Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Access? Popups Errors & Problems... OhMy


  • This topic is locked This topic is locked
23 replies to this topic

#1 KnowJustEnough

KnowJustEnough

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 28 April 2012 - 02:57 PM

Hello, I am a new member and am having trouble as described below. Knowledgable Advise would be greatly appreciated as you may have guessed from My name-KnowJustEnough... to be dangerous!

PROBLEM COMPUTER:
HP p6112p - Win Vista Home Premium SP2 - Pertium Dual Core E6300 - 8GB - 64 Bit OS
Running IE 8 (Yahoo Optimized) - Yahoo Search Engine
AVG - MBAM (Also Added Spybot yesterday)

NETWORK:
Netgear WNDR3400-WPA-PSK (TKIP)
Networked with 4 other computers, My Dell w/ XP, Dell Laptop w/ Vista, Dell Laptop w/ Win7 & HP Mini w/ Vista

This Computer is mainly used to view news articles, you tube vids and for misc research by my husband.
The computer will often sit idle for a week while he is on the road but has to be on as I run main phone line (magicjack) through it. Therefor, always connected to network & net.

NOTE: I have not deleted any files other than the Folder named .BDM and the file ehshell.exe and those found with AVG, MBAM, Sbybot, TDSS Killer.
I have attempted to delete some Temp files without success-"You Do Not Have Access..."

ISSUES: Began running slower, progressively a few months ago.

IE Lockups became frequent over the last few weeks.

Last few days-Upon clicking a link new IE windows would begin opening in rapid succession continuously, closing one opens another etc.
The only way to end is has been CTRLALTDEL and then that wouldn't even work and a hard shut down was the only option.
Of course after restarting it would happen again shortly. I noticed that, from what I could see it was generally the same page that he was already on opening over and over again.
The environment this generally takes place in is when viewing Yahoo news articles and comments, commenting and also Fox News.
In watching activity on bottom bar it is predomenantly showing: static.ak.fbcdn.net/connect
(We do not have Facebook, You Tube or any of the like type accounts-only Yahoo.)

At this point the "knowjustenough" in me took over-cautiously. I just had an ordeal with his HP Mini & System Check Virus-we'll get to that later.
Using mainly these forums and a few others as well as searching files I found I am leaning toward a variant of win32k.sys and/or IRCBot bundled with who knows what.

WHAT I HAVE DONE:
Autoruns - viewed only
HiJackThis - viewed only
MBAM Updated & Scanned - Full Scan found 0
AVG Updated, Rootkit Scan & Full Safemode Scan - 0 Found
Spybot S & D Updated, Immunized & Ran - Found & Deleted w3i.IQ5.fraud
TDSS Killer - Nothing
RKUnhooker - Unzipped with 7 Zip, Installed (took a couple tries) but upon attempting to Run as Admin I get an Error loading Driver, NTSTATUS code: 0xC000036B
TCF - Deleted various Temp Files
Tried OTH & OTL without success as well.

At this point I began poking around and checking your database and the HiJackThis Log finding a few interesting things. (Again I did not just go deleting willy nilly)
2 Items I have deleted (I think successfully-hopefully not incorrectly) are the Folder named .BDM and the file ehshell.exe
I find many processes of iexplore.exe and svchost.exe running simultaneously some with high mem usage at times;
Just in looking at file names I have also found many questionable but possible legit files;
And there are many "AMD64" type files in many locations which I am highly suspicious after finding files named: setupapi.dev setupapi.app setupapi.ev1 .ev2 .ev3
After viewing the logs of setupapi.dev & setupapi.app I went to investigate the files shown and attempted to delete the contents of C:Windows\inf\Temp Folder and was denied access.
(I would be happy to provide the txt files if necessary)

During this whole process the first time I tried to enter Safe Mode at startup with F8 the comp simply stayed black screen for over an hour. After cold restart I checked the boot drive and it had switched to the CD/DVD Drive, I switched back to hard drive and have now been entering Safe Mode through MSConfig (which I don't know how to retain networking in safe using this method).

Now when starting in Normal Mode I immediately receive a message of:
System Settings Protector has Stopped Working
Only has an option to close it.

Also we have a Windows Update that continuously fails to install: KB2680317 Failed Code 646


I know this is a lot of info but I want to be thorough-if any is unrelated to potential malware please disregard, it can be dealt with later. If you don't mention it I will assume unrelated as I do not want your time or mine wasted. Let me know what logs you need and if you want them pasted in post or attached and I will send them ASAP.
I have gotten myself very lost in all the file names and locations that are so similar some bad some good that I do not feel comfortable continuing being unable to run RKU and TDSS not finding anything and will not run Combofix by myself.

Thank you in advance for any help and for all your services in general in the "War" we all seem to be facing!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 28 April 2012 - 11:32 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 KnowJustEnough

KnowJustEnough
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 01 May 2012 - 09:43 PM

Sorry for my delay-thank you for responding.

Here are the logs you requested:

CHECKUP

Results of screen317's Security Check version 0.99.32
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Rootkit Unhooker Uninstall
Rootkit Unhooker LE 3.8 SR 2
Java™ 6 Update 31
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````



DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19222
Run by john at 21:25:19 on 2012-05-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8181.5997 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wuauclt.exe
C:\Windows\splwow64.exe
C:\Users\john\Desktop\SecurityCheck.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [cdloader] "C:\Users\john\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3E94D92C-4AA8-45F2-83E2-88A584AA870E} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-3 654408]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-27 1153368]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 253088]
S3 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-12-19 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-28 21:27:24 -------- d-----w- C:\Users\john\AppData\Local\visi_coupon
2012-04-28 01:53:48 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
2012-04-28 01:45:22 -------- d-----w- C:\Windows\SysWow64\anlass741
2012-04-27 22:05:44 24320 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys
2012-04-27 21:55:45 -------- d-----w- C:\RkUnhooker
2012-04-27 21:27:01 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-27 21:27:01 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-27 20:59:31 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2012-04-27 20:59:06 388096 ----a-r- C:\Users\john\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-27 20:59:06 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-27 20:56:59 -------- d-----w- C:\Kill
2012-04-25 23:11:02 -------- d-----w- C:\Autoruns
2012-04-24 12:01:28 -------- d-----w- C:\Windows\pss
2012-04-13 23:11:54 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 22:39:12 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 22:38:37 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 22:38:37 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 22:38:37 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 22:38:37 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 22:38:37 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 22:38:37 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 22:38:37 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 21:58:50 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-04-11 21:58:50 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2012-04-13 23:12:02 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 23:12:02 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-27 12:04:12 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-28 11:30:48 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 11:25:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 11:25:17 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 11:25:03 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-02-28 11:25:03 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-02-28 10:07:57 385024 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 08:12:52 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-02-28 08:08:30 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-28 06:34:19 1147392 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:30:31 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 06:30:17 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:30:01 77312 ----a-w- C:\Windows\System32\iesetup.dll
2012-02-28 06:30:01 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2012-02-28 05:41:20 479232 ----a-w- C:\Windows\System32\html.iec
2012-02-28 05:00:09 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-02-28 04:58:53 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 21:25:36.04 ===============


Thanks again - have not been using computer except for idle connection for magicjack and for this post. No issues so far.

