Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili virus, can't find any solution


  • This topic is locked This topic is locked
16 replies to this topic

#1 etcetcetc

etcetcetc

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 27 April 2012 - 09:45 PM

Hey, just registered after being directed here from multiple sources.
I have had the happili virus for a while now. A few weeks ago, I realized that I had it, and I spent a lot of time trying to figure out how to get rid of it and ended up doing a system restore to before I thought I got it, and it was gone for about a week and a half (I thought it was gone for good). Now it is back.
I have run TDSS killer multiple times, malware bytez, and I have avast installed and have run that as well. I used a solution involving a flush.bat file and a temp file cleaner. I have run windows defender and ESET online scanner with nothing finding anything at all. I was planning on posting the results of that here, but I don't think I can without it finding anything..

I am using firefox and have windows 7 64 bit.

here is my DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Dr. Jocta at 22:40:06 on 2012-04-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.1910 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\BisonCam\DeLay.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Users\Dr. Jocta\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=bf
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {61539ecd-cc67-4437-a03c-9aaccbd14326} - No File
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [F.lux] "C:\Users\Dr. Jocta\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2196F551-339D-4B0F-AF90-9C1404743431} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E7D84933-A245-40AD-8C1B-7836D93D23E7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E7D84933-A245-40AD-8C1B-7836D93D23E7}\0577E6A70327 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E7D84933-A245-40AD-8C1B-7836D93D23E7}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E7D84933-A245-40AD-8C1B-7836D93D23E7}\E4544574541425 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{E7D84933-A245-40AD-8C1B-7836D93D23E7}\E45445745414251353 : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli psqlpwd
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {61539ecd-cc67-4437-a03c-9aaccbd14326} - No File
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [(Default)]
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z164&form=ZGAADF&install_date=20111217&q=
FF - component: C:\Users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - component: C:\Users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Dr. Jocta\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: C:\Users\Dr. Jocta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.homepage.dontask, true);user_pref(extensions.funmoods_i.hmpg, true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=bf
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=bf
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=bf&q=
FF - user.js: extensions.funmoods_i.id - bc47843400000000000000216a55d9f5
FF - user.js: extensions.funmoods_i.instlDay - 15423
FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.22:56:04
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - bf
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-2-3 913752]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-17 40384]
R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2010-8-19 783616]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-6 2348352]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2009-7-8 36864]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-30 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-17 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-17 40384]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-28 136176]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-28 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 HitmanPro36Crusader;HitmanPro 3.6 Crusader;C:\Users\Dr. Jocta\Downloads\HitmanPro36_x64.exe [2012-4-19 8252840]
S3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-27 11:39:10 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6021868A-453B-4F9A-BE0D-D48417A76AF2}\offreg.dll
2012-04-27 11:37:43 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6021868A-453B-4F9A-BE0D-D48417A76AF2}\mpengine.dll
2012-04-26 22:04:56 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-26 22:04:45 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 22:04:45 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-25 02:40:01 -------- d-----w- C:\Program Files (x86)\SteelSeries
2012-04-20 06:31:32 -------- d-----w- C:\Program Files\iTunes
2012-04-20 06:31:32 -------- d-----w- C:\Program Files\iPod
2012-04-20 06:29:01 -------- d-----w- C:\Program Files\Bonjour
2012-04-19 22:19:37 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-04-19 21:35:48 27936 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-04-19 21:35:22 -------- d-----w- C:\ProgramData\HitmanPro
2012-04-19 21:02:19 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-11 05:26:05 -------- d-----w- C:\Program Files\Enigma Software Group
2012-04-11 04:45:02 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-04-11 04:32:47 -------- d-----w- C:\Users\Dr. Jocta\AppData\Roaming\SpeedyPC Software
2012-04-11 04:32:47 -------- d-----w- C:\Users\Dr. Jocta\AppData\Roaming\DriverCure
2012-04-11 04:32:30 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-04-10 23:44:12 -------- d-----w- C:\Users\Dr. Jocta\AppData\Local\Deployment
2012-04-10 21:48:36 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-10 21:48:36 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-10 21:48:36 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-10 21:48:36 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-10 21:48:36 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-10 21:48:36 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-10 21:48:36 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-10 21:34:50 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-10 21:34:50 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-10 21:34:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-10 21:01:09 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-04-10 21:01:09 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-04-10 21:01:07 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-10 21:01:06 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-10 21:01:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-10 21:01:04 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-04-10 21:01:01 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-10 21:01:01 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-10 21:01:00 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-10 21:01:00 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-06 21:10:20 7713088 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-04-06 21:10:20 19444544 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-04-06 21:10:20 1737536 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-04-06 21:10:20 1466176 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-04-06 21:10:19 2517312 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2012-04-06 21:10:19 2437440 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2012-04-06 21:10:19 15009600 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-04-06 20:43:11 -------- d-----w- C:\337241c6cdbc18c83b845faf
2012-04-06 20:41:02 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-04-06 20:41:02 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-04-06 20:40:59 25543488 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-04-06 20:40:58 13626688 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-04-06 20:40:56 8008000 ----a-w- C:\Windows\System32\nvcuda.dll
2012-04-06 20:40:56 5892928 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2012-04-06 20:40:56 2872640 ----a-w- C:\Windows\System32\nvcuvenc.dll
2012-04-06 20:40:56 2672448 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-04-06 20:40:56 17642816 ----a-w- C:\Windows\System32\nvd3dumx.dll
2012-04-06 20:40:41 25222976 ----a-w- C:\Windows\System32\nvcompiler.dll
2012-04-06 20:40:41 17543488 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-03-29 19:25:25 -------- d-----w- C:\Users\Dr. Jocta\AppData\Local\{EF9B0CDA-79D4-11E1-826D-B8AC6F996F26}
.
==================== Find3M ====================
.
2012-04-10 21:50:18 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-04-10 21:50:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-10 21:50:18 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-10 21:50:18 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-03 23:41:04 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-01 00:02:00 9717568 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2012-03-01 00:02:00 2660160 ----a-w- C:\Windows\System32\nvapi64.dll
2012-03-01 00:02:00 2301248 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-23 18:24:50 24408 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 23:43:54 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-17 23:43:54 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-17 23:43:19 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-17 23:43:19 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-17 23:42:44 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-17 23:29:57 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-17 23:29:57 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-01-30 17:58:23 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-30 17:58:23 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-30 17:58:23 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-30 17:58:23 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-30 17:56:05 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-30 17:56:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
============= FINISH: 22:42:03.24 ===============


Thank you so much!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 27 April 2012 - 11:17 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 etcetcetc

etcetcetc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 28 April 2012 - 02:10 PM

Thank you so much for the response.

Security Check:
Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 31
Adobe Flash Player 10.3.181.14 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Spybot Teatimer.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````



