 6156 Skype C2C Service - ok
10:03:48.0397 6156 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
10:03:48.0402 6156 SkypeUpdate - ok
10:03:48.0506 6156 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:03:48.0508 6156 Smb - ok
10:03:48.0565 6156 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
10:03:48.0570 6156 SNMPTRAP - ok
10:03:48.0607 6156 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:03:48.0609 6156 spldr - ok
10:03:48.0658 6156 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
10:03:48.0668 6156 Spooler - ok
10:03:48.0785 6156 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
10:03:48.0843 6156 sppsvc - ok
10:03:48.0886 6156 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
10:03:48.0891 6156 sppuinotify - ok
10:03:48.0942 6156 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:03:48.0948 6156 srv - ok
10:03:48.0974 6156 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:03:48.0980 6156 srv2 - ok
10:03:49.0002 6156 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:03:49.0006 6156 srvnet - ok
10:03:49.0067 6156 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
10:03:49.0073 6156 SSDPSRV - ok
10:03:49.0110 6156 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
10:03:49.0117 6156 SstpSvc - ok
10:03:49.0154 6156 Steam Client Service - ok
10:03:49.0242 6156 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:03:49.0248 6156 Stereo Service - ok
10:03:49.0313 6156 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:03:49.0315 6156 stexstor - ok
10:03:49.0342 6156 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
10:03:49.0343 6156 StillCam - ok
10:03:49.0394 6156 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
10:03:49.0428 6156 StiSvc - ok
10:03:49.0452 6156 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:03:49.0454 6156 swenum - ok
10:03:49.0499 6156 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
10:03:49.0509 6156 swprv - ok
10:03:49.0582 6156 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
10:03:49.0650 6156 SysMain - ok
10:03:49.0675 6156 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
10:03:49.0742 6156 TabletInputService - ok
10:03:49.0786 6156 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
10:03:49.0794 6156 TapiSrv - ok
10:03:49.0861 6156 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
10:03:49.0870 6156 TBS - ok
10:03:49.0950 6156 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
10:03:49.0975 6156 Tcpip - ok
10:03:50.0024 6156 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
10:03:50.0031 6156 TCPIP6 - ok
10:03:50.0093 6156 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:03:50.0095 6156 tcpipreg - ok
10:03:50.0139 6156 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:03:50.0141 6156 TDPIPE - ok
10:03:50.0181 6156 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
10:03:50.0183 6156 TDTCP - ok
10:03:50.0230 6156 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:03:50.0233 6156 tdx - ok
10:03:50.0258 6156 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:03:50.0260 6156 TermDD - ok
10:03:50.0308 6156 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
10:03:50.0316 6156 TermService - ok
10:03:50.0448 6156 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
10:03:50.0453 6156 Themes - ok
10:03:50.0499 6156 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:03:50.0502 6156 THREADORDER - ok
10:03:50.0551 6156 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
10:03:50.0556 6156 TrkWks - ok
10:03:50.0615 6156 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
10:03:50.0620 6156 TrustedInstaller - ok
10:03:50.0650 6156 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:03:50.0652 6156 tssecsrv - ok
10:03:50.0721 6156 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:03:50.0724 6156 TsUsbFlt - ok
10:03:50.0772 6156 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:03:50.0775 6156 tunnel - ok
10:03:50.0818 6156 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:03:50.0821 6156 uagp35 - ok
10:03:50.0864 6156 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:03:50.0869 6156 udfs - ok
10:03:50.0918 6156 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
10:03:50.0924 6156 UI0Detect - ok
10:03:50.0988 6156 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:03:50.0991 6156 uliagpkx - ok
10:03:51.0021 6156 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
10:03:51.0037 6156 umbus - ok
10:03:51.0081 6156 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:03:51.0083 6156 UmPass - ok
10:03:51.0131 6156 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
10:03:51.0141 6156 upnphost - ok
10:03:51.0195 6156 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:03:51.0199 6156 usbccgp - ok
10:03:51.0217 6156 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:03:51.0220 6156 usbcir - ok
10:03:51.0243 6156 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:03:51.0245 6156 usbehci - ok
10:03:51.0265 6156 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:03:51.0271 6156 usbhub - ok
10:03:51.0293 6156 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
10:03:51.0295 6156 usbohci - ok
10:03:51.0430 6156 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:03:51.0468 6156 usbprint - ok
10:03:51.0577 6156 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
10:03:51.0579 6156 usbscan - ok
10:03:51.0606 6156 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:03:51.0608 6156 USBSTOR - ok
10:03:51.0648 6156 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
10:03:51.0650 6156 usbuhci - ok
10:03:51.0686 6156 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
10:03:51.0691 6156 UxSms - ok
10:03:51.0762 6156 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:03:51.0765 6156 VaultSvc - ok
10:03:51.0798 6156 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
10:03:51.0800 6156 VClone - ok
10:03:51.0819 6156 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:03:51.0821 6156 vdrvroot - ok