I will not perform any other actions until your reply.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 01 May 2012 - 11:18 PM

Hello

You know you are missing allot of updates to windows? - Is there a reason you have not been updating the computer?

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 KnowJustEnough

KnowJustEnough
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 02 May 2012 - 12:42 AM

I was suprised when the log showed out of date-it is set for automatic updates and does so frequently and I have manually searched as well, the only one that shows up is the one mentioned in my orig post
"Also we have a Windows Update that continuously fails to install: KB2680317 Failed Code 646"
I don't understand how this could happen.

Will post Combofix tomorrow nite.

Thank you!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 02 May 2012 - 12:53 AM

It may just be a glitch in the first program - looking at the DDS report it shows you as sp2 and that is where you should be


see you tomarrow


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 KnowJustEnough

KnowJustEnough
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 02 May 2012 - 10:27 PM

Hi Gringo,

Here is the Combofix Log-I hope its ok cause I didn't think about it till it restarted but AVG, MBAM & Magicjack all started when it restarted.

Also I am still getting the "System Settings Protector has stopped working" message at startup, it happened when combofix restarted also.

I clicked around in the forum for a bit last to test the waters and didn't seem to have any issues or redirects, no blocked threats etc.
It seems when staying away from yahoo at least that the only problem is the message at startup.
I would like to remove all the yahoo addons etc and change search engine or switch to chrome when we are done with all this.


COMBOFIX:

ComboFix 12-05-02.04 - john 05/02/2012 21:54:47.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8181.6126 [GMT -5:00]
Running from: c:\users\john\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\john\AppData\Roaming\Microsoft\Windows\Recent\callmynah.com-.url
c:\users\john\AppData\Roaming\Microsoft\Windows\Recent\Ed Materials - FMCSA.url
.
.
((((((((((((((((((((((((( Files Created from 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))))
.
.
2012-05-03 03:02 . 2012-05-03 03:08 -------- d-----w- c:\users\john\AppData\Local\temp
2012-05-03 03:02 . 2012-05-03 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-28 21:27 . 2012-04-28 21:27 -------- d-----w- c:\users\john\AppData\Local\visi_coupon
2012-04-28 01:53 . 2012-04-28 19:20 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2012-04-28 01:45 . 2012-04-28 01:45 -------- d-----w- c:\windows\SysWow64\anlass741
2012-04-28 01:41 . 2012-04-28 01:41 -------- d-----w- c:\program files (x86)\7-Zip
2012-04-27 22:05 . 2012-04-29 00:13 24320 ----a-w- c:\windows\SysWow64\drivers\rkhdrv40.sys
2012-04-27 21:55 . 2012-04-29 00:11 -------- d-----w- C:\RkUnhooker
2012-04-27 21:27 . 2012-05-02 02:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-27 21:27 . 2012-04-27 21:31 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-27 20:59 . 2012-04-28 01:35 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-04-27 20:59 . 2012-04-27 20:59 388096 ----a-r- c:\users\john\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-27 20:59 . 2012-04-27 20:59 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-27 20:56 . 2012-04-28 01:50 -------- d-----w- C:\Kill
2012-04-25 23:11 . 2012-04-25 23:11 -------- d-----w- C:\Autoruns
2012-04-13 23:11 . 2012-04-13 23:11 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 22:39 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 22:38 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 22:38 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 22:38 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 22:38 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 22:38 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 22:38 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 22:38 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 21:58 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-04-11 21:58 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 23:12 . 2012-03-31 10:27 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-13 23:12 . 2011-06-04 11:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2012-02-03 22:31 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 04:04 . 2012-04-01 04:04 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-27 12:04 . 2010-12-18 17:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-14 16:49 . 2012-03-14 11:21 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-14 11:21 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-14 11:21 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 11:21 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-14 11:21 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-14 11:21 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-14 11:21 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-14 11:21 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-14 11:21 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-14 11:21 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"cdloader"="c:\users\john\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-08-27 421888]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Monitor 3.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe [2011-12-16 542064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:12]
.
2012-04-20 c:\windows\Tasks\HPCeeScheduleForjohn.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-05-13 01:17]
.
2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\users\john\AppData\Roaming\mjusbsp\st00000\mjsetup.exe
c:\users\john\AppData\Roaming\mjusbsp\magicJack.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-05-02 22:12:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-03 03:12
.
Pre-Run: 764,372,606,976 bytes free
Post-Run: 765,002,113,024 bytes free
.
- - End Of File - - A14D979C9A1C16FAB7C9DE2A0B95075A


Thank you Gringo!!! B)

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 02 May 2012 - 10:40 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 KnowJustEnough

KnowJustEnough
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 03 May 2012 - 12:14 AM

Here we go...