ComboFix 12-04-28.01 - Dr. Jocta 04/28/2012 14:43:46.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2550 [GMT -4:00]
Running from: c:\users\Dr. Jocta\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\ReactivateFF.exe
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\users\Dr. Jocta\AppData\Roaming\.#
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\weave\toFetch
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\weave\toFetch\clients.json
c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\weave\toFetch\tabs.json
c:\users\Dr. Jocta\Documents\~WRD2352.tmp
c:\users\Dr. Jocta\Documents\~WRL0620.tmp
c:\users\Dr. Jocta\Documents\~WRL1345.tmp
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\bdaplgin.ax
c:\windows\SysWow64\cero.rs
c:\windows\SysWow64\csrr.rs
c:\windows\SysWow64\esrb.rs
c:\windows\SysWow64\g711codc.ax
c:\windows\SysWow64\grb.rs
c:\windows\SysWow64\iac25_32.ax
c:\windows\SysWow64\ir41_32.ax
c:\windows\SysWow64\ivfsrc.ax
c:\windows\SysWow64\ksproxy.ax
c:\windows\SysWow64\kstvtune.ax
c:\windows\SysWow64\Kswdmcap.ax
c:\windows\SysWow64\ksxbar.ax
c:\windows\SysWow64\Mpeg2Data.ax
c:\windows\SysWow64\mpg2splt.ax
c:\windows\SysWow64\MSDvbNP.ax
c:\windows\SysWow64\MSNP.ax
c:\windows\SysWow64\oflc.rs
c:\windows\SysWow64\pegi-fi.rs
c:\windows\SysWow64\pegi-pt.rs
c:\windows\SysWow64\pegi.rs
c:\windows\SysWow64\pegibbfc.rs
c:\windows\SysWow64\psisrndr.ax
c:\windows\SysWow64\urttemp
c:\windows\SysWow64\urttemp\regtlib.exe
c:\windows\SysWow64\usk.rs
c:\windows\SysWow64\VBICodec.ax
c:\windows\SysWow64\vbisurf.ax
c:\windows\SysWow64\vidcap.ax
c:\windows\SysWow64\WEB.rs
c:\windows\SysWow64\WSTPager.ax
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-28 18:51 . 2012-04-28 18:51 -------- d-----w- c:\users\DRC93C~1~JOC\AppData\Local\temp
2012-04-28 18:51 . 2012-04-28 18:51 -------- d-----w- c:\users\DR06F0~1~JOC\AppData\Local\temp
2012-04-28 18:51 . 2012-04-28 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 11:39 . 2012-04-28 18:34 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6021868A-453B-4F9A-BE0D-D48417A76AF2}\offreg.dll
2012-04-27 11:37 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6021868A-453B-4F9A-BE0D-D48417A76AF2}\mpengine.dll
2012-04-26 22:04 . 2012-04-26 22:05 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-26 22:04 . 2012-04-26 22:04 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 22:04 . 2012-04-26 22:04 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-25 02:40 . 2012-04-25 02:40 -------- d-----w- c:\program files (x86)\SteelSeries
2012-04-20 06:31 . 2012-04-20 06:31 -------- d-----w- c:\program files\iTunes
2012-04-20 06:31 . 2012-04-20 06:31 -------- d-----w- c:\program files\iPod
2012-04-20 06:29 . 2012-04-20 06:29 -------- d-----w- c:\program files\Bonjour
2012-04-20 06:25 . 2012-04-20 06:25 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-04-19 22:19 . 2012-04-19 22:19 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-04-19 21:35 . 2012-04-19 21:35 27936 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-04-19 21:35 . 2012-04-19 22:19 -------- d-----w- c:\programdata\HitmanPro
2012-04-19 21:02 . 2012-04-19 21:02 -------- d-----w- c:\program files (x86)\ESET
2012-04-11 05:26 . 2012-04-11 05:26 -------- d-----w- c:\program files\Enigma Software Group
2012-04-11 04:45 . 2012-04-11 04:45 -------- d-----w- c:\program files (x86)\Anvisoft
2012-04-11 04:32 . 2012-04-11 04:32 -------- d-----w- c:\users\Dr. Jocta\AppData\Roaming\SpeedyPC Software
2012-04-11 04:32 . 2012-04-11 04:32 -------- d-----w- c:\users\Dr. Jocta\AppData\Roaming\DriverCure
2012-04-11 04:32 . 2012-04-11 04:44 -------- d-----w- c:\programdata\SpeedyPC Software
2012-04-10 23:44 . 2012-04-10 23:44 -------- d-----w- c:\users\Dr. Jocta\AppData\Local\Deployment
2012-04-10 21:48 . 2012-04-10 21:48 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 21:48 . 2012-04-10 21:48 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 21:48 . 2012-04-10 21:48 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 21:48 . 2012-04-10 21:48 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 21:48 . 2012-04-10 21:48 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 21:48 . 2012-04-10 21:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 21:48 . 2012-04-10 21:48 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 21:34 . 2012-04-10 21:34 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 21:34 . 2012-04-10 21:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-10 21:34 . 2012-04-10 21:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-10 21:01 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-04-10 21:01 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-04-10 21:01 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-10 21:01 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-10 21:01 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-10 21:01 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-04-10 21:01 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-10 21:01 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-10 21:01 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-10 21:01 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-06 21:17 . 2012-04-11 06:55 -------- d-----w- c:\users\UpdatusUser.ED-WORD-PC
2012-04-06 21:10 . 2012-03-01 00:02 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-04-06 21:10 . 2012-03-01 00:02 19444544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-04-06 21:10 . 2012-03-01 00:02 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-04-06 21:10 . 2012-03-01 00:02 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-04-06 21:10 . 2012-03-01 00:02 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-04-06 21:10 . 2012-03-01 00:02 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-04-06 21:10 . 2012-03-01 00:02 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-04-06 20:43 . 2012-04-11 10:42 -------- d-----w- C:\337241c6cdbc18c83b845faf
2012-04-06 20:41 . 2012-03-01 00:02 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 20:41 . 2012-03-01 00:02 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 20:40 . 2012-03-01 00:02 25543488 ----a-w- c:\windows\system32\nvoglv64.dll
2012-04-06 20:40 . 2012-03-01 00:02 13626688 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-04-06 20:40 . 2012-03-01 00:02 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-04-06 20:40 . 2012-03-01 00:02 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-04-06 20:40 . 2012-03-01 00:02 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-04-06 20:40 . 2012-03-01 00:02 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-04-06 20:40 . 2012-03-01 00:02 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-04-06 20:40 . 2012-03-01 00:02 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-04-06 20:40 . 2012-03-01 00:02 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-04-03 23:41 . 2012-04-11 10:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-29 19:25 . 2012-03-29 19:25 -------- d-----w- c:\users\Dr. Jocta\AppData\Local\{EF9B0CDA-79D4-11E1-826D-B8AC6F996F26}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2010-12-30 05:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 23:41 . 2010-05-17 02:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-01 00:02 . 2011-09-17 20:25 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2011-03-19 04:21 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2010-12-31 20:26 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-29 21:00 . 2011-03-17 08:03 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2011-03-17 08:03 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2011-03-17 08:03 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2011-03-17 08:02 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2011-03-17 08:02 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 20:59 . 2011-01-08 00:49 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-23 18:24 . 2012-02-04 09:44 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-23 14:18 . 2009-10-02 18:52 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 23:43 . 2012-02-17 23:43 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 23:43 . 2012-02-17 23:43 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 23:43 . 2012-02-17 23:43 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 23:43 . 2012-02-17 23:43 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 23:42 . 2012-02-17 23:42 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-17 23:29 . 2012-02-17 23:29 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-17 23:29 . 2012-02-17 23:29 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-01-30 17:59 . 2012-01-30 17:59 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-30 17:59 . 2012-01-30 17:59 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-30 17:59 . 2012-01-30 17:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-01-30 17:59 . 2012-01-30 17:59 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-30 17:59 . 2012-01-30 17:59 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-30 17:59 . 2012-01-30 17:59 395776 ----a-w- c:\windows\system32\webio.dll
2012-01-30 17:59 . 2012-01-30 17:59 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-30 17:59 . 2012-01-30 17:59 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-01-30 17:59 . 2012-01-30 17:59 31232 ----a-w- c:\windows\system32\lsass.exe
2012-01-30 17:59 . 2012-01-30 17:59 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-30 17:59 . 2012-01-30 17:59 28160 ----a-w- c:\windows\system32\secur32.dll
2012-01-30 17:59 . 2012-01-30 17:59 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-30 17:59 . 2012-01-30 17:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-30 17:59 . 2012-01-30 17:59 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-30 17:59 . 2012-01-30 17:59 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-30 17:59 . 2012-01-30 17:59 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-01-30 17:58 . 2012-01-30 17:58 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-30 17:58 . 2012-01-30 17:58 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-30 17:58 . 2012-01-30 17:58 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-30 17:58 . 2012-01-30 17:58 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-30 17:56 . 2012-01-30 17:56 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-30 17:56 . 2012-01-30 17:56 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 20:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Dr. Jocta\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-2-24 495104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 HitmanPro36Crusader;HitmanPro 3.6 Crusader;c:\users\Dr. Jocta\Downloads\HitmanPro36_x64.exe [2012-04-19 8252840]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SysInfo;SysInfo;c:\windows\system32\drivers\SysInfo.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2010-08-19 783616]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2008-05-13 36864]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 02:35]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 02:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-07-04 10:06 4845832 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-07-04 10:06 4845832 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1216808]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"DeLay"="c:\windows\BisonCam\DeLay.exe" [2008-03-12 53248]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"combofix"="c:\combofix\CF15790.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.funmoods.com/?f=1&a=bf
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z164&form=ZGAADF&install_date=20111217&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.homepage.dontask, true);user_pref(extensions.funmoods_i.hmpg, true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=bf
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=bf
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=bf&q=
FF - user.js: extensions.funmoods_i.id - bc47843400000000000000216a55d9f5
FF - user.js: extensions.funmoods_i.instlDay - 15423
FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.22:56
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - bf
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-FINAL FANTASY VIII - c:\program files (x86)\Square Soft
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_apb.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-Sparkplayer (Beta) - c:\users\Dr. Jocta\Documents\Sparkplay Media\Sparkplayer (Beta)\Update.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-04-28 15:06:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-28 19:06
.
Pre-Run: 88,871,776,256 bytes free
Post-Run: 88,489,373,696 bytes free
.
- - End Of File - - 5B7FD2369BCD0A3D69E4DCCDF281AFB2



Combofix went smoothly, and my computer seems to be fine (if not faster), but I am still getting redirected to Happili..

Edited by etcetcetc, 28 April 2012 - 02:12 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 28 April 2012 - 02:13 PM

Greetings

I would like to know which browsers are redirecting - please check all that are installed on the computer

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 etcetcetc

etcetcetc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 28 April 2012 - 03:22 PM

After checking IE, safari, and google chrome, none of them gave me a google redirect, so it seems it may just be firefox.

TDSSkiller found no threats.

