Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recommended for you pop up and browser redirect


  • This topic is locked This topic is locked
14 replies to this topic

#1 60chevy

60chevy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 01 May 2012 - 09:08 AM

Hi,

I am new to the forum and would like help with removal of the recommended for you pop up. I see other posts on this topic and much success with this forum. I have completed the guidelines and gone through all the steps for posting and below are the requested logs. Thanks in advance for your help.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 AM

Posted 02 May 2012 - 12:55 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 60chevy

60chevy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 02 May 2012 - 10:40 AM

Hi Gringo and thanks for your time looking into this issue.

I ran security check and the log is below.

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Windows Defender Signatures
Qhosts Trojan Removal Tool
Java™ 6 Update 22
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Thunderbird 3.1.10 Thunderbird out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


After running security check I clicked on the link to to turn off any security software and was redirected.
I got to the correct page and turned off windows firewall. I then downloaded combofix and started to run it. in the process I got a blue screen sayinng my computer had encountered a fatal error and had shut down. I rebooted and windows wanted to send information regarding the recovery from a fatal error which is posted below.

C:\DOCUME~1\Staff\LOCALS~1\Temp\WERec70.dir00\Mini050212-01.dmp
C:\DOCUME~1\Staff\LOCALS~1\Temp\WERec70.dir00\sysdata.xml

I then ran combofix again without any issues and the results are posted below.