23:39:04.0529 3960 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
23:39:05.0184 3960 ============================================================
23:39:05.0184 3960 Current date / time: 2012/05/02 23:39:05.0184
23:39:05.0184 3960 SystemInfo:
23:39:05.0184 3960
23:39:05.0184 3960 OS Version: 6.0.6002 ServicePack: 2.0
23:39:05.0184 3960 Product type: Workstation
23:39:05.0184 3960 ComputerName: ROADHOG
23:39:05.0184 3960 UserName: john
23:39:05.0184 3960 Windows directory: C:\Windows
23:39:05.0184 3960 System windows directory: C:\Windows
23:39:05.0184 3960 Running under WOW64
23:39:05.0184 3960 Processor architecture: Intel x64
23:39:05.0184 3960 Number of processors: 2
23:39:05.0184 3960 Page size: 0x1000
23:39:05.0184 3960 Boot type: Normal boot
23:39:05.0184 3960 ============================================================
23:39:05.0496 3960 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:39:05.0543 3960 ============================================================
23:39:05.0543 3960 \Device\Harddisk0\DR0:
23:39:05.0543 3960 MBR partitions:
23:39:05.0543 3960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x72BAC9C9
23:39:05.0543 3960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x72BACA08, BlocksNum 0x1B58FB9
23:39:05.0543 3960 ============================================================
23:39:05.0605 3960 C: <-> \Device\Harddisk0\DR0\Partition0
23:39:05.0652 3960 D: <-> \Device\Harddisk0\DR0\Partition1
23:39:05.0652 3960 ============================================================
23:39:05.0652 3960 Initialize success
23:39:05.0652 3960 ============================================================
23:39:12.0079 4540 ============================================================
23:39:12.0079 4540 Scan started
23:39:12.0079 4540 Mode: Manual;
23:39:12.0079 4540 ============================================================
23:39:12.0609 4540 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
23:39:12.0625 4540 ACPI - ok
23:39:12.0734 4540 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:39:12.0734 4540 AdobeFlashPlayerUpdateSvc - ok
23:39:12.0781 4540 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
23:39:12.0781 4540 adp94xx - ok
23:39:12.0812 4540 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
23:39:12.0812 4540 adpahci - ok
23:39:12.0843 4540 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
23:39:12.0843 4540 adpu160m - ok
23:39:12.0875 4540 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
23:39:12.0875 4540 adpu320 - ok
23:39:12.0921 4540 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
23:39:12.0921 4540 AeLookupSvc - ok
23:39:12.0968 4540 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
23:39:12.0968 4540 AFD - ok
23:39:12.0999 4540 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
23:39:12.0999 4540 agp440 - ok
23:39:13.0031 4540 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
23:39:13.0031 4540 aic78xx - ok
23:39:13.0046 4540 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
23:39:13.0046 4540 ALG - ok
23:39:13.0077 4540 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
23:39:13.0077 4540 aliide - ok
23:39:13.0093 4540 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
23:39:13.0093 4540 amdide - ok
23:39:13.0109 4540 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
23:39:13.0109 4540 AmdK8 - ok
23:39:13.0140 4540 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
23:39:13.0140 4540 Appinfo - ok
23:39:13.0187 4540 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
23:39:13.0187 4540 arc - ok
23:39:13.0202 4540 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
23:39:13.0202 4540 arcsas - ok
23:39:13.0249 4540 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
23:39:13.0249 4540 AsyncMac - ok
23:39:13.0265 4540 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
23:39:13.0265 4540 atapi - ok
23:39:13.0311 4540 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
23:39:13.0311 4540 AudioEndpointBuilder - ok
23:39:13.0327 4540 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
23:39:13.0327 4540 AudioSrv - ok
23:39:13.0623 4540 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
23:39:13.0655 4540 AVGIDSAgent - ok
23:39:13.0764 4540 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
23:39:13.0764 4540 AVGIDSDriver - ok
23:39:13.0779 4540 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
23:39:13.0795 4540 AVGIDSEH - ok
23:39:13.0795 4540 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
23:39:13.0795 4540 AVGIDSFilter - ok
23:39:13.0826 4540 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
23:39:13.0826 4540 Avgldx64 - ok
23:39:13.0842 4540 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
23:39:13.0842 4540 Avgmfx64 - ok
23:39:13.0873 4540 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
23:39:13.0873 4540 Avgrkx64 - ok
23:39:13.0904 4540 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
23:39:13.0904 4540 Avgtdia - ok
23:39:13.0998 4540 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
23:39:13.0998 4540 avgwd - ok
23:39:14.0013 4540 Beep - ok
23:39:14.0060 4540 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
23:39:14.0076 4540 BFE - ok
23:39:14.0154 4540 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
23:39:14.0154 4540 BITS - ok
23:39:14.0185 4540 BlackBox - ok
23:39:14.0216 4540 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
23:39:14.0216 4540 blbdrive - ok
23:39:14.0263 4540 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
23:39:14.0263 4540 bowser - ok
23:39:14.0294 4540 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
23:39:14.0294 4540 BrFiltLo - ok
23:39:14.0325 4540 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
23:39:14.0325 4540 BrFiltUp - ok
23:39:14.0357 4540 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
23:39:14.0357 4540 Browser - ok
23:39:14.0403 4540 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
23:39:14.0403 4540 Brserid - ok
23:39:14.0419 4540 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
23:39:14.0419 4540 BrSerWdm - ok
23:39:14.0450 4540 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
23:39:14.0450 4540 BrUsbMdm - ok
23:39:14.0450 4540 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
23:39:14.0450 4540 BrUsbSer - ok
23:39:14.0466 4540 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
23:39:14.0466 4540 BTHMODEM - ok
23:39:14.0481 4540 catchme - ok
23:39:14.0497 4540 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
23:39:14.0497 4540 cdfs - ok
23:39:14.0544 4540 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
23:39:14.0544 4540 cdrom - ok
23:39:14.0575 4540 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
23:39:14.0575 4540 CertPropSvc - ok
23:39:14.0591 4540 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
23:39:14.0606 4540 circlass - ok
23:39:14.0637 4540 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
23:39:14.0637 4540 CLFS - ok
23:39:14.0684 4540 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:39:14.0684 4540 clr_optimization_v2.0.50727_32 - ok
23:39:14.0715 4540 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:39:14.0731 4540 clr_optimization_v2.0.50727_64 - ok
23:39:14.0793 4540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:39:14.0793 4540 clr_optimization_v4.0.30319_32 - ok
23:39:14.0809 4540 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:39:14.0809 4540 clr_optimization_v4.0.30319_64 - ok
23:39:14.0825 4540 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
23:39:14.0825 4540 cmdide - ok
23:39:14.0840 4540 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
23:39:14.0840 4540 Compbatt - ok
23:39:14.0840 4540 COMSysApp - ok
23:39:14.0871 4540 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
23:39:14.0871 4540 crcdisk - ok
23:39:14.0903 4540 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
23:39:14.0903 4540 CryptSvc - ok
23:39:14.0981 4540 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
23:39:14.0981 4540 DcomLaunch - ok
23:39:15.0012 4540 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
23:39:15.0012 4540 DfsC - ok
23:39:15.0199 4540 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
23:39:15.0215 4540 DFSR - ok
23:39:15.0324 4540 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
23:39:15.0324 4540 Dhcp - ok
23:39:15.0339 4540 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
23:39:15.0339 4540 disk - ok
23:39:15.0386 4540 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