10:03:51.0872 6156 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
10:03:51.0889 6156 vds - ok
10:03:51.0930 6156 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:03:51.0933 6156 vga - ok
10:03:51.0961 6156 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:03:51.0964 6156 VgaSave - ok
10:03:51.0991 6156 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:03:51.0995 6156 vhdmp - ok
10:03:52.0014 6156 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:03:52.0017 6156 viaagp - ok
10:03:52.0058 6156 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:03:52.0061 6156 ViaC7 - ok
10:03:52.0089 6156 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:03:52.0091 6156 viaide - ok
10:03:52.0109 6156 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:03:52.0111 6156 volmgr - ok
10:03:52.0135 6156 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:03:52.0140 6156 volmgrx - ok
10:03:52.0182 6156 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:03:52.0187 6156 volsnap - ok
10:03:52.0233 6156 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:03:52.0237 6156 vsmraid - ok
10:03:52.0302 6156 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
10:03:52.0333 6156 VSS - ok
10:03:52.0354 6156 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
10:03:52.0356 6156 vwifibus - ok
10:03:52.0395 6156 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
10:03:52.0401 6156 W32Time - ok
10:03:52.0427 6156 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:03:52.0430 6156 WacomPen - ok
10:03:52.0474 6156 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:03:52.0477 6156 WANARP - ok
10:03:52.0491 6156 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:03:52.0492 6156 Wanarpv6 - ok
10:03:52.0552 6156 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
10:03:52.0586 6156 wbengine - ok
10:03:52.0643 6156 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
10:03:52.0699 6156 WbioSrvc - ok
10:03:52.0745 6156 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
10:03:52.0755 6156 wcncsvc - ok
10:03:52.0769 6156 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
10:03:52.0776 6156 WcsPlugInService - ok
10:03:52.0830 6156 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:03:52.0833 6156 Wd - ok
10:03:52.0860 6156 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:03:52.0868 6156 Wdf01000 - ok
10:03:52.0892 6156 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:03:52.0898 6156 WdiServiceHost - ok
10:03:52.0909 6156 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:03:52.0914 6156 WdiSystemHost - ok
10:03:52.0959 6156 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
10:03:52.0976 6156 WebClient - ok
10:03:52.0996 6156 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
10:03:53.0004 6156 Wecsvc - ok
10:03:53.0100 6156 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
10:03:53.0105 6156 wercplsupport - ok
10:03:53.0186 6156 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
10:03:53.0191 6156 WerSvc - ok
10:03:53.0250 6156 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:03:53.0252 6156 WfpLwf - ok
10:03:53.0279 6156 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:03:53.0281 6156 WIMMount - ok
10:03:53.0362 6156 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
10:03:53.0395 6156 WinDefend - ok
10:03:53.0440 6156 WinHttpAutoProxySvc - ok
10:03:53.0514 6156 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
10:03:53.0520 6156 Winmgmt - ok
10:03:53.0591 6156 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
10:03:53.0604 6156 WinRM - ok
10:03:53.0723 6156 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
10:03:53.0789 6156 Wlansvc - ok
10:03:53.0861 6156 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:03:53.0863 6156 WmiAcpi - ok
10:03:53.0908 6156 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
10:03:53.0912 6156 wmiApSrv - ok
10:03:54.0016 6156 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:03:54.0042 6156 WMPNetworkSvc - ok
10:03:54.0086 6156 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
10:03:54.0103 6156 WPCSvc - ok
10:03:54.0150 6156 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
10:03:54.0159 6156 WPDBusEnum - ok
10:03:54.0202 6156 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:03:54.0204 6156 ws2ifsl - ok
10:03:54.0221 6156 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
10:03:54.0227 6156 wscsvc - ok
10:03:54.0250 6156 WSearch - ok
10:03:54.0362 6156 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
10:03:54.0422 6156 wuauserv - ok
10:03:54.0483 6156 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:03:54.0486 6156 WudfPf - ok
10:03:54.0564 6156 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:03:54.0567 6156 WUDFRd - ok
10:03:54.0595 6156 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
10:03:54.0603 6156 wudfsvc - ok
10:03:54.0654 6156 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
10:03:54.0662 6156 WwanSvc - ok
10:03:54.0716 6156 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:03:54.0741 6156 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
10:03:54.0741 6156 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
10:03:54.0744 6156 Boot (0x1200) (97e6c5b21e7d1c2d2ec8f47d996f5655) \Device\Harddisk0\DR0\Partition0
10:03:54.0745 6156 \Device\Harddisk0\DR0\Partition0 - ok
10:03:54.0746 6156 ============================================================
10:03:54.0746 6156 Scan finished
10:03:54.0746 6156 ============================================================
10:03:54.0826 8184 Detected object count: 1
10:03:54.0826 8184 Actual detected object count: 1
10:04:06.0450 8184 \Device\Harddisk0\DR0\# - copied to quarantine
10:04:06.0455 8184 \Device\Harddisk0\DR0 - copied to quarantine
10:04:07.0877 8184 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
10:04:07.0895 8184 \Device\Harddisk0\DR0 - ok
10:04:07.0895 8184 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
10:07:15.0063 7800 Deinitialize success