ComboFix 12-05-02.02 - Staff 05/02/2012 8:50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1519 [GMT -6:00]
Running from: c:\documents and settings\Staff\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Staff\g2mdlhlpx.exe
c:\documents and settings\Staff\GoToAssistDownloadHelper.exe
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC05974.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC06291.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC06292.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC06293.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC06294.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC06295.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC06296.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC06297.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC06298.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC06299.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC06300.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC06301.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC06302.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC06304.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC06566.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07626.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07631.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07632.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07633.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07634.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07635.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07640.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07641.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07642.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07643.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07644.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07645.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07646.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07647.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07648.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07649.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07650.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07651.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07652.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07653.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07654.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07655.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07656.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07661.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07662.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07663.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07664.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07665.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07666.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07667.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07668.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07669.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07670.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07671.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07672.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07673.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07674.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07675.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07676.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07677.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07788.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07789.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07790.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07791.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07792.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07793.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07794.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07795.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07796.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07797.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07799.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07800.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07802.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07803.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07804.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07805.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07867.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC07868.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08162.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08163.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08164.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08165.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08166.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08167.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08168.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08169.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08170.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08504.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08505.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08506.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08507.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08508.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08509.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08510.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08511.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08512.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08513.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08514.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08515.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08516.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08517.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08537.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08538.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08539.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08540.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08541.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08542.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08543.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08544.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08545.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08546.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08547.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08548.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08549.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08552.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08553.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08554.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08555.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08556.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08557.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08558.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08559.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08560.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08561.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08562.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08563.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08564.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08565.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08566.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08567.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08568.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08569.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08570.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08571.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08572.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08573.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08577.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08578.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08579.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08580.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08581.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08582.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08583.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08584.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08585.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08586.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08587.JPG
c:\documents and settings\Staff\Local Settings\Temporary Internet Files\DSC08589.JPG
C:\install.exe
c:\windows\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-04-04 14:25 . 2012-04-13 17:46 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 17:46 . 2011-06-09 14:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 21:56 . 2009-11-25 23:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-11 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-11 23:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2004-08-11 23:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-01-16 5300360]
"FreeScreenSharing"="c:\documents and settings\Staff\Local Settings\Application Data\FreeScreenSharing\FreeScreenSharing.exe" [2011-11-22 2204488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bomgar_Cleanup_ZD3912529323"="rd" [X]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\OEConnection\\OEConnection Application Update Service\\OECUpdaterServiceProxy.exe"=
"c:\\Program Files\\OEConnection\\CollisionLink Shop\\2.0.3\\Launcher.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\OEConnection\\CollisionLink Shop\\2.0.5\\Launcher.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Backup Assistant Plus\\verizon.exe"=
.
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [12/6/2011 3:00 PM 214896]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [8/1/2007 6:04 PM 203843]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [6/24/2010 2:16 PM 196912]
R2 OECApplicationUpdaterService;OECApplicationUpdaterService;c:\program files\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe [7/1/2009 7:14 PM 28672]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [8/1/2007 6:02 PM 25240]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [8/1/2007 6:03 PM 76440]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 11:29 AM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 8:25 AM 253088]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [1/25/2012 9:38 AM 6016]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 11:29 AM 136176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [1/25/2012 9:38 AM 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [1/25/2012 9:38 AM 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [1/25/2012 9:38 AM 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [1/25/2012 9:38 AM 11008]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [8/1/2007 6:03 PM 20632]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [8/1/2007 6:03 PM 21656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 17:46]
.
2012-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 17:29]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 17:29]
.
2012-04-24 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2012-05-01 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2012-04-24 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
Trusted Zone: aahassignments.com
Trusted Zone: ewfclaims.com
Trusted Zone: fficassignments.com
Trusted Zone: innovation-connect.com
Trusted Zone: mitchell.com\repaircenter
Trusted Zone: reviewestimates.com
Trusted Zone: stateautoclaims.com
Trusted Zone: theshopofchoice.com
Trusted Zone: vehicleassignments.com
Trusted Zone: viewclaim.com
Trusted Zone: viewclaims.com\www
TCP: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
DPF: axInspectorCAB - hxxp://qualifier.cccis.com/Screener2/axInspectorCAB.CAB
DPF: {04A4D411-72FB-4767-8BD3-A21A1B76BFE2} - hxxps://www.audatexsolutions.com/Falcon/PrintCtrl.cab
DPF: {12C69821-302A-4D8E-93CC-FD571CE3EACC} - hxxps://www.audatexsolutions.com/Falcon/PrintCtrl.cab
DPF: {9CD0643B-E2DC-405F-A48B-22878D4A1EED} - hxxps://www.audatexsolutions.com/Falcon/PrintCtrl.cab
DPF: {9EDA8D1B-86C1-4E72-8F13-1E4E5175AB3A} - hxxps://www.audatexsolutions.com/Falcon/ExportCtrl.cab
DPF: {AE592127-175C-4C7D-865D-4096C07A56C9} - hxxps://www.audatexsolutions.com/Falcon/ExportCtrl.cab
DPF: {BB51318B-8A94-46F9-ACB4-81B508FF8BEB} - hxxps://www.audatexsolutions.com/Falcon/ExportCtrl.cab
DPF: {DFC7B7A7-A425-478D-AACE-4BD6A90591F2} - hxxps://www.audatexsolutions.com/Falcon/ExportCtrl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-02 09:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2380)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberPower PowerPanel Personal Edition\ppped.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\wscntfy.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
.
**************************************************************************
.
Completion time: 2012-05-02 09:08:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-02 15:08
.
Pre-Run: 39,167,184,896 bytes free
Post-Run: 43,369,660,416 bytes free
.
- - End Of File - - D65FD5E094A45EA5E9FD6E5A15197A73



when I first opened internet explorer I got a message telling me internet explorer is not my default browser. Would you like to make it your default browser?

I have only surfed for about 5 minutes but no popups or redirects to this point.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 AM

Posted 02 May 2012 - 12:59 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 60chevy

60chevy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 02 May 2012 - 02:14 PM

Hi Gringo,

Ihave noticed that I am getting a message or popup while browsing which is a security alert that says you are about to view pages over a secure connection. Any information you exchange can not be viewed by anyone else on the web. I ran tds killer and the log is pasted below.