23:39:15.0386 4540 Dnscache - ok
23:39:15.0433 4540 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
23:39:15.0433 4540 dot3svc - ok
23:39:15.0464 4540 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
23:39:15.0464 4540 DPS - ok
23:39:15.0495 4540 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
23:39:15.0495 4540 drmkaud - ok
23:39:15.0573 4540 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
23:39:15.0573 4540 DXGKrnl - ok
23:39:15.0620 4540 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
23:39:15.0620 4540 E1G60 - ok
23:39:15.0651 4540 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
23:39:15.0651 4540 EapHost - ok
23:39:15.0683 4540 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
23:39:15.0683 4540 Ecache - ok
23:39:15.0745 4540 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
23:39:15.0745 4540 ehRecvr - ok
23:39:15.0761 4540 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
23:39:15.0761 4540 ehSched - ok
23:39:15.0792 4540 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
23:39:15.0792 4540 ehstart - ok
23:39:15.0839 4540 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
23:39:15.0839 4540 elxstor - ok
23:39:15.0901 4540 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
23:39:15.0901 4540 EMDMgmt - ok
23:39:15.0917 4540 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
23:39:15.0917 4540 ErrDev - ok
23:39:15.0948 4540 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
23:39:15.0963 4540 EventSystem - ok
23:39:15.0995 4540 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
23:39:15.0995 4540 exfat - ok
23:39:16.0041 4540 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
23:39:16.0057 4540 fastfat - ok
23:39:16.0088 4540 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
23:39:16.0088 4540 fdc - ok
23:39:16.0119 4540 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
23:39:16.0119 4540 fdPHost - ok
23:39:16.0135 4540 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
23:39:16.0135 4540 FDResPub - ok
23:39:16.0151 4540 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
23:39:16.0151 4540 FileInfo - ok
23:39:16.0166 4540 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
23:39:16.0166 4540 Filetrace - ok
23:39:16.0307 4540 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
23:39:16.0307 4540 FlipShare Service - ok
23:39:16.0400 4540 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
23:39:16.0400 4540 FlipShareServer - ok
23:39:16.0494 4540 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:39:16.0494 4540 flpydisk - ok
23:39:16.0525 4540 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
23:39:16.0525 4540 FltMgr - ok
23:39:16.0634 4540 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
23:39:16.0650 4540 FontCache - ok
23:39:16.0697 4540 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:39:16.0697 4540 FontCache3.0.0.0 - ok
23:39:16.0743 4540 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
23:39:16.0743 4540 Fs_Rec - ok
23:39:16.0775 4540 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
23:39:16.0790 4540 gagp30kx - ok
23:39:16.0868 4540 GameConsoleService (db3d8979064ce299927cc1da57e9a659) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
23:39:16.0868 4540 GameConsoleService - ok
23:39:16.0915 4540 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
23:39:16.0946 4540 gpsvc - ok
23:39:17.0009 4540 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:39:17.0040 4540 HDAudBus - ok
23:39:17.0087 4540 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
23:39:17.0087 4540 HidBth - ok
23:39:17.0102 4540 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
23:39:17.0102 4540 HidIr - ok
23:39:17.0133 4540 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
23:39:17.0133 4540 hidserv - ok
23:39:17.0149 4540 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
23:39:17.0149 4540 HidUsb - ok
23:39:17.0180 4540 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
23:39:17.0180 4540 hkmsvc - ok
23:39:17.0274 4540 HP Health Check Service (aa9ef0b395097f24d289f64445b2fd2e) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
23:39:17.0274 4540 HP Health Check Service - ok
23:39:17.0321 4540 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
23:39:17.0321 4540 HpCISSs - ok
23:39:17.0383 4540 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
23:39:17.0383 4540 HTTP - ok
23:39:17.0414 4540 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
23:39:17.0414 4540 i2omp - ok
23:39:17.0445 4540 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
23:39:17.0461 4540 i8042prt - ok
23:39:17.0555 4540 IAANTMON (f79525634b192f5a18de503568f94ef3) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
23:39:17.0555 4540 IAANTMON - ok
23:39:17.0601 4540 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys
23:39:17.0601 4540 iaStor - ok
23:39:17.0633 4540 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
23:39:17.0633 4540 iaStorV - ok
23:39:17.0742 4540 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:39:17.0757 4540 idsvc - ok
23:39:18.0210 4540 igfx (a124c87cd0b39c9e510e138534468383) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:39:18.0366 4540 igfx - ok
23:39:18.0475 4540 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
23:39:18.0475 4540 iirsp - ok
23:39:18.0522 4540 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
23:39:18.0537 4540 IKEEXT - ok
23:39:18.0647 4540 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
23:39:18.0662 4540 IntcAzAudAddService - ok
23:39:18.0740 4540 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
23:39:18.0740 4540 intelide - ok
23:39:18.0756 4540 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
23:39:18.0756 4540 intelppm - ok
23:39:18.0787 4540 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
23:39:18.0787 4540 IPBusEnum - ok
23:39:18.0818 4540 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:39:18.0834 4540 IpFilterDriver - ok
23:39:18.0881 4540 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
23:39:18.0881 4540 iphlpsvc - ok
23:39:18.0896 4540 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
23:39:18.0896 4540 IPMIDRV - ok
23:39:18.0927 4540 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
23:39:18.0943 4540 IPNAT - ok
23:39:18.0959 4540 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
23:39:18.0959 4540 IRENUM - ok
23:39:18.0974 4540 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
23:39:18.0990 4540 isapnp - ok
23:39:19.0005 4540 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
23:39:19.0005 4540 iScsiPrt - ok
23:39:19.0021 4540 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
23:39:19.0021 4540 iteatapi - ok
23:39:19.0052 4540 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
23:39:19.0052 4540 iteraid - ok
23:39:19.0068 4540 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
23:39:19.0068 4540 kbdclass - ok
23:39:19.0083 4540 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
23:39:19.0083 4540 kbdhid - ok
23:39:19.0083 4540 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:39:19.0099 4540 KeyIso - ok
23:39:19.0130 4540 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
23:39:19.0130 4540 KSecDD - ok
23:39:19.0161 4540 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
23:39:19.0161 4540 ksthunk - ok
23:39:19.0208 4540 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
23:39:19.0224 4540 KtmRm - ok
23:39:19.0271 4540 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
23:39:19.0271 4540 LanmanServer - ok
23:39:19.0317 4540 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
23:39:19.0317 4540 LanmanWorkstation - ok
23:39:19.0442 4540 LBTServ (4adc135f525d38a498f83b089228cc2d) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
23:39:19.0442 4540 LBTServ - ok
23:39:19.0458 4540 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:39:19.0458 4540 LHidFilt - ok
23:39:19.0536 4540 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:39:19.0536 4540 LightScribeService - ok
23:39:19.0536 4540 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
23:39:19.0536 4540 lltdio - ok
23:39:19.0583 4540 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
23:39:19.0583 4540 lltdsvc - ok
23:39:19.0598 4540 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
23:39:19.0598 4540 lmhosts - ok
23:39:19.0614 4540 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:39:19.0614 4540 LMouFilt - ok
23:39:19.0661 4540 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
23:39:19.0661 4540 LSI_FC - ok