and the aswMBR -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 10:15:40
-----------------------------
10:15:40.976 OS Version: Windows 6.1.7601 Service Pack 1
10:15:40.976 Number of processors: 4 586 0xF0B
10:15:40.978 ComputerName: FRANK-PC UserName: Frank
10:15:42.215 Initialize success
10:15:42.288 AVAST engine defs: 12041900
10:15:43.596 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
10:15:43.599 Disk 0 Vendor: ST325041 3.AA Size: 238475MB BusType: 3
10:15:43.605 Disk 0 MBR read successfully
10:15:43.607 Disk 0 MBR scan
10:15:43.610 Disk 0 Windows XP default MBR code
10:15:43.613 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
10:15:43.619 Disk 0 scanning sectors +488376000
10:15:43.663 Disk 0 malicious Win32:MBRoot code @ sector 488376003 !
10:15:43.698 Disk 0 scanning C:\Windows\system32\drivers
10:15:50.287 Service scanning
10:15:57.131 Service MpKsla725a60f c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A8A667A1-C755-4957-9617-FB9FB5B1B971}\MpKsla725a60f.sys **LOCKED** 32
10:15:57.171 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
10:16:07.408 Modules scanning
10:16:16.646 Disk 0 trace - called modules:
10:16:16.663 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
10:16:16.668 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863b3420]
10:16:16.675 3 CLASSPNP.SYS[8b01759e] -> nt!IofCallDriver -> [0x8616f800]
10:16:16.680 5 ACPI.sys[8a8983d4] -> nt!IofCallDriver -> \Device\00000063[0x8616a030]
10:16:17.307 AVAST engine scan C:\Windows
10:16:21.341 AVAST engine scan C:\Windows\system32
10:19:04.324 AVAST engine scan C:\Windows\system32\drivers
10:19:20.484 AVAST engine scan C:\Users\Frank
10:24:44.139 AVAST engine scan C:\ProgramData
11:04:37.321 Scan finished successfully
14:00:12.479 Disk 0 MBR has been saved successfully to "C:\Users\Frank\Desktop\MBR.dat"
14:00:12.589 The log file has been saved successfully to "C:\Users\Frank\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 PM