15:15:08.0380 5176 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
15:15:08.0651 5176 ============================================================
15:15:08.0651 5176 Current date / time: 2012/04/28 15:15:08.0651
15:15:08.0651 5176 SystemInfo:
15:15:08.0651 5176
15:15:08.0651 5176 OS Version: 6.1.7601 ServicePack: 1.0
15:15:08.0651 5176 Product type: Workstation
15:15:08.0651 5176 ComputerName: ED-WORD-PC
15:15:08.0651 5176 UserName: Dr. Jocta
15:15:08.0651 5176 Windows directory: C:\Windows
15:15:08.0651 5176 System windows directory: C:\Windows
15:15:08.0652 5176 Running under WOW64
15:15:08.0652 5176 Processor architecture: Intel x64
15:15:08.0652 5176 Number of processors: 2
15:15:08.0652 5176 Page size: 0x1000
15:15:08.0652 5176 Boot type: Normal boot
15:15:08.0652 5176 ============================================================
15:15:10.0181 5176 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:15:10.0187 5176 ============================================================
15:15:10.0187 5176 \Device\Harddisk0\DR0:
15:15:10.0187 5176 MBR partitions:
15:15:10.0187 5176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
15:15:10.0187 5176 ============================================================
15:15:10.0215 5176 C: <-> \Device\Harddisk0\DR0\Partition0
15:15:10.0215 5176 ============================================================
15:15:10.0215 5176 Initialize success
15:15:10.0215 5176 ============================================================
15:15:12.0884 5240 ============================================================
15:15:12.0884 5240 Scan started
15:15:12.0884 5240 Mode: Manual;
15:15:12.0884 5240 ============================================================
15:15:15.0816 5240 !SASCORE (a0709b82fa3b5afad1467e565b8b3ba0) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:15:15.0820 5240 !SASCORE - ok
15:15:16.0052 5240 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:15:16.0065 5240 1394ohci - ok
15:15:16.0218 5240 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:15:16.0232 5240 ACPI - ok
15:15:16.0286 5240 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:15:16.0294 5240 AcpiPmi - ok
15:15:16.0363 5240 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:15:16.0378 5240 adp94xx - ok
15:15:16.0439 5240 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:15:16.0450 5240 adpahci - ok
15:15:16.0469 5240 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:15:16.0483 5240 adpu320 - ok
15:15:16.0650 5240 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
15:15:16.0656 5240 AdvancedSystemCareService5 - ok
15:15:16.0715 5240 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:15:16.0721 5240 AeLookupSvc - ok
15:15:16.0777 5240 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:15:16.0795 5240 AFD - ok
15:15:16.0839 5240 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:15:16.0846 5240 agp440 - ok
15:15:16.0879 5240 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:15:16.0886 5240 ALG - ok
15:15:16.0944 5240 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:15:16.0952 5240 aliide - ok
15:15:16.0996 5240 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:15:17.0003 5240 amdide - ok
15:15:17.0052 5240 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:15:17.0059 5240 AmdK8 - ok
15:15:17.0065 5240 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:15:17.0067 5240 AmdPPM - ok
15:15:17.0110 5240 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:15:17.0115 5240 amdsata - ok
15:15:17.0145 5240 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:15:17.0158 5240 amdsbs - ok
15:15:17.0223 5240 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:15:17.0224 5240 amdxata - ok
15:15:17.0287 5240 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:15:17.0294 5240 AppID - ok
15:15:17.0314 5240 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:15:17.0317 5240 AppIDSvc - ok
15:15:17.0374 5240 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:15:17.0381 5240 Appinfo - ok
15:15:17.0536 5240 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:15:17.0537 5240 Apple Mobile Device - ok
15:15:17.0598 5240 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:15:17.0604 5240 arc - ok
15:15:17.0614 5240 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:15:17.0620 5240 arcsas - ok
15:15:17.0787 5240 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:15:17.0795 5240 aspnet_state - ok
15:15:17.0849 5240 aswFsBlk (b76182f203e0bd5eb6a5f6538f0faee4) C:\Windows\system32\drivers\aswFsBlk.sys
15:15:17.0850 5240 aswFsBlk - ok
15:15:17.0856 5240 aswMonFlt (a88e9544edda1ce83825dd22d6a8b5f9) C:\Windows\system32\drivers\aswMonFlt.sys
15:15:17.0856 5240 aswMonFlt - ok
15:15:17.0870 5240 aswRdr (cfad2fb33b22e7039c9dc233baacbf8b) C:\Windows\system32\drivers\aswRdr.sys
15:15:17.0871 5240 aswRdr - ok
15:15:17.0886 5240 aswSP (594365e887f4a5ad3970870b352eb887) C:\Windows\system32\drivers\aswSP.sys
15:15:17.0887 5240 aswSP - ok
15:15:17.0942 5240 aswTdi (4ba0a0e1d36f88f536180ffe5efd8b7c) C:\Windows\system32\drivers\aswTdi.sys
15:15:17.0943 5240 aswTdi - ok
15:15:17.0961 5240 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:15:17.0961 5240 AsyncMac - ok
15:15:18.0024 5240 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:15:18.0025 5240 atapi - ok
15:15:18.0106 5240 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:15:18.0129 5240 AudioEndpointBuilder - ok
15:15:18.0135 5240 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:15:18.0138 5240 AudioSrv - ok
15:15:18.0382 5240 avast! Antivirus (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
15:15:18.0383 5240 avast! Antivirus - ok
15:15:18.0386 5240 avast! Mail Scanner (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
15:15:18.0386 5240 avast! Mail Scanner - ok
15:15:18.0390 5240 avast! Web Scanner (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
15:15:18.0390 5240 avast! Web Scanner - ok
15:15:18.0527 5240 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:15:18.0533 5240 AxInstSV - ok
15:15:18.0572 5240 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:15:18.0589 5240 b06bdrv - ok
15:15:18.0618 5240 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:15:18.0630 5240 b57nd60a - ok
15:15:18.0788 5240 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:15:18.0802 5240 BBSvc - ok
15:15:18.0857 5240 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:15:18.0863 5240 BDESVC - ok
15:15:18.0871 5240 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:15:18.0873 5240 Beep - ok
15:15:18.0958 5240 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:15:18.0980 5240 BFE - ok
15:15:19.0066 5240 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:15:19.0071 5240 BITS - ok
15:15:19.0130 5240 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:15:19.0137 5240 blbdrive - ok
15:15:19.0269 5240 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:15:19.0286 5240 Bonjour Service - ok
15:15:19.0346 5240 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:15:19.0352 5240 bowser - ok
15:15:19.0371 5240 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:15:19.0379 5240 BrFiltLo - ok
15:15:19.0393 5240 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:15:19.0401 5240 BrFiltUp - ok
15:15:19.0430 5240 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:15:19.0436 5240 BridgeMP - ok
15:15:19.0492 5240 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:15:19.0493 5240 Browser - ok
15:15:19.0519 5240 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:15:19.0532 5240 Brserid - ok
15:15:19.0551 5240 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:15:19.0559 5240 BrSerWdm - ok
15:15:19.0566 5240 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:15:19.0568 5240 BrUsbMdm - ok
15:15:19.0576 5240 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:15:19.0577 5240 BrUsbSer - ok
15:15:19.0586 5240 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:15:19.0588 5240 BTHMODEM - ok
15:15:19.0642 5240 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:15:19.0649 5240 bthserv - ok
15:15:19.0698 5240 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
15:15:19.0699 5240 BVRPMPR5a64 - ok
15:15:19.0779 5240 Cam5607 (77c023d7e2b52f83f3d9363993e94c1d) C:\Windows\system32\Drivers\BisonC07.sys
15:15:19.0783 5240 Cam5607 - ok
15:15:19.0811 5240 catchme - ok
15:15:19.0850 5240 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:15:19.0855 5240 cdfs - ok
15:15:19.0922 5240 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:15:19.0928 5240 cdrom - ok
15:15:19.0941 5240 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:15:19.0947 5240 CertPropSvc - ok
15:15:19.0955 5240 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:15:19.0956 5240 circlass - ok
15:15:19.0982 5240 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:15:19.0991 5240 CLFS - ok
15:15:20.0116 5240 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:15:20.0123 5240 clr_optimization_v2.0.50727_32 - ok
15:15:20.0209 5240 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:15:20.0215 5240 clr_optimization_v2.0.50727_64 - ok
15:15:20.0310 5240 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:15:20.0316 5240 clr_optimization_v4.0.30319_32 - ok
15:15:20.0421 5240 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:15:20.0426 5240 clr_optimization_v4.0.30319_64 - ok
15:15:20.0478 5240 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:15:20.0485 5240 CmBatt - ok
15:15:20.0592 5240 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:15:20.0599 5240 cmdide - ok
15:15:20.0663 5240 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:15:20.0679 5240 CNG - ok
15:15:20.0691 5240 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:15:20.0692 5240 Compbatt - ok
15:15:20.0753 5240 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:15:20.0760 5240 CompositeBus - ok
15:15:20.0765 5240 COMSysApp - ok
15:15:20.0788 5240 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:15:20.0795 5240 crcdisk - ok
15:15:20.0852 5240 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:15:20.0854 5240 CryptSvc - ok
15:15:20.0923 5240 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:15:20.0927 5240 DcomLaunch - ok
15:15:20.0986 5240 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:15:20.0996 5240 defragsvc - ok
15:15:21.0058 5240 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:15:21.0064 5240 DfsC - ok
15:15:21.0140 5240 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:15:21.0149 5240 Dhcp - ok
15:15:21.0187 5240 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:15:21.0194 5240 discache - ok
15:15:21.0206 5240 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:15:21.0213 5240 Disk - ok
15:15:21.0275 5240 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:15:21.0288 5240 Dnscache - ok
15:15:21.0349 5240 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:15:21.0362 5240 dot3svc - ok
15:15:21.0427 5240 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:15:21.0441 5240 DPS - ok
15:15:21.0492 5240 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:15:21.0494 5240 drmkaud - ok
15:15:21.0574 5240 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:15:21.0579 5240 DXGKrnl - ok
15:15:21.0594 5240 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:15:21.0600 5240 EapHost - ok
15:15:21.0724 5240 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:15:21.0785 5240 ebdrv - ok
15:15:21.0956 5240 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:15:21.0958 5240 EFS - ok
15:15:22.0046 5240 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:15:22.0067 5240 ehRecvr - ok
15:15:22.0122 5240 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:15:22.0128 5240 ehSched - ok
15:15:22.0168 5240 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
15:15:22.0169 5240 ElbyCDIO - ok
15:15:22.0212 5240 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:15:22.0228 5240 elxstor - ok
15:15:22.0287 5240 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:15:22.0295 5240 ErrDev - ok
15:15:22.0394 5240 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:15:22.0397 5240 EventSystem - ok
15:15:22.0430 5240 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:15:22.0443 5240 exfat - ok
15:15:22.0473 5240 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:15:22.0485 5240 fastfat - ok
15:15:22.0567 5240 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:15:22.0588 5240 Fax - ok
15:15:22.0605 5240 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:15:22.0612 5240 fdc - ok
15:15:22.0659 5240 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:15:22.0667 5240 fdPHost - ok
15:15:22.0679 5240 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:15:22.0686 5240 FDResPub - ok
15:15:22.0701 5240 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:15:22.0708 5240 FileInfo - ok
15:15:22.0724 5240 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:15:22.0732 5240 Filetrace - ok
15:15:22.0788 5240 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:15:22.0796 5240 flpydisk - ok
15:15:22.0853 5240 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:15:22.0863 5240 FltMgr - ok
15:15:22.0968 5240 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:15:22.0991 5240 FontCache - ok
15:15:23.0111 5240 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:15:23.0118 5240 FontCache3.0.0.0 - ok
15:15:23.0151 5240 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:15:23.0151 5240 FsDepends - ok
15:15:23.0187 5240 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
15:15:23.0195 5240 fssfltr - ok
15:15:23.0365 5240 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:15:23.0398 5240 fsssvc - ok
15:15:23.0488 5240 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:15:23.0489 5240 Fs_Rec - ok
15:15:23.0533 5240 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:15:23.0545 5240 fvevol - ok
15:15:23.0567 5240 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:15:23.0574 5240 gagp30kx - ok
15:15:23.0615 5240 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:15:23.0616 5240 GEARAspiWDM - ok
15:15:23.0681 5240 Giraffic - ok
15:15:23.0766 5240 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:15:23.0786 5240 gpsvc - ok
15:15:23.0905 5240 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:15:23.0911 5240 gupdate - ok
15:15:23.0914 5240 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:15:23.0915 5240 gupdatem - ok
15:15:23.0943 5240 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:15:23.0951 5240 hcw85cir - ok
15:15:23.0996 5240 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:15:24.0007 5240 HdAudAddService - ok
15:15:24.0064 5240 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:15:24.0069 5240 HDAudBus - ok
15:15:24.0089 5240 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:15:24.0096 5240 HidBatt - ok
15:15:24.0125 5240 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:15:24.0132 5240 HidBth - ok
15:15:24.0160 5240 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:15:24.0167 5240 HidIr - ok
15:15:24.0224 5240 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:15:24.0231 5240 hidserv - ok
15:15:24.0291 5240 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:15:24.0292 5240 HidUsb - ok
15:15:24.0450 5240 hitmanpro35 (461f1ca9b00f7142480c21a22efa7288) C:\Windows\system32\drivers\hitmanpro36.sys
15:15:24.0457 5240 hitmanpro35 - ok
15:15:24.0836 5240 HitmanPro36Crusader (50c3921b904cecc22b91e7cf10d27507) C:\Users\Dr. Jocta\Downloads\HitmanPro36_x64.exe
15:15:24.0983 5240 HitmanPro36Crusader - ok
15:15:25.0175 5240 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:15:25.0182 5240 hkmsvc - ok
15:15:25.0253 5240 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:15:25.0266 5240 HomeGroupListener - ok