23:39:19.0692 4540 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
23:39:19.0692 4540 LSI_SAS - ok
23:39:19.0723 4540 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
23:39:19.0723 4540 LSI_SCSI - ok
23:39:19.0754 4540 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
23:39:19.0754 4540 luafv - ok
23:39:19.0770 4540 LUsbFilt (b8be35421b9e8dc1ab4b0cb7b9b0328b) C:\Windows\system32\Drivers\LUsbFilt.Sys
23:39:19.0770 4540 LUsbFilt - ok
23:39:19.0817 4540 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
23:39:19.0817 4540 MBAMProtector - ok
23:39:19.0879 4540 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:39:19.0879 4540 MBAMService - ok
23:39:19.0941 4540 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
23:39:19.0957 4540 Mcx2Svc - ok
23:39:20.0004 4540 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
23:39:20.0004 4540 megasas - ok
23:39:20.0051 4540 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
23:39:20.0051 4540 MegaSR - ok
23:39:20.0066 4540 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
23:39:20.0066 4540 MMCSS - ok
23:39:20.0097 4540 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
23:39:20.0097 4540 Modem - ok
23:39:20.0129 4540 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
23:39:20.0129 4540 monitor - ok
23:39:20.0144 4540 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
23:39:20.0144 4540 mouclass - ok
23:39:20.0175 4540 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
23:39:20.0175 4540 mouhid - ok
23:39:20.0191 4540 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
23:39:20.0191 4540 MountMgr - ok
23:39:20.0222 4540 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
23:39:20.0222 4540 mpio - ok
23:39:20.0238 4540 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
23:39:20.0238 4540 mpsdrv - ok
23:39:20.0285 4540 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
23:39:20.0300 4540 MpsSvc - ok
23:39:20.0347 4540 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
23:39:20.0347 4540 Mraid35x - ok
23:39:20.0394 4540 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
23:39:20.0394 4540 MRxDAV - ok
23:39:20.0425 4540 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:39:20.0441 4540 mrxsmb - ok
23:39:20.0472 4540 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:39:20.0487 4540 mrxsmb10 - ok
23:39:20.0487 4540 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:39:20.0487 4540 mrxsmb20 - ok
23:39:20.0503 4540 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
23:39:20.0503 4540 msahci - ok
23:39:20.0534 4540 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
23:39:20.0534 4540 msdsm - ok
23:39:20.0550 4540 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
23:39:20.0550 4540 MSDTC - ok
23:39:20.0550 4540 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
23:39:20.0550 4540 Msfs - ok
23:39:20.0581 4540 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
23:39:20.0581 4540 msisadrv - ok
23:39:20.0612 4540 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
23:39:20.0612 4540 MSiSCSI - ok
23:39:20.0628 4540 msiserver - ok
23:39:20.0659 4540 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
23:39:20.0659 4540 MSKSSRV - ok
23:39:20.0675 4540 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
23:39:20.0675 4540 MSPCLOCK - ok
23:39:20.0690 4540 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
23:39:20.0690 4540 MSPQM - ok
23:39:20.0721 4540 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
23:39:20.0721 4540 MsRPC - ok
23:39:20.0737 4540 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
23:39:20.0737 4540 mssmbios - ok
23:39:20.0784 4540 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
23:39:20.0784 4540 MSTEE - ok
23:39:20.0784 4540 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
23:39:20.0784 4540 Mup - ok
23:39:20.0831 4540 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
23:39:20.0831 4540 napagent - ok
23:39:20.0877 4540 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
23:39:20.0877 4540 NativeWifiP - ok
23:39:20.0955 4540 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
23:39:20.0955 4540 NDIS - ok
23:39:20.0987 4540 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
23:39:20.0987 4540 NdisTapi - ok
23:39:21.0018 4540 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
23:39:21.0018 4540 Ndisuio - ok
23:39:21.0049 4540 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
23:39:21.0049 4540 NdisWan - ok
23:39:21.0065 4540 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
23:39:21.0065 4540 NDProxy - ok
23:39:21.0080 4540 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
23:39:21.0080 4540 NetBIOS - ok
23:39:21.0127 4540 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
23:39:21.0127 4540 netbt - ok
23:39:21.0158 4540 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:39:21.0158 4540 Netlogon - ok
23:39:21.0205 4540 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
23:39:21.0205 4540 Netman - ok
23:39:21.0236 4540 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
23:39:21.0236 4540 netprofm - ok
23:39:21.0283 4540 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:39:21.0283 4540 NetTcpPortSharing - ok
23:39:21.0314 4540 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
23:39:21.0314 4540 nfrd960 - ok
23:39:21.0345 4540 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
23:39:21.0345 4540 NlaSvc - ok
23:39:21.0361 4540 Normandy - ok
23:39:21.0392 4540 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
23:39:21.0392 4540 Npfs - ok
23:39:21.0408 4540 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
23:39:21.0408 4540 nsi - ok
23:39:21.0408 4540 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
23:39:21.0408 4540 nsiproxy - ok
23:39:21.0611 4540 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
23:39:21.0611 4540 Ntfs - ok
23:39:21.0673 4540 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
23:39:21.0673 4540 Null - ok
23:39:21.0704 4540 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
23:39:21.0704 4540 nvraid - ok
23:39:21.0720 4540 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
23:39:21.0720 4540 nvstor - ok
23:39:21.0735 4540 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
23:39:21.0735 4540 nv_agp - ok
23:39:21.0798 4540 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
23:39:21.0798 4540 ohci1394 - ok
23:39:21.0860 4540 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:39:21.0891 4540 p2pimsvc - ok
23:39:21.0891 4540 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:39:21.0907 4540 p2psvc - ok
23:39:21.0938 4540 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
23:39:21.0938 4540 Parport - ok
23:39:21.0969 4540 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
23:39:21.0985 4540 partmgr - ok
23:39:22.0001 4540 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
23:39:22.0001 4540 PcaSvc - ok
23:39:22.0125 4540 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
23:39:22.0125 4540 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
23:39:22.0141 4540 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
23:39:22.0141 4540 pci - ok
23:39:22.0203 4540 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
23:39:22.0203 4540 pciide - ok
23:39:22.0219 4540 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
23:39:22.0219 4540 pcmcia - ok
23:39:22.0266 4540 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
23:39:22.0313 4540 PEAUTH - ok
23:39:22.0422 4540 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
23:39:22.0422 4540 PerfHost - ok
23:39:22.0500 4540 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
23:39:22.0515 4540 pla - ok
23:39:22.0593 4540 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
23:39:22.0609 4540 PlugPlay - ok
23:39:22.0656 4540 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:39:22.0656 4540 PNRPAutoReg - ok
23:39:22.0671 4540 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:39:22.0671 4540 PNRPsvc - ok
23:39:22.0749 4540 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
23:39:22.0765 4540 PolicyAgent - ok
23:39:22.0859 4540 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
23:39:22.0859 4540 PptpMiniport - ok
23:39:22.0890 4540 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
23:39:22.0890 4540 Processor - ok
23:39:22.0921 4540 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
23:39:22.0921 4540 ProfSvc - ok
23:39:22.0937 4540 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:39:22.0937 4540 ProtectedStorage - ok