Posted 19 April 2012 - 01:07 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\azmphh0x.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(general.useragent.extra.brc,
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.funmoods_i.hmpg, true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.autoDisableScopes - 14
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Zhang_1888

Zhang_1888
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 19 April 2012 - 01:34 PM

heres the new combofix log

ComboFix 12-04-19.01 - Frank 04/19/2012 14:20:05.2.4 - x86
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.2815.1039 [GMT -4:00]
Running from: c:\users\Frank\Desktop\ComboFix.exe
Command switches used :: c:\users\Frank\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-19 18:29 . 2012-04-19 18:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-19 18:29 . 2012-04-19 18:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-19 14:14 . 2012-04-19 14:14 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8A667A1-C755-4957-9617-FB9FB5B1B971}\MpKsla725a60f.sys
2012-04-19 14:09 . 2012-04-19 14:09 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8A667A1-C755-4957-9617-FB9FB5B1B971}\offreg.dll
2012-04-19 14:04 . 2012-04-19 14:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-19 09:09 . 2012-04-19 09:09 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-19 09:00 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8A667A1-C755-4957-9617-FB9FB5B1B971}\mpengine.dll
2012-04-19 08:37 . 2012-04-19 18:30 -------- d-----w- c:\users\Frank\AppData\Local\temp
2012-04-14 06:33 . 2012-04-14 06:33 -------- d--h--w- c:\programdata\Common Files
2012-04-14 06:33 . 2012-04-14 06:33 -------- d-----w- c:\users\Frank\AppData\Roaming\AVG2012
2012-04-14 06:32 . 2012-04-18 04:54 -------- d-----w- c:\programdata\AVG2012
2012-04-14 06:32 . 2012-04-14 06:32 -------- d-----w- c:\program files\AVG
2012-04-14 06:23 . 2012-04-14 06:23 -------- d-----w- c:\program files\Trend Micro
2012-04-14 06:23 . 2012-04-14 06:23 -------- d-----w- c:\users\Frank\AppData\Roaming\SUPERAntiSpyware.com
2012-04-14 06:23 . 2012-04-14 07:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-14 06:23 . 2012-04-14 06:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-14 06:20 . 2012-04-18 04:21 -------- d-----w- c:\programdata\MFAData
2012-04-14 02:04 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-14 02:04 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-14 02:04 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-14 02:04 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-14 02:04 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-14 02:04 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-14 02:03 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-14 02:03 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-14 02:03 . 2012-04-14 02:03 -------- d-----w- c:\programdata\AVAST Software
2012-04-14 02:03 . 2012-04-14 02:03 -------- d-----w- c:\program files\AVAST Software
2012-04-12 01:28 . 2012-04-19 18:22 -------- d-----w- c:\users\Frank\AppData\Roaming\Skype
2012-04-12 01:27 . 2012-04-12 01:27 -------- d-----w- c:\program files\Common Files\Skype
2012-04-12 01:27 . 2012-04-12 01:28 -------- d-----r- c:\program files\Skype
2012-04-12 01:27 . 2012-04-12 01:28 -------- d-----w- c:\programdata\Skype
2012-04-12 00:45 . 2012-04-12 00:45 -------- d-----w- c:\users\Frank\AppData\Local\SplitMediaLabs
2012-04-11 07:01 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 07:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 07:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 07:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 07:00 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 07:00 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 09:20 . 2012-04-10 09:20 -------- d-----w- c:\program files\CCleaner
2012-04-10 09:19 . 2012-04-10 09:20 -------- d-----w- c:\program files\Google
2012-04-09 15:22 . 2012-04-09 15:22 4916384 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-04-05 19:32 . 2012-04-14 09:32 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 18:34 . 2012-04-04 18:34 -------- d-----w- c:\program files\iPod
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 07:46 . 2012-04-10 09:30 -------- d-----w- c:\users\Frank\AppData\Roaming\Media Player Classic
2012-03-21 17:47 . 2012-04-04 18:34 -------- d-----w- c:\program files\iTunes
2012-03-21 01:17 . 2012-03-21 01:17 -------- d-----w- c:\users\Frank\AppData\Roaming\NVIDIA
2012-03-21 01:17 . 2012-03-21 01:17 -------- d-----w- c:\users\Frank\AppData\Roaming\cYo
2012-03-21 01:17 . 2012-03-21 01:17 -------- d-----w- c:\users\Frank\AppData\Local\cYo
2012-03-21 01:16 . 2012-03-21 01:17 -------- d-----w- c:\program files\ComicRack
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 09:32 . 2011-11-28 23:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2011-11-28 21:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 02:15 . 2011-11-29 23:52 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-22 09:25 . 2012-02-22 09:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-17 05:34 . 2012-03-13 17:45 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 17:45 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 17:45 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 16:36 . 2012-02-10 16:37 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B84AEE4-1EDB-4917-BE4E-3BDF60A2F487}\gapaengine.dll
2012-02-10 05:38 . 2012-03-13 19:27 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 04:13 . 2012-02-25 07:09 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-02-25 07:09 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2012-02-25 07:09 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-02-25 07:09 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-02-25 07:09 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-25 07:09 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-10 04:13 . 2012-02-25 07:09 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2012-02-25 07:09 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2012-02-25 07:09 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:13 . 2011-05-21 11:01 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2011-05-21 11:01 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 04:13 . 2009-07-13 22:09 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 03:02 . 2011-11-28 20:45 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-11-28 20:45 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-11-28 20:45 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-11-28 20:45 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:00 . 2011-11-28 20:45 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 01:05 . 2012-02-10 01:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-09 03:59 . 2012-02-21 21:33 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-02-09 03:59 . 2012-02-21 21:33 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54 . 2012-03-13 19:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-11-28 19:48 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 08:46 . 2012-01-31 08:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-01-25 05:32 . 2012-03-13 17:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-13 17:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-13 17:45 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 04:39 . 2012-04-16 07:15 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2012-02-29 4321112]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 12:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-12-15 03:07 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-04-14 06:25 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 136176]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-04-19 40776]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 MpKsla725a60f;MpKsla725a60f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8A667A1-C755-4957-9617-FB9FB5B1B971}\MpKsla725a60f.sys [2012-04-19 29904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSLA725A60F
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 09:32]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 09:19]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 09:19]
.
2012-04-19 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-04-14 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-11-28 12:17]
.
2012-04-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7e2da4ca-e456-4f82-ab92-4efcdf6b5145.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-04-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c52329c9-3ff6-483b-9705-87eb25a87230.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\azmphh0x.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: security.csp.enable - false
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-19 14:33:30
ComboFix-quarantined-files.txt 2012-04-19 18:33
ComboFix2.txt 2012-04-19 08:40
ComboFix3.txt 2011-11-27 07:50
.
Pre-Run: 88,558,399,488 bytes free
Post-Run: 88,497,811,456 bytes free
.
- - End Of File - - BED192B05DB58507E36703A90AE5D06C