15:15:25.0325 5240 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:15:25.0338 5240 HomeGroupProvider - ok
15:15:25.0391 5240 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:15:25.0397 5240 HpSAMD - ok
15:15:25.0471 5240 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:15:25.0492 5240 HTTP - ok
15:15:25.0554 5240 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:15:25.0555 5240 hwpolicy - ok
15:15:25.0625 5240 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:15:25.0632 5240 i8042prt - ok
15:15:26.0030 5240 IAANTMON (52e8a3cc8269adb27d25182284c5e650) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:15:26.0044 5240 IAANTMON - ok
15:15:26.0047 5240 iaStor - ok
15:15:26.0105 5240 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:15:26.0123 5240 iaStorV - ok
15:15:26.0275 5240 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:15:26.0293 5240 idsvc - ok
15:15:26.0343 5240 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:15:26.0350 5240 iirsp - ok
15:15:26.0465 5240 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:15:26.0484 5240 IKEEXT - ok
15:15:26.0589 5240 IntcAzAudAddService (259ce97101024c2d2d80def9a7ff96e6) C:\Windows\system32\drivers\RTKVHD64.sys
15:15:26.0622 5240 IntcAzAudAddService - ok
15:15:26.0778 5240 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:15:26.0786 5240 intelide - ok
15:15:26.0795 5240 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:15:26.0796 5240 intelppm - ok
15:15:26.0861 5240 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:15:26.0867 5240 IPBusEnum - ok
15:15:26.0920 5240 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:15:26.0926 5240 IpFilterDriver - ok
15:15:26.0998 5240 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:15:27.0013 5240 iphlpsvc - ok
15:15:27.0074 5240 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:15:27.0080 5240 IPMIDRV - ok
15:15:27.0106 5240 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:15:27.0120 5240 IPNAT - ok
15:15:27.0244 5240 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:15:27.0270 5240 iPod Service - ok
15:15:27.0296 5240 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:15:27.0304 5240 IRENUM - ok
15:15:27.0369 5240 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:15:27.0377 5240 isapnp - ok
15:15:27.0472 5240 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:15:27.0483 5240 iScsiPrt - ok
15:15:27.0543 5240 JMCR (c4c054b795fcba9e070d1425dd07a4e4) C:\Windows\system32\DRIVERS\jmcr.sys
15:15:27.0544 5240 JMCR - ok
15:15:27.0601 5240 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:15:27.0601 5240 kbdclass - ok
15:15:27.0663 5240 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:15:27.0663 5240 kbdhid - ok
15:15:27.0705 5240 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:27.0706 5240 KeyIso - ok
15:15:27.0893 5240 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
15:15:27.0903 5240 Kodak AiO Network Discovery Service - ok
15:15:27.0914 5240 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:15:27.0919 5240 KSecDD - ok
15:15:27.0939 5240 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:15:27.0944 5240 KSecPkg - ok
15:15:28.0014 5240 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:15:28.0022 5240 ksthunk - ok
15:15:28.0082 5240 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:15:28.0091 5240 KtmRm - ok
15:15:28.0162 5240 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:15:28.0174 5240 LanmanServer - ok
15:15:28.0237 5240 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:15:28.0253 5240 LanmanWorkstation - ok
15:15:28.0272 5240 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:15:28.0279 5240 lltdio - ok
15:15:28.0334 5240 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:15:28.0344 5240 lltdsvc - ok
15:15:28.0387 5240 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:15:28.0389 5240 lmhosts - ok
15:15:28.0423 5240 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:15:28.0429 5240 LSI_FC - ok
15:15:28.0447 5240 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:15:28.0452 5240 LSI_SAS - ok
15:15:28.0500 5240 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:15:28.0506 5240 LSI_SAS2 - ok
15:15:28.0527 5240 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:15:28.0533 5240 LSI_SCSI - ok
15:15:28.0562 5240 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:15:28.0568 5240 luafv - ok
15:15:28.0593 5240 Lycosa (e5ecf40e5fd459141e5f6685ffd51804) C:\Windows\system32\drivers\Lycosa.sys
15:15:28.0594 5240 Lycosa - ok
15:15:28.0649 5240 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:15:28.0656 5240 Mcx2Svc - ok
15:15:28.0679 5240 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:15:28.0686 5240 megasas - ok
15:15:28.0715 5240 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:15:28.0725 5240 MegaSR - ok
15:15:28.0752 5240 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:15:28.0759 5240 MMCSS - ok
15:15:28.0770 5240 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:15:28.0771 5240 Modem - ok
15:15:28.0801 5240 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:15:28.0801 5240 monitor - ok
15:15:28.0858 5240 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:15:28.0859 5240 mouclass - ok
15:15:28.0865 5240 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:15:28.0873 5240 mouhid - ok
15:15:28.0938 5240 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:15:28.0944 5240 mountmgr - ok
15:15:29.0063 5240 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:15:29.0069 5240 MozillaMaintenance - ok
15:15:29.0126 5240 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:15:29.0141 5240 mpio - ok
15:15:29.0167 5240 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:15:29.0173 5240 mpsdrv - ok
15:15:29.0279 5240 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:15:29.0300 5240 MpsSvc - ok
15:15:29.0349 5240 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:15:29.0363 5240 MRxDAV - ok
15:15:29.0423 5240 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:15:29.0437 5240 mrxsmb - ok
15:15:29.0568 5240 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:15:29.0581 5240 mrxsmb10 - ok
15:15:29.0634 5240 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:15:29.0640 5240 mrxsmb20 - ok
15:15:29.0697 5240 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:15:29.0698 5240 msahci - ok
15:15:29.0740 5240 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:15:29.0743 5240 msdsm - ok
15:15:29.0787 5240 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:15:29.0793 5240 MSDTC - ok
15:15:29.0826 5240 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:15:29.0833 5240 Msfs - ok
15:15:29.0842 5240 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:15:29.0844 5240 mshidkmdf - ok
15:15:29.0898 5240 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:15:29.0898 5240 msisadrv - ok
15:15:29.0953 5240 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:15:29.0957 5240 MSiSCSI - ok
15:15:29.0960 5240 msiserver - ok
15:15:29.0978 5240 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:15:29.0985 5240 MSKSSRV - ok
15:15:29.0998 5240 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:15:30.0000 5240 MSPCLOCK - ok
15:15:30.0011 5240 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:15:30.0013 5240 MSPQM - ok
15:15:30.0073 5240 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:15:30.0082 5240 MsRPC - ok
15:15:30.0143 5240 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:15:30.0144 5240 mssmbios - ok
15:15:30.0169 5240 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:15:30.0171 5240 MSTEE - ok
15:15:30.0181 5240 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:15:30.0189 5240 MTConfig - ok
15:15:30.0214 5240 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:15:30.0215 5240 Mup - ok
15:15:30.0323 5240 NACAgent (4d14d8b15ceae3839807170a18957d56) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
15:15:30.0356 5240 NACAgent - ok
15:15:30.0492 5240 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:15:30.0509 5240 napagent - ok
15:15:30.0577 5240 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:15:30.0587 5240 NativeWifiP - ok
15:15:30.0681 5240 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:15:30.0686 5240 NDIS - ok
15:15:30.0704 5240 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:15:30.0711 5240 NdisCap - ok
15:15:30.0737 5240 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:15:30.0737 5240 NdisTapi - ok
15:15:30.0802 5240 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:15:30.0809 5240 Ndisuio - ok
15:15:30.0867 5240 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:15:30.0881 5240 NdisWan - ok
15:15:30.0941 5240 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:15:30.0948 5240 NDProxy - ok
15:15:30.0961 5240 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:15:30.0968 5240 NetBIOS - ok
15:15:30.0990 5240 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:15:31.0003 5240 NetBT - ok
15:15:31.0063 5240 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:31.0064 5240 Netlogon - ok
15:15:31.0129 5240 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:15:31.0132 5240 Netman - ok
15:15:31.0298 5240 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:15:31.0304 5240 NetMsmqActivator - ok
15:15:31.0307 5240 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:15:31.0309 5240 NetPipeActivator - ok
15:15:31.0345 5240 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:15:31.0362 5240 netprofm - ok
15:15:31.0366 5240 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:15:31.0367 5240 NetTcpActivator - ok
15:15:31.0371 5240 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:15:31.0374 5240 NetTcpPortSharing - ok
15:15:31.0629 5240 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:15:31.0731 5240 netw5v64 - ok
15:15:32.0169 5240 NETwNs64 (9ec1edebba8cf6a30899ee38ab1352cc) C:\Windows\system32\DRIVERS\NETwNs64.sys
15:15:32.0306 5240 NETwNs64 - ok
15:15:32.0447 5240 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:15:32.0454 5240 nfrd960 - ok
15:15:32.0589 5240 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:15:32.0599 5240 NlaSvc - ok
15:15:32.0610 5240 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:15:32.0617 5240 Npfs - ok
15:15:32.0675 5240 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:15:32.0683 5240 nsi - ok
15:15:32.0695 5240 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:15:32.0703 5240 nsiproxy - ok
15:15:32.0815 5240 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:15:32.0824 5240 Ntfs - ok
15:15:32.0862 5240 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:15:32.0863 5240 Null - ok
15:15:33.0347 5240 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:15:33.0411 5240 nvlddmkm - ok
15:15:33.0501 5240 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:15:33.0506 5240 nvraid - ok
15:15:33.0574 5240 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:15:33.0579 5240 nvstor - ok
15:15:33.0624 5240 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
15:15:33.0642 5240 nvsvc - ok
15:15:33.0866 5240 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:15:33.0884 5240 nvUpdatusService - ok
15:15:34.0037 5240 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:15:34.0043 5240 nv_agp - ok
15:15:34.0184 5240 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:15:34.0200 5240 odserv - ok
15:15:34.0262 5240 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:15:34.0269 5240 ohci1394 - ok
15:15:34.0321 5240 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:15:34.0334 5240 ose - ok
15:15:34.0415 5240 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:15:34.0426 5240 p2pimsvc - ok
15:15:34.0505 5240 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:15:34.0523 5240 p2psvc - ok
15:15:34.0573 5240 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:15:34.0579 5240 Parport - ok
15:15:34.0633 5240 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:15:34.0639 5240 partmgr - ok
15:15:34.0659 5240 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:15:34.0671 5240 PcaSvc - ok
15:15:34.0743 5240 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:15:34.0756 5240 pci - ok
15:15:34.0817 5240 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:15:34.0825 5240 pciide - ok
15:15:34.0858 5240 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:15:34.0870 5240 pcmcia - ok
15:15:34.0902 5240 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:15:34.0903 5240 pcw - ok
15:15:34.0933 5240 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:15:34.0947 5240 PEAUTH - ok
15:15:35.0087 5240 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:15:35.0091 5240 PerfHost - ok
15:15:35.0274 5240 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:15:35.0301 5240 pla - ok
15:15:35.0369 5240 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:15:35.0388 5240 PlugPlay - ok
15:15:35.0391 5240 PnkBstrA - ok
15:15:35.0423 5240 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:15:35.0425 5240 PNRPAutoReg - ok
15:15:35.0465 5240 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:15:35.0467 5240 PNRPsvc - ok
15:15:35.0579 5240 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
15:15:35.0586 5240 Point64 - ok
15:15:35.0635 5240 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:15:35.0651 5240 PolicyAgent - ok
15:15:35.0671 5240 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:15:35.0686 5240 Power - ok
15:15:35.0848 5240 PowerBiosServer (e7f1e8a2da3cac0e34023c587b72c18e) C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
15:15:35.0848 5240 PowerBiosServer - ok
15:15:35.0914 5240 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:15:35.0920 5240 PptpMiniport - ok
15:15:35.0981 5240 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:15:35.0988 5240 Processor - ok
15:15:36.0019 5240 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:15:36.0031 5240 ProfSvc - ok
15:15:36.0134 5240 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:36.0135 5240 ProtectedStorage - ok
15:15:36.0272 5240 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:15:36.0277 5240 Psched - ok
15:15:36.0342 5240 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:15:36.0401 5240 ql2300 - ok
15:15:36.0632 5240 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:15:36.0638 5240 ql40xx - ok
15:15:36.0701 5240 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:15:36.0712 5240 QWAVE - ok
15:15:36.0722 5240 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:15:36.0730 5240 QWAVEdrv - ok
15:15:36.0753 5240 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:15:36.0761 5240 RasAcd - ok
15:15:36.0784 5240 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:15:36.0784 5240 RasAgileVpn - ok
15:15:36.0800 5240 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:15:36.0806 5240 RasAuto - ok
15:15:36.0868 5240 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:15:36.0875 5240 Rasl2tp - ok
15:15:36.0940 5240 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:15:36.0951 5240 RasMan - ok
15:15:36.0965 5240 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:15:36.0971 5240 RasPppoe - ok
15:15:36.0981 5240 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:15:36.0982 5240 RasSstp - ok
15:15:37.0064 5240 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:15:37.0075 5240 rdbss - ok
15:15:37.0098 5240 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:15:37.0105 5240 rdpbus - ok
15:15:37.0132 5240 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:15:37.0134 5240 RDPCDD - ok
15:15:37.0143 5240 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:15:37.0144 5240 RDPENCDD - ok
15:15:37.0155 5240 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:15:37.0157 5240 RDPREFMP - ok
15:15:37.0209 5240 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:15:37.0222 5240 RDPWD - ok