23:39:22.0983 4540 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
23:39:22.0983 4540 PSched - ok
23:39:23.0046 4540 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
23:39:23.0061 4540 ql2300 - ok
23:39:23.0108 4540 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
23:39:23.0108 4540 ql40xx - ok
23:39:23.0155 4540 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
23:39:23.0155 4540 QWAVE - ok
23:39:23.0171 4540 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
23:39:23.0171 4540 QWAVEdrv - ok
23:39:23.0186 4540 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
23:39:23.0186 4540 RasAcd - ok
23:39:23.0217 4540 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
23:39:23.0217 4540 RasAuto - ok
23:39:23.0233 4540 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:39:23.0233 4540 Rasl2tp - ok
23:39:23.0295 4540 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
23:39:23.0295 4540 RasMan - ok
23:39:23.0327 4540 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
23:39:23.0327 4540 RasPppoe - ok
23:39:23.0358 4540 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
23:39:23.0358 4540 RasSstp - ok
23:39:23.0373 4540 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
23:39:23.0389 4540 rdbss - ok
23:39:23.0405 4540 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:39:23.0405 4540 RDPCDD - ok
23:39:23.0451 4540 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
23:39:23.0451 4540 rdpdr - ok
23:39:23.0467 4540 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
23:39:23.0467 4540 RDPENCDD - ok
23:39:23.0514 4540 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
23:39:23.0514 4540 RDPWD - ok
23:39:23.0545 4540 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
23:39:23.0545 4540 RemoteAccess - ok
23:39:23.0561 4540 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
23:39:23.0561 4540 RemoteRegistry - ok
23:39:23.0561 4540 rkhdrv40 - ok
23:39:23.0576 4540 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
23:39:23.0576 4540 RpcLocator - ok
23:39:23.0623 4540 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
23:39:23.0639 4540 RpcSs - ok
23:39:23.0654 4540 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
23:39:23.0654 4540 rspndr - ok
23:39:23.0685 4540 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
23:39:23.0701 4540 RTL8169 - ok
23:39:23.0717 4540 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:39:23.0717 4540 SamSs - ok
23:39:23.0732 4540 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
23:39:23.0732 4540 sbp2port - ok
23:39:23.0857 4540 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
23:39:23.0873 4540 SBSDWSCService - ok
23:39:23.0935 4540 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
23:39:23.0935 4540 SCardSvr - ok
23:39:23.0997 4540 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
23:39:24.0013 4540 Schedule - ok
23:39:24.0029 4540 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
23:39:24.0044 4540 SCPolicySvc - ok
23:39:24.0091 4540 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
23:39:24.0091 4540 SDRSVC - ok
23:39:24.0107 4540 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:39:24.0107 4540 secdrv - ok
23:39:24.0122 4540 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
23:39:24.0122 4540 seclogon - ok
23:39:24.0138 4540 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
23:39:24.0138 4540 SENS - ok
23:39:24.0153 4540 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
23:39:24.0153 4540 Serenum - ok
23:39:24.0185 4540 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
23:39:24.0185 4540 Serial - ok
23:39:24.0200 4540 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
23:39:24.0200 4540 sermouse - ok
23:39:24.0231 4540 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
23:39:24.0231 4540 SessionEnv - ok
23:39:24.0247 4540 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
23:39:24.0247 4540 sffdisk - ok
23:39:24.0247 4540 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
23:39:24.0247 4540 sffp_mmc - ok
23:39:24.0263 4540 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
23:39:24.0263 4540 sffp_sd - ok
23:39:24.0278 4540 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
23:39:24.0278 4540 sfloppy - ok
23:39:24.0325 4540 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
23:39:24.0325 4540 SharedAccess - ok
23:39:24.0372 4540 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
23:39:24.0372 4540 ShellHWDetection - ok
23:39:24.0403 4540 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
23:39:24.0403 4540 SiSRaid2 - ok
23:39:24.0419 4540 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
23:39:24.0434 4540 SiSRaid4 - ok
23:39:24.0575 4540 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
23:39:24.0606 4540 slsvc - ok
23:39:24.0668 4540 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
23:39:24.0684 4540 SLUINotify - ok
23:39:24.0699 4540 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
23:39:24.0699 4540 Smb - ok
23:39:24.0731 4540 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
23:39:24.0731 4540 SNMPTRAP - ok
23:39:24.0731 4540 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
23:39:24.0731 4540 spldr - ok
23:39:24.0777 4540 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
23:39:24.0777 4540 Spooler - ok
23:39:24.0777 4540 SRTSP - ok
23:39:24.0793 4540 SRTSPX - ok
23:39:24.0840 4540 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
23:39:24.0840 4540 srv - ok
23:39:24.0855 4540 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
23:39:24.0855 4540 srv2 - ok
23:39:24.0871 4540 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
23:39:24.0871 4540 srvnet - ok
23:39:24.0902 4540 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
23:39:24.0902 4540 SSDPSRV - ok
23:39:24.0933 4540 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
23:39:24.0933 4540 SstpSvc - ok
23:39:24.0965 4540 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
23:39:24.0980 4540 stisvc - ok
23:39:25.0027 4540 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
23:39:25.0027 4540 swenum - ok
23:39:25.0089 4540 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
23:39:25.0105 4540 swprv - ok
23:39:25.0136 4540 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
23:39:25.0136 4540 Symc8xx - ok
23:39:25.0152 4540 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
23:39:25.0152 4540 Sym_hi - ok
23:39:25.0183 4540 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
23:39:25.0183 4540 Sym_u3 - ok
23:39:25.0245 4540 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
23:39:25.0261 4540 SysMain - ok
23:39:25.0277 4540 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
23:39:25.0277 4540 TabletInputService - ok
23:39:25.0308 4540 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
23:39:25.0308 4540 TapiSrv - ok
23:39:25.0339 4540 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
23:39:25.0339 4540 TBS - ok
23:39:25.0417 4540 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
23:39:25.0417 4540 Tcpip - ok
23:39:25.0433 4540 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
23:39:25.0433 4540 Tcpip6 - ok
23:39:25.0448 4540 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
23:39:25.0448 4540 tcpipreg - ok
23:39:25.0464 4540 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
23:39:25.0464 4540 TDPIPE - ok
23:39:25.0495 4540 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
23:39:25.0495 4540 TDTCP - ok
23:39:25.0511 4540 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
23:39:25.0511 4540 tdx - ok
23:39:25.0526 4540 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
23:39:25.0542 4540 TermDD - ok
23:39:25.0589 4540 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
23:39:25.0589 4540 TermService - ok
23:39:25.0620 4540 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
23:39:25.0620 4540 Themes - ok
23:39:25.0635 4540 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
23:39:25.0635 4540 THREADORDER - ok
23:39:25.0667 4540 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
23:39:25.0667 4540 TrkWks - ok
23:39:25.0698 4540 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
23:39:25.0698 4540 TrustedInstaller - ok
23:39:25.0729 4540 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:39:25.0729 4540 tssecsrv - ok
23:39:25.0745 4540 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
23:39:25.0745 4540 tunmp - ok
23:39:25.0776 4540 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