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 PM

Posted 19 April 2012 - 02:22 PM

Hello

How are things running

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Zhang_1888

Zhang_1888
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 19 April 2012 - 02:25 PM

Things are running better but I'm not sure if the problem is gone. Still catching some lag in the browser that wasn't there before.


Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
CCleaner
CleanUp!
Combined Community Codec Pack 2011-11-11
ComicRack v0.9.153
Compatibility Pack for the 2007 Office system
DivX Setup
Download Updater (AOL LLC)
GOM PICKER
GOM Player
GOM Player + Ask Toolbar
GOM Player + Ask Toolbar Updater
GOM Video Converter
GOMTV Streamer
Google Chrome
Google Update Helper
HP Deskjet 3050A J611 series Basic Device Software
HP Deskjet 3050A J611 series Help
HP Deskjet 3050A J611 series Product Improvement Study
HP Photo Creations
HP Update
iTunes
Java Auto Updater
Java™ 6 Update 29
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 11.0 (x86 en-US)
NVIDIA 3D Vision Controller Driver 295.73
NVIDIA 3D Vision Driver 295.73
NVIDIA Control Panel 295.73
NVIDIA Graphics Driver 295.73
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0209
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.7.11
NVIDIA Update Components
Pando
PunkBuster Services
RapidShare Downloader version 5.0 Beta1
Rosetta Stone Version 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Skype Click to Call
Skype™ 5.8
StarCraft II
Steam
SUPERAntiSpyware
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
ViewSonic Monitor Drivers
VirtualCloneDrive
VLC media player 1.1.11
WinRAR 4.01 (32-bit)
XSplit

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 PM

Posted 19 April 2012 - 03:09 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Zhang_1888

Zhang_1888
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 19 April 2012 - 03:48 PM

The computer seems to be running ok right now.
Here are the logs -

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.19.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Frank :: FRANK-PC [administrator]

Protection: Enabled

4/19/2012 4:40:02 PM
mbam-log-2012-04-19 (16-40-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204501
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


and -

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:47:14 PM, on 4/19/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Frank\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: GomPicker - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files\GRETECH\GomPicker\GomPickerBHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN19E4312905PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
O4 - Startup: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk = ?
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6049 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 PM

Posted 19 April 2012 - 08:52 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 PM

Posted 22 April 2012 - 12:20 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Zhang_1888

Zhang_1888
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 23 April 2012 - 03:10 PM

Hey

My browser was still lagging very badly so I went ahead and ran the ESET Scan. Here are the results -

C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Process.exe.vir Win32/PrcView application cleaned by deleting - quarantined
C:\System Volume Information\_restore{3CF0E212-1E2D-41A1-8E98-E9122D36A34B}\RP1294\A0400779.exe Win32/PrcView application cleaned by deleting - quarantined
C:\System Volume Information\_restore{3CF0E212-1E2D-41A1-8E98-E9122D36A34B}\RP1301\A0402060.exe Win32/PrcView application cleaned by deleting - quarantined
C:\System Volume Information\_restore{3CF0E212-1E2D-41A1-8E98-E9122D36A34B}\RP1301\A0402063.exe Win32/Shutdown.NAA application cleaned by deleting - quarantined
C:\Users\Frank\Downloads\cnet2_ComboFix_exe(1).exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Frank\Downloads\cnet2_ComboFix_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Frank\Downloads\cnet2_SetupVirtualCloneDrive5450_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Frank\Downloads\cnet2_setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Frank\Downloads\InternationalPrimoPDF.exe Win32/OpenCandy application deleted - quarantined

I'm waiting to c if this has fixed anything. But it seems like this scan found a lot of stuff in my system.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 PM

Posted 23 April 2012 - 09:19 PM

Hello

The Eset scan did not find anything of note - a laggy browser normaly means you need to clean out the history and temp files


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users