15:15:37.0269 5240 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:15:37.0282 5240 rdyboost - ok
15:15:37.0371 5240 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:15:37.0374 5240 RemoteAccess - ok
15:15:37.0435 5240 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:15:37.0437 5240 RemoteRegistry - ok
15:15:37.0660 5240 RichVideo (06a49b7bdc36cfbf97dd90804f833369) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
15:15:37.0673 5240 RichVideo - ok
15:15:37.0742 5240 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
15:15:37.0748 5240 RMCAST - ok
15:15:37.0759 5240 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:15:37.0765 5240 RpcEptMapper - ok
15:15:37.0772 5240 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:15:37.0780 5240 RpcLocator - ok
15:15:37.0853 5240 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:15:37.0857 5240 RpcSs - ok
15:15:37.0912 5240 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:15:37.0920 5240 rspndr - ok
15:15:37.0981 5240 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:15:37.0984 5240 RTL8167 - ok
15:15:38.0028 5240 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:38.0029 5240 SamSs - ok
15:15:38.0162 5240 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:15:38.0163 5240 SASDIFSV - ok
15:15:38.0171 5240 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:15:38.0172 5240 SASKUTIL - ok
15:15:38.0231 5240 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:15:38.0237 5240 sbp2port - ok
15:15:38.0429 5240 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:15:38.0435 5240 SBSDWSCService - ok
15:15:38.0562 5240 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:15:38.0608 5240 SCardSvr - ok
15:15:38.0758 5240 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:15:38.0765 5240 scfilter - ok
15:15:38.0863 5240 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:15:38.0871 5240 Schedule - ok
15:15:38.0936 5240 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:15:38.0937 5240 SCPolicySvc - ok
15:15:39.0005 5240 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:15:39.0019 5240 SDRSVC - ok
15:15:39.0194 5240 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:15:39.0205 5240 SeaPort - ok
15:15:39.0276 5240 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:15:39.0284 5240 secdrv - ok
15:15:39.0294 5240 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:15:39.0301 5240 seclogon - ok
15:15:39.0351 5240 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:15:39.0357 5240 SENS - ok
15:15:39.0369 5240 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:15:39.0376 5240 SensrSvc - ok
15:15:39.0399 5240 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:15:39.0407 5240 Serenum - ok
15:15:39.0430 5240 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:15:39.0436 5240 Serial - ok
15:15:39.0490 5240 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:15:39.0498 5240 sermouse - ok
15:15:39.0558 5240 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:15:39.0564 5240 SessionEnv - ok
15:15:39.0623 5240 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:15:39.0631 5240 sffdisk - ok
15:15:39.0646 5240 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:15:39.0654 5240 sffp_mmc - ok
15:15:39.0668 5240 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:15:39.0676 5240 sffp_sd - ok
15:15:39.0690 5240 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:15:39.0698 5240 sfloppy - ok
15:15:39.0790 5240 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:15:39.0800 5240 SharedAccess - ok
15:15:39.0866 5240 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:15:39.0869 5240 ShellHWDetection - ok
15:15:39.0883 5240 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:15:39.0890 5240 SiSRaid2 - ok
15:15:39.0918 5240 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:15:39.0924 5240 SiSRaid4 - ok
15:15:39.0954 5240 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:15:39.0960 5240 Smb - ok
15:15:40.0067 5240 smserial (5f1767b8281eeea159d8a37e33eb04ae) C:\Windows\system32\DRIVERS\smserial.sys
15:15:40.0093 5240 smserial - ok
15:15:40.0284 5240 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:15:40.0292 5240 SNMPTRAP - ok
15:15:40.0383 5240 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:15:40.0383 5240 spldr - ok
15:15:40.0599 5240 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:15:40.0603 5240 Spooler - ok
15:15:40.0786 5240 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:15:40.0850 5240 sppsvc - ok
15:15:40.0945 5240 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:15:40.0949 5240 sppuinotify - ok
15:15:41.0040 5240 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
15:15:41.0058 5240 sptd - ok
15:15:41.0135 5240 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:15:41.0152 5240 srv - ok
15:15:41.0222 5240 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:15:41.0240 5240 srv2 - ok
15:15:41.0281 5240 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:15:41.0297 5240 srvnet - ok
15:15:41.0314 5240 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:15:41.0317 5240 SSDPSRV - ok
15:15:41.0327 5240 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:15:41.0334 5240 SstpSvc - ok
15:15:41.0426 5240 Steam Client Service - ok
15:15:41.0578 5240 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:15:41.0588 5240 Stereo Service - ok
15:15:41.0656 5240 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:15:41.0658 5240 stexstor - ok
15:15:41.0738 5240 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:15:41.0753 5240 stisvc - ok
15:15:41.0814 5240 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:15:41.0815 5240 swenum - ok
15:15:41.0844 5240 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:15:41.0860 5240 swprv - ok
15:15:41.0937 5240 SynTP (572438150fc79e41a0348e3dc56b1dd2) C:\Windows\system32\DRIVERS\SynTP.sys
15:15:41.0939 5240 SynTP - ok
15:15:41.0942 5240 SysInfo - ok
15:15:42.0059 5240 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:15:42.0099 5240 SysMain - ok
15:15:42.0286 5240 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:15:42.0293 5240 TabletInputService - ok
15:15:42.0442 5240 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:15:42.0445 5240 TapiSrv - ok
15:15:42.0528 5240 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:15:42.0530 5240 TBS - ok
15:15:42.0766 5240 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:15:42.0775 5240 Tcpip - ok
15:15:42.0952 5240 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:15:42.0962 5240 TCPIP6 - ok
15:15:43.0080 5240 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:15:43.0081 5240 tcpipreg - ok
15:15:43.0178 5240 TcUsb (03f3b34e066b6983dc6cade1d41f0e2c) C:\Windows\system32\Drivers\tcusb.sys
15:15:43.0179 5240 TcUsb - ok
15:15:43.0236 5240 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:15:43.0244 5240 TDPIPE - ok
15:15:43.0263 5240 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:15:43.0264 5240 TDTCP - ok
15:15:43.0324 5240 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:15:43.0325 5240 tdx - ok
15:15:43.0383 5240 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:15:43.0384 5240 TermDD - ok
15:15:43.0421 5240 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:15:43.0427 5240 TermService - ok
15:15:43.0492 5240 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:15:43.0499 5240 Themes - ok
15:15:43.0557 5240 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:15:43.0558 5240 THREADORDER - ok
15:15:43.0576 5240 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:15:43.0589 5240 TrkWks - ok
15:15:43.0705 5240 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:15:43.0718 5240 TrustedInstaller - ok
15:15:43.0775 5240 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:15:43.0782 5240 tssecsrv - ok
15:15:43.0838 5240 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:15:43.0845 5240 TsUsbFlt - ok
15:15:43.0892 5240 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:15:43.0898 5240 tunnel - ok
15:15:43.0952 5240 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:15:43.0959 5240 uagp35 - ok
15:15:43.0980 5240 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:15:43.0989 5240 udfs - ok
15:15:44.0019 5240 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:15:44.0026 5240 UI0Detect - ok
15:15:44.0086 5240 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:15:44.0092 5240 uliagpkx - ok
15:15:44.0150 5240 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:15:44.0158 5240 umbus - ok
15:15:44.0180 5240 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:15:44.0188 5240 UmPass - ok
15:15:44.0225 5240 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:15:44.0233 5240 upnphost - ok
15:15:44.0292 5240 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
15:15:44.0293 5240 USBAAPL64 - ok
15:15:44.0359 5240 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:15:44.0382 5240 usbccgp - ok
15:15:44.0454 5240 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:15:44.0460 5240 usbcir - ok
15:15:44.0468 5240 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:15:44.0469 5240 usbehci - ok
15:15:44.0538 5240 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:15:44.0547 5240 usbhub - ok
15:15:44.0570 5240 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:15:44.0577 5240 usbohci - ok
15:15:44.0599 5240 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:15:44.0606 5240 usbprint - ok
15:15:44.0635 5240 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:15:44.0636 5240 USBSTOR - ok
15:15:44.0662 5240 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:15:44.0670 5240 usbuhci - ok
15:15:44.0728 5240 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:15:44.0732 5240 UxSms - ok
15:15:44.0759 5240 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:44.0760 5240 VaultSvc - ok
15:15:44.0797 5240 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
15:15:44.0797 5240 VClone - ok
15:15:44.0862 5240 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:15:44.0863 5240 vdrvroot - ok
15:15:44.0935 5240 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:15:44.0952 5240 vds - ok
15:15:45.0009 5240 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:15:45.0017 5240 vga - ok
15:15:45.0072 5240 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:15:45.0079 5240 VgaSave - ok
15:15:45.0142 5240 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:15:45.0154 5240 vhdmp - ok
15:15:45.0214 5240 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:15:45.0222 5240 viaide - ok
15:15:45.0280 5240 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:15:45.0286 5240 volmgr - ok
15:15:45.0359 5240 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:15:45.0368 5240 volmgrx - ok
15:15:45.0444 5240 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:15:45.0453 5240 volsnap - ok
15:15:45.0487 5240 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:15:45.0502 5240 vsmraid - ok
15:15:45.0615 5240 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:15:45.0651 5240 VSS - ok
15:15:45.0799 5240 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:15:45.0807 5240 vwifibus - ok
15:15:45.0821 5240 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:15:45.0828 5240 vwififlt - ok
15:15:45.0835 5240 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:15:45.0836 5240 vwifimp - ok
15:15:45.0914 5240 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:15:45.0932 5240 W32Time - ok
15:15:45.0993 5240 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:15:46.0001 5240 WacomPen - ok
15:15:46.0060 5240 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:15:46.0067 5240 WANARP - ok
15:15:46.0070 5240 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:15:46.0071 5240 Wanarpv6 - ok
15:15:46.0160 5240 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:15:46.0199 5240 WatAdminSvc - ok
15:15:46.0572 5240 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:15:46.0606 5240 wbengine - ok
15:15:46.0778 5240 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:15:46.0793 5240 WbioSrvc - ok
15:15:46.0866 5240 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:15:46.0900 5240 wcncsvc - ok
15:15:46.0937 5240 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:15:46.0941 5240 WcsPlugInService - ok
15:15:46.0996 5240 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:15:47.0004 5240 Wd - ok
15:15:47.0042 5240 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:15:47.0057 5240 Wdf01000 - ok
15:15:47.0072 5240 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:15:47.0079 5240 WdiServiceHost - ok
15:15:47.0082 5240 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:15:47.0084 5240 WdiSystemHost - ok
15:15:47.0145 5240 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:15:47.0156 5240 WebClient - ok
15:15:47.0173 5240 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:15:47.0185 5240 Wecsvc - ok
15:15:47.0197 5240 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:15:47.0203 5240 wercplsupport - ok
15:15:47.0219 5240 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:15:47.0226 5240 WerSvc - ok
15:15:47.0241 5240 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:15:47.0249 5240 WfpLwf - ok
15:15:47.0274 5240 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:15:47.0281 5240 WIMMount - ok
15:15:47.0334 5240 WinDefend - ok
15:15:47.0340 5240 WinHttpAutoProxySvc - ok
15:15:47.0409 5240 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:15:47.0421 5240 Winmgmt - ok
15:15:47.0548 5240 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:15:47.0589 5240 WinRM - ok
15:15:47.0744 5240 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:15:47.0751 5240 WinUSB - ok
15:15:47.0826 5240 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:15:47.0844 5240 Wlansvc - ok
15:15:48.0035 5240 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:15:48.0081 5240 wlidsvc - ok
15:15:48.0127 5240 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:15:48.0128 5240 WmiAcpi - ok
15:15:48.0208 5240 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:15:48.0212 5240 wmiApSrv - ok
15:15:48.0279 5240 WMPNetworkSvc - ok
15:15:48.0289 5240 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:15:48.0297 5240 WPCSvc - ok
15:15:48.0419 5240 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:15:48.0435 5240 WPDBusEnum - ok
15:15:48.0464 5240 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:15:48.0465 5240 ws2ifsl - ok
15:15:48.0498 5240 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:15:48.0504 5240 wscsvc - ok
15:15:48.0508 5240 WSearch - ok
15:15:48.0643 5240 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:15:48.0690 5240 wuauserv - ok
15:15:48.0884 5240 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:15:48.0891 5240 WudfPf - ok
15:15:48.0920 5240 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:15:48.0933 5240 WUDFRd - ok
15:15:48.0993 5240 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:15:49.0000 5240 wudfsvc - ok
15:15:49.0069 5240 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:15:49.0075 5240 WwanSvc - ok
15:15:49.0128 5240 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
15:15:49.0135 5240 xusb21 - ok
15:15:49.0164 5240 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:15:49.0234 5240 \Device\Harddisk0\DR0 - ok
15:15:49.0242 5240 Boot (0x1200) (ba9665e639ffc8e0bc4e92f519702b67) \Device\Harddisk0\DR0\Partition0
15:15:49.0244 5240 \Device\Harddisk0\DR0\Partition0 - ok
15:15:49.0245 5240 ============================================================
15:15:49.0245 5240 Scan finished
15:15:49.0245 5240 ============================================================
15:15:49.0256 5236 Detected object count: 0
15:15:49.0256 5236 Actual detected object count: 0