23:39:25.0776 4540 tunnel - ok
23:39:25.0807 4540 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
23:39:25.0807 4540 uagp35 - ok
23:39:25.0854 4540 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
23:39:25.0854 4540 udfs - ok
23:39:25.0869 4540 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
23:39:25.0869 4540 UI0Detect - ok
23:39:25.0901 4540 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
23:39:25.0901 4540 uliagpkx - ok
23:39:25.0932 4540 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
23:39:25.0947 4540 uliahci - ok
23:39:25.0963 4540 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
23:39:25.0963 4540 UlSata - ok
23:39:25.0979 4540 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
23:39:25.0994 4540 ulsata2 - ok
23:39:26.0010 4540 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
23:39:26.0010 4540 umbus - ok
23:39:26.0041 4540 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
23:39:26.0041 4540 upnphost - ok
23:39:26.0088 4540 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
23:39:26.0088 4540 usbaudio - ok
23:39:26.0103 4540 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
23:39:26.0103 4540 usbccgp - ok
23:39:26.0135 4540 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
23:39:26.0135 4540 usbcir - ok
23:39:26.0181 4540 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
23:39:26.0181 4540 usbehci - ok
23:39:26.0197 4540 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
23:39:26.0197 4540 usbhub - ok
23:39:26.0213 4540 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
23:39:26.0213 4540 usbohci - ok
23:39:26.0228 4540 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
23:39:26.0228 4540 usbprint - ok
23:39:26.0244 4540 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:39:26.0244 4540 USBSTOR - ok
23:39:26.0259 4540 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
23:39:26.0259 4540 usbuhci - ok
23:39:26.0259 4540 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
23:39:26.0259 4540 UxSms - ok
23:39:26.0322 4540 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
23:39:26.0322 4540 vds - ok
23:39:26.0353 4540 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
23:39:26.0353 4540 vga - ok
23:39:26.0384 4540 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
23:39:26.0384 4540 VgaSave - ok
23:39:26.0415 4540 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
23:39:26.0415 4540 viaide - ok
23:39:26.0431 4540 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
23:39:26.0431 4540 volmgr - ok
23:39:26.0447 4540 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
23:39:26.0462 4540 volmgrx - ok
23:39:26.0478 4540 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
23:39:26.0478 4540 volsnap - ok
23:39:26.0509 4540 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
23:39:26.0509 4540 vsmraid - ok
23:39:26.0603 4540 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
23:39:26.0634 4540 VSS - ok
23:39:26.0665 4540 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
23:39:26.0665 4540 W32Time - ok
23:39:26.0696 4540 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
23:39:26.0696 4540 WacomPen - ok
23:39:26.0727 4540 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:39:26.0727 4540 Wanarp - ok
23:39:26.0727 4540 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:39:26.0727 4540 Wanarpv6 - ok
23:39:26.0759 4540 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
23:39:26.0774 4540 wcncsvc - ok
23:39:26.0821 4540 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
23:39:26.0821 4540 WcsPlugInService - ok
23:39:26.0852 4540 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
23:39:26.0852 4540 Wd - ok
23:39:26.0899 4540 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
23:39:26.0899 4540 Wdf01000 - ok
23:39:26.0930 4540 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
23:39:26.0930 4540 WdiServiceHost - ok
23:39:26.0930 4540 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
23:39:26.0930 4540 WdiSystemHost - ok
23:39:26.0961 4540 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
23:39:26.0961 4540 WebClient - ok
23:39:26.0993 4540 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
23:39:26.0993 4540 Wecsvc - ok
23:39:27.0024 4540 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
23:39:27.0024 4540 wercplsupport - ok
23:39:27.0039 4540 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
23:39:27.0039 4540 WerSvc - ok
23:39:27.0086 4540 WinDefend - ok
23:39:27.0086 4540 WinHttpAutoProxySvc - ok
23:39:27.0149 4540 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
23:39:27.0164 4540 Winmgmt - ok
23:39:27.0273 4540 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
23:39:27.0336 4540 WinRM - ok
23:39:27.0429 4540 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
23:39:27.0445 4540 Wlansvc - ok
23:39:27.0492 4540 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
23:39:27.0492 4540 WmiAcpi - ok
23:39:27.0539 4540 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
23:39:27.0539 4540 wmiApSrv - ok
23:39:27.0570 4540 WMPNetworkSvc - ok
23:39:27.0585 4540 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
23:39:27.0585 4540 WPCSvc - ok
23:39:27.0617 4540 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
23:39:27.0617 4540 WPDBusEnum - ok
23:39:27.0648 4540 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
23:39:27.0648 4540 WpdUsb - ok
23:39:27.0788 4540 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:39:27.0804 4540 WPFFontCache_v0400 - ok
23:39:27.0835 4540 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
23:39:27.0835 4540 ws2ifsl - ok
23:39:27.0866 4540 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
23:39:27.0882 4540 wscsvc - ok
23:39:27.0882 4540 WSearch - ok
23:39:28.0022 4540 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
23:39:28.0053 4540 wuauserv - ok
23:39:28.0131 4540 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:39:28.0131 4540 WUDFRd - ok
23:39:28.0147 4540 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
23:39:28.0147 4540 wudfsvc - ok
23:39:28.0209 4540 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:39:28.0209 4540 YahooAUService - ok
23:39:28.0241 4540 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
23:39:28.0459 4540 \Device\Harddisk0\DR0 - ok
23:39:28.0459 4540 Boot (0x1200) (b3c53ad4f9483d0baccf691a79006738) \Device\Harddisk0\DR0\Partition0
23:39:28.0475 4540 \Device\Harddisk0\DR0\Partition0 - ok
23:39:28.0475 4540 Boot (0x1200) (0dcd097f32ed26646451833116f49166) \Device\Harddisk0\DR0\Partition1
23:39:28.0475 4540 \Device\Harddisk0\DR0\Partition1 - ok
23:39:28.0475 4540 ============================================================
23:39:28.0475 4540 Scan finished
23:39:28.0475 4540 ============================================================
23:39:28.0475 2124 Detected object count: 0
23:39:28.0475 2124 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-02 23:41:26
-----------------------------
23:41:26.783 OS Version: Windows x64 6.0.6002 Service Pack 2
23:41:26.783 Number of processors: 2 586 0x170A
23:41:26.783 ComputerName: ROADHOG UserName: john
23:41:28.702 Initialize success
23:44:36.066 AVAST engine defs: 12050201
23:46:42.940 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:46:42.956 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
23:46:42.972 Disk 0 MBR read successfully
23:46:42.972 Disk 0 MBR scan
23:46:42.987 Disk 0 unknown MBR code
23:46:42.987 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 939865 MB offset 63
23:46:43.018 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14001 MB offset 1924844040
23:46:43.081 Disk 0 scanning C:\Windows\system32\drivers
23:46:50.974 Service scanning
23:47:07.354 Modules scanning
23:47:07.354 Disk 0 trace - called modules:
23:47:07.370 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
23:47:07.370 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b2d790]
23:47:07.386 3 CLASSPNP.SYS[fffffa60011d1c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007919050]
23:47:09.694 AVAST engine scan C:\Windows
23:47:13.423 AVAST engine scan C:\Windows\system32
23:50:14.180 AVAST engine scan C:\Windows\system32\drivers
23:50:36.348 AVAST engine scan C:\Users\john
23:54:03.640 AVAST engine scan C:\ProgramData
23:57:28.406 Scan finished successfully
00:04:50.900 Disk 0 MBR has been saved successfully to "C:\Users\john\Documents\MBR.dat"
00:04:50.900 The log file has been saved successfully to "C:\Users\john\Documents\aswMBR.txt"