aswMBR did not ask me to download extra definitions like you said it would..

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-28 15:17:06
-----------------------------
15:17:06.761 OS Version: Windows x64 6.1.7601 Service Pack 1
15:17:06.761 Number of processors: 2 586 0x170A
15:17:06.762 ComputerName: ED-WORD-PC UserName: Dr. Jocta
15:17:07.772 Initialize success
15:17:07.938 AVAST engine defs: 12042801
15:17:29.010 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:17:29.012 Disk 0 Vendor: ST9320421AS SD13 Size: 305245MB BusType: 11
15:17:29.067 Disk 0 MBR read successfully
15:17:29.070 Disk 0 MBR scan
15:17:29.072 Disk 0 Windows 7 default MBR code
15:17:29.075 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
15:17:29.089 Disk 0 scanning C:\Windows\system32\drivers
15:17:43.627 Service scanning
15:18:14.347 Modules scanning
15:18:14.353 Disk 0 trace - called modules:
15:18:14.389 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:18:14.393 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c18060]
15:18:14.396 3 CLASSPNP.SYS[fffff88000e4f43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a6e1f0]
15:18:17.545 AVAST engine scan C:\Windows
15:18:38.800 AVAST engine scan C:\Windows\system32
15:26:15.413 AVAST engine scan C:\Windows\system32\drivers
15:26:33.123 AVAST engine scan C:\Users\Dr. Jocta
15:56:49.745 AVAST engine scan C:\ProgramData
16:19:55.490 Scan finished successfully
16:21:26.900 Disk 0 MBR has been saved successfully to "C:\Users\Dr. Jocta\Documents\MBR.dat"
16:21:26.933 The log file has been saved successfully to "C:\Users\Dr. Jocta\Documents\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 28 April 2012 - 06:49 PM