Thanks!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 03 May 2012 - 12:27 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 KnowJustEnough

KnowJustEnough
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 03 May 2012 - 12:55 AM

OK - I will do it tomorrow bout same time.
I am beat-sorry.

Have a good day & thank you so much!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 03 May 2012 - 01:06 AM

no problem and I will be around


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 KnowJustEnough

KnowJustEnough
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 04 May 2012 - 12:39 AM

Hey there Gringo-

Had a heck of a day and am already tired :crazy:

Have a few questions before I do this:

1. Do all the AV softwares need to be disabled?

2. I was clickin around and for that the "Allow remote assistance..." box was checked in system prop-that's not good right? It isn't checked on my other computers.
I unchecked & applied, if I shouldn't have let me know.

3. I also had a misclick and turned windows defender on-I did not update it but I don't know how to turn it off now or if I should update it and leave it on.

4. Was going to uninstall all the old Java's & download new-is that what this script does?

5. Is there any reason I can't remove magicjack, lightscribe any any others you suggest from running at startup and start them manually?

6. I'd also like to know if you think switching from AVG to Kapersky or Avast is a good idea, I am leaning toward Kapersky probly just need a push.
I know we won't do it now but I don't want you to waste time on settings for something that might change like that. Also considering Chrome vs IE???
Should I upgrade to Win 7-there is a free upgrade option on this comp.

Still getting the System Settings Protector msg @ startup and had a bit of trouble printing but that may have been network related-printer is conn to my Dimension and used thru it by the rest.
Other than that things seem to be going well.

Thanks a batrillion!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 04 May 2012 - 12:59 AM

Greetings

1.As much as you can.

2. If I remember correctly that is the defualt setting - just read here and in the inforation box at the top of page "By default Remote Assistance is enabled." - http://www.vistax64.com/tutorials/116330-remote-assistance-enable-disable.html

3. http://windows.microsoft.com/en-US/windows-vista/Turn-Windows-Defender-on-or-off

4. NO it just clears the cache - it also gives us a chance to run combofix again to see if it missed something the first time

5. I normaly get into this a little bit later and give you the tools to see which ones need to run and which ones can be turned off

6. I don't like AVG at this time - it was once the best free antivirus on the market but that has been awhile - I can give you a short list of other free antivirus if you would like to try them or you can go with kaspersky as it is one of the top antivirus out there

Also considering Chrome vs IE??? - this is just down to preference as all browsers at this time are being targeted

Should I upgrade to Win 7-there is a free upgrade option on this comp. If your computer can handle it then jump at it - I never did like vista and have win 7 at this time and I like it

Still getting the System Settings Protector msg @ startup and had a bit of trouble printing but that may have been network related-printer is conn to my Dimension and used thru it by the rest.
these are things we are just going to have to keep an eye on and see if they get fixed and when we are done if they are not then that is when we will work on them

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 KnowJustEnough

KnowJustEnough
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 04 May 2012 - 02:01 AM

Hidy Ho! Sorry gettin slap happy :hysterical:
Only 4 hours away from bein up for 24 & have to get one of my truckers with a 12' wide load thru US CAN customs in am so as soon as I hit post I'm outta here.

Still got the startup message.

Loaded a few web pages with no prob.

Fairly responsive though when I tried to shut off Defender the program won't start. I tried twice then gave up so it is still on. I'll try again tomorrow.

Here's the log - nitey nite & thanks.

ComboFix 12-05-02.04 - john 05/04/2012 1:19.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8181.6022 [GMT -5:00]
Running from: c:\users\john\Desktop\ComboFix.exe
Command switches used :: c:\users\john\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))
.
.
2012-05-04 06:27 . 2012-05-04 06:31 -------- d-----w- c:\users\john\AppData\Local\temp
2012-05-04 06:27 . 2012-05-04 06:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-04 06:27 . 2012-05-04 06:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-04 06:09 . 2012-04-18 08:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B5EE53C-C700-4DCE-8986-416D8A457D99}\mpengine.dll
2012-04-28 21:27 . 2012-04-28 21:27 -------- d-----w- c:\users\john\AppData\Local\visi_coupon
2012-04-28 01:53 . 2012-04-28 19:20 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2012-04-28 01:45 . 2012-04-28 01:45 -------- d-----w- c:\windows\SysWow64\anlass741
2012-04-28 01:41 . 2012-04-28 01:41 -------- d-----w- c:\program files (x86)\7-Zip
2012-04-27 22:05 . 2012-04-29 00:13 24320 ----a-w- c:\windows\SysWow64\drivers\rkhdrv40.sys
2012-04-27 21:55 . 2012-04-29 00:11 -------- d-----w- C:\RkUnhooker
2012-04-27 21:27 . 2012-05-02 02:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-27 21:27 . 2012-04-27 21:31 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-27 20:59 . 2012-04-28 01:35 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-04-27 20:59 . 2012-04-27 20:59 388096 ----a-r- c:\users\john\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-27 20:59 . 2012-04-27 20:59 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-27 20:56 . 2012-04-28 01:50 -------- d-----w- C:\Kill
2012-04-25 23:11 . 2012-04-25 23:11 -------- d-----w- C:\Autoruns
2012-04-13 23:11 . 2012-04-13 23:11 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 22:39 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 22:38 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 22:38 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 22:38 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 22:38 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 22:38 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 22:38 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 22:38 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 21:58 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-04-11 21:58 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 23:12 . 2012-03-31 10:27 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-13 23:12 . 2011-06-04 11:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2012-02-03 22:31 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 04:04 . 2012-04-01 04:04 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-27 12:04 . 2010-12-18 17:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 15:18 . 2010-12-18 15:49 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 16:49 . 2012-03-14 11:21 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-14 11:21 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-14 11:21 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 11:21 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-14 11:21 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-14 11:21 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-14 11:21 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-14 11:21 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-14 11:21 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-14 11:21 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-03_03.07.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2012-05-03 14:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-05-01 22:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-28 22:41 . 2012-05-03 14:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-04-28 22:41 . 2012-05-01 22:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-05-03 14:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-05-01 22:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-05-04 06:31 51036 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-05-04 06:31 79428 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-18 15:29 . 2012-05-04 06:31 14754 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2088469723-1183588299-1294569346-1000_UserData.bin
- 2010-12-18 14:57 . 2012-05-03 03:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-18 14:57 . 2012-05-04 06:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-18 14:57 . 2012-05-04 06:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-18 14:57 . 2012-05-03 03:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-18 14:57 . 2012-05-03 03:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-18 14:57 . 2012-05-04 06:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-19 12:48 . 2012-05-03 11:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-19 12:48 . 2012-05-02 11:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-19 12:48 . 2012-05-02 11:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-19 12:48 . 2012-05-03 11:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-04 06:29 . 2012-05-04 06:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-03 03:06 . 2012-05-03 03:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-03 03:06 . 2012-05-03 03:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-04 06:29 . 2012-05-04 06:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 12:46 . 2012-05-02 11:48 604264 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-05-03 11:46 604264 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-05-02 11:48 103964 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-05-03 11:46 103964 c:\windows\system32\perfc009.dat
- 2011-02-10 13:28 . 2012-05-03 03:03 272432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-10 13:28 . 2012-05-04 06:27 272432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-03 14:49 . 2012-05-03 14:49 2871808 c:\windows\Installer\af5db4.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"cdloader"="c:\users\john\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-08-27 421888]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Monitor 3.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe [2011-12-16 542064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:12]
.
2012-04-20 c:\windows\Tasks\HPCeeScheduleForjohn.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-05-13 01:17]
.
2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-05-04 01:35:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-04 06:35
ComboFix2.txt 2012-05-03 03:12
.
Pre-Run: 765,145,436,160 bytes free
Post-Run: 764,970,430,464 bytes free
.
- - End Of File - - FE5853C9824B3FF5053DE4901E71CD04




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users