Hello

I want you to uninstall firefox, If asked about user data or settings then remove that also.

You may keep the bookmarks - http://www.bleepingcomputer.com/forums/index.php?app=forums&module=post&section=post&do=reply_post&f=22&t=451722


let me know how things are after


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 etcetcetc

etcetcetc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 28 April 2012 - 06:59 PM

Uninstalled and reinstalled firefox and have not had any redirects. I'm still a bit concerned; does this mean the virus was within the firefox files and it is gone, or what? I just feel that uninstalling firefox is not really a way to get rid of a virus. I would just like to err on the side of caution, not checking my bank account, etc, until I get a response.

Also thanks so much for your help! I really really appreciate it!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 28 April 2012 - 07:48 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\Ask.com

DDS::
uStart Page = hxxp://start.funmoods.com/?f=1&a=bf

Firefox::
FF - ProfilePath - c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\shtss53t.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.homepage.dontask, true);user_pref(extensions.funmoods_i.hmpg, true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=bf
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=bf
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=bf&q=
FF - user.js: extensions.funmoods_i.id - bc47843400000000000000216a55d9f5
FF - user.js: extensions.funmoods_i.instlDay - 15423
FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.22:56
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - bf
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 etcetcetc

etcetcetc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 29 April 2012 - 12:37 PM

ComboFix 12-04-29.01 - Dr. Jocta 04/29/2012 13:00:50.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2475 [GMT -4:00]
Running from: c:\users\Dr. Jocta\Desktop\ComboFix.exe
Command switches used :: c:\users\Dr. Jocta\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 17:12 . 2012-04-29 17:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-29 17:12 . 2012-04-29 17:12 -------- d-----w- c:\users\DRC93C~1~JOC\AppData\Local\temp
2012-04-29 17:12 . 2012-04-29 17:12 -------- d-----w- c:\users\DR06F0~1~JOC\AppData\Local\temp
2012-04-29 17:12 . 2012-04-29 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 02:40 . 2012-04-25 02:40 -------- d-----w- c:\program files (x86)\SteelSeries
2012-04-20 06:31 . 2012-04-20 06:31 -------- d-----w- c:\program files\iTunes
2012-04-20 06:31 . 2012-04-20 06:31 -------- d-----w- c:\program files\iPod
2012-04-20 06:29 . 2012-04-20 06:29 -------- d-----w- c:\program files\Bonjour
2012-04-20 06:25 . 2012-04-20 06:25 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-04-19 22:19 . 2012-04-19 22:19 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-04-19 21:35 . 2012-04-19 21:35 27936 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-04-19 21:35 . 2012-04-19 22:19 -------- d-----w- c:\programdata\HitmanPro
2012-04-19 21:02 . 2012-04-19 21:02 -------- d-----w- c:\program files (x86)\ESET
2012-04-11 05:26 . 2012-04-11 05:26 -------- d-----w- c:\program files\Enigma Software Group
2012-04-11 04:45 . 2012-04-11 04:45 -------- d-----w- c:\program files (x86)\Anvisoft
2012-04-11 04:32 . 2012-04-11 04:32 -------- d-----w- c:\users\Dr. Jocta\AppData\Roaming\SpeedyPC Software
2012-04-11 04:32 . 2012-04-11 04:32 -------- d-----w- c:\users\Dr. Jocta\AppData\Roaming\DriverCure
2012-04-11 04:32 . 2012-04-11 04:44 -------- d-----w- c:\programdata\SpeedyPC Software
2012-04-10 23:44 . 2012-04-10 23:44 -------- d-----w- c:\users\Dr. Jocta\AppData\Local\Deployment
2012-04-10 21:48 . 2012-04-10 21:48 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 21:48 . 2012-04-10 21:48 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 21:48 . 2012-04-10 21:48 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 21:48 . 2012-04-10 21:48 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 21:48 . 2012-04-10 21:48 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 21:48 . 2012-04-10 21:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 21:48 . 2012-04-10 21:48 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 21:34 . 2012-04-10 21:34 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 21:34 . 2012-04-10 21:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-10 21:34 . 2012-04-10 21:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-10 21:01 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-04-10 21:01 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-04-10 21:01 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-10 21:01 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-10 21:01 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-10 21:01 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-04-10 21:01 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-10 21:01 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-10 21:01 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-10 21:01 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-06 21:17 . 2012-04-11 06:55 -------- d-----w- c:\users\UpdatusUser.ED-WORD-PC
2012-04-06 21:10 . 2012-03-01 00:02 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-04-06 21:10 . 2012-03-01 00:02 19444544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-04-06 21:10 . 2012-03-01 00:02 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-04-06 21:10 . 2012-03-01 00:02 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-04-06 21:10 . 2012-03-01 00:02 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-04-06 21:10 . 2012-03-01 00:02 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-04-06 21:10 . 2012-03-01 00:02 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-04-06 20:43 . 2012-04-11 10:42 -------- d-----w- C:\337241c6cdbc18c83b845faf
2012-04-06 20:41 . 2012-03-01 00:02 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 20:41 . 2012-03-01 00:02 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 20:40 . 2012-03-01 00:02 25543488 ----a-w- c:\windows\system32\nvoglv64.dll
2012-04-06 20:40 . 2012-03-01 00:02 13626688 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-04-06 20:40 . 2012-03-01 00:02 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-04-06 20:40 . 2012-03-01 00:02 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-04-06 20:40 . 2012-03-01 00:02 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-04-06 20:40 . 2012-03-01 00:02 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-04-06 20:40 . 2012-03-01 00:02 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-04-06 20:40 . 2012-03-01 00:02 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-04-06 20:40 . 2012-03-01 00:02 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-04-03 23:41 . 2012-04-11 10:32 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-28 18:34 . 2012-04-27 11:39 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6021868A-453B-4F9A-BE0D-D48417A76AF2}\offreg.dll
2012-04-13 08:46 . 2012-04-27 11:37 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6021868A-453B-4F9A-BE0D-D48417A76AF2}\mpengine.dll
2012-04-04 19:56 . 2010-12-30 05:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 23:41 . 2010-05-17 02:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-01 00:02 . 2011-09-17 20:25 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2011-03-19 04:21 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2010-12-31 20:26 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-29 21:00 . 2011-03-17 08:03 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2011-03-17 08:03 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2011-03-17 08:03 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2011-03-17 08:02 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2011-03-17 08:02 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 20:59 . 2011-01-08 00:49 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-23 18:24 . 2012-02-04 09:44 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-23 14:18 . 2009-10-02 18:52 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 23:43 . 2012-02-17 23:43 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 23:43 . 2012-02-17 23:43 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 23:43 . 2012-02-17 23:43 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 23:43 . 2012-02-17 23:43 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 23:42 . 2012-02-17 23:42 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-17 23:29 . 2012-02-17 23:29 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-17 23:29 . 2012-02-17 23:29 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-01-30 17:59 . 2012-01-30 17:59 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-30 17:59 . 2012-01-30 17:59 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-30 17:59 . 2012-01-30 17:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-01-30 17:59 . 2012-01-30 17:59 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-30 17:59 . 2012-01-30 17:59 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-30 17:59 . 2012-01-30 17:59 395776 ----a-w- c:\windows\system32\webio.dll
2012-01-30 17:59 . 2012-01-30 17:59 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-30 17:59 . 2012-01-30 17:59 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-01-30 17:59 . 2012-01-30 17:59 31232 ----a-w- c:\windows\system32\lsass.exe
2012-01-30 17:59 . 2012-01-30 17:59 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-30 17:59 . 2012-01-30 17:59 28160 ----a-w- c:\windows\system32\secur32.dll
2012-01-30 17:59 . 2012-01-30 17:59 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-30 17:59 . 2012-01-30 17:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-30 17:59 . 2012-01-30 17:59 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-30 17:59 . 2012-01-30 17:59 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-30 17:59 . 2012-01-30 17:59 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-01-30 17:58 . 2012-01-30 17:58 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-30 17:58 . 2012-01-30 17:58 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-30 17:58 . 2012-01-30 17:58 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-30 17:58 . 2012-01-30 17:58 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-30 17:56 . 2012-01-30 17:56 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-30 17:56 . 2012-01-30 17:56 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-28_18.59.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-02-20 15:06 . 2012-04-28 18:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-20 15:06 . 2012-04-29 17:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-20 15:06 . 2012-04-28 18:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-20 15:06 . 2012-04-29 17:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-28 18:53 . 2012-04-28 18:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-29 17:14 . 2012-04-29 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-28 18:53 . 2012-04-28 18:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-29 17:14 . 2012-04-29 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-04-29 17:13 391992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-28 18:52 391992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-07-17 07:40 . 2012-04-29 17:13 59148008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2589133619-3114681864-92287215-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Dr. Jocta\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-2-24 495104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 HitmanPro36Crusader;HitmanPro 3.6 Crusader;c:\users\Dr. Jocta\Downloads\HitmanPro36_x64.exe [2012-04-19 8252840]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SysInfo;SysInfo;c:\windows\system32\drivers\SysInfo.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2010-08-19 783616]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2008-05-13 36864]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 02:35]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 02:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-07-04 10:06 4845832 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-07-04 10:06 4845832 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1216808]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"DeLay"="c:\windows\BisonCam\DeLay.exe" [2008-03-12 53248]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Dr. Jocta\AppData\Roaming\Mozilla\Firefox\Profiles\peb69b4q.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
.
**************************************************************************
.
Completion time: 2012-04-29 13:23:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-29 17:23
ComboFix2.txt 2012-04-28 19:06
.
Pre-Run: 88,583,249,920 bytes free
Post-Run: 88,540,180,480 bytes free
.
- - End Of File - - 938E159E1AFFBA6AF098806B542FA7A9



Everything seems to be fine, no redirects..

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 29 April 2012 - 12:49 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Ask Toolbar
Ask Toolbar Updater
Bing Bar
BitTorrent
DAEMON Tools Toolbar
StartNow Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 etcetcetc

etcetcetc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 30 April 2012 - 01:10 PM

I've done everything you said except for deleting bittorrent since I use it often. If you know of a better torrenting software to use that would be great. :)


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.30.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dr. Jocta :: ED-WORD-PC [administrator]

4/30/2012 1:57:11 PM
mbam-log-2012-04-30 (13-57-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252990
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:08:15 PM, on 4/30/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\BisonCam\DeLay.exe
C:\Users\Dr. Jocta\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKCU\..\Run: [F.lux] "C:\Users\Dr. Jocta\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-21-2589133619-3114681864-92287215-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2589133619-3114681864-92287215-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) - Unknown owner - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro 3.6 Crusader (HitmanPro36Crusader) - SurfRight B.V. - C:\Users\Dr. Jocta\Downloads\HitmanPro36_x64.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12273 bytes


Haven't noticed anything strange with my computer; everything seems to be working smoothly.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 30 April 2012 - 01:13 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [F.lux] "C:\Users\Dr. Jocta\Local Settings\Apps\F.lux\flux.exe" /noshow
      O4 - HKUS\S-1-5-21-2589133619-3114681864-92287215-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-2589133619-3114681864-92287215-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 etcetcetc

etcetcetc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 01 May 2012 - 02:14 AM

C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll Win32/OpenCandy application
C:\Users\Dr. Jocta\Downloads\siw-setup.exe Win32/OpenCandy application

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 01 May 2012 - 02:22 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll"
    del /f /s /q "C:\Users\Dr. Jocta\Downloads\siw-setup.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 etcetcetc

etcetcetc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 02 May 2012 - 01:06 AM

All right, I've taken care of everything you said.
I cannot thank you enough for your time, effort, and expertise. I truly appreciate it. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users