12:28:04.0890 0308 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
12:28:05.0343 0308 ============================================================
12:28:05.0343 0308 Current date / time: 2012/05/02 12:28:05.0343
12:28:05.0343 0308 SystemInfo:
12:28:05.0343 0308
12:28:05.0343 0308 OS Version: 5.1.2600 ServicePack: 3.0
12:28:05.0343 0308 Product type: Workstation
12:28:05.0343 0308 ComputerName: FRONTDESK
12:28:05.0343 0308 UserName: Staff
12:28:05.0343 0308 Windows directory: C:\WINDOWS
12:28:05.0343 0308 System windows directory: C:\WINDOWS
12:28:05.0343 0308 Processor architecture: Intel x86
12:28:05.0343 0308 Number of processors: 2
12:28:05.0343 0308 Page size: 0x1000
12:28:05.0343 0308 Boot type: Normal boot
12:28:05.0343 0308 ============================================================
12:28:09.0531 0308 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:28:09.0531 0308 Drive \Device\Harddisk2\DR4 - Size: 0x1D9C00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:28:09.0546 0308 ============================================================
12:28:09.0546 0308 \Device\Harddisk0\DR0:
12:28:09.0546 0308 MBR partitions:
12:28:09.0546 0308 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x94EAFF8
12:28:09.0546 0308 \Device\Harddisk2\DR4:
12:28:09.0546 0308 MBR partitions:
12:28:09.0546 0308 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
12:28:09.0546 0308 ============================================================
12:28:09.0578 0308 C: <-> \Device\Harddisk0\DR0\Partition0
12:28:09.0578 0308 ============================================================
12:28:09.0578 0308 Initialize success
12:28:09.0578 0308 ============================================================
12:28:14.0640 3604 ============================================================
12:28:14.0640 3604 Scan started
12:28:14.0640 3604 Mode: Manual;
12:28:14.0640 3604 ============================================================
12:28:15.0140 3604 Abiosdsk - ok
12:28:15.0171 3604 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:28:15.0171 3604 abp480n5 - ok
12:28:15.0218 3604 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:28:15.0218 3604 ACPI - ok
12:28:15.0250 3604 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:28:15.0250 3604 ACPIEC - ok
12:28:15.0328 3604 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:28:15.0328 3604 AdobeFlashPlayerUpdateSvc - ok
12:28:15.0359 3604 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:28:15.0359 3604 adpu160m - ok
12:28:15.0406 3604 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:28:15.0406 3604 aec - ok
12:28:15.0468 3604 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:28:15.0468 3604 AFD - ok
12:28:15.0500 3604 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:28:15.0500 3604 agp440 - ok
12:28:15.0546 3604 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:28:15.0546 3604 agpCPQ - ok
12:28:15.0562 3604 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:28:15.0562 3604 Aha154x - ok
12:28:15.0578 3604 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:28:15.0578 3604 aic78u2 - ok
12:28:15.0593 3604 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:28:15.0593 3604 aic78xx - ok
12:28:15.0625 3604 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:28:15.0625 3604 Alerter - ok
12:28:15.0640 3604 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:28:15.0640 3604 ALG - ok
12:28:15.0671 3604 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:28:15.0671 3604 AliIde - ok
12:28:15.0687 3604 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:28:15.0687 3604 alim1541 - ok
12:28:15.0687 3604 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:28:15.0687 3604 amdagp - ok
12:28:15.0703 3604 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:28:15.0703 3604 amsint - ok
12:28:15.0734 3604 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
12:28:15.0750 3604 AN983 - ok
12:28:15.0781 3604 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:28:15.0781 3604 AppMgmt - ok
12:28:15.0812 3604 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:28:15.0812 3604 asc - ok
12:28:15.0828 3604 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:28:15.0828 3604 asc3350p - ok
12:28:15.0859 3604 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:28:15.0859 3604 asc3550 - ok
12:28:15.0968 3604 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:28:15.0984 3604 aspnet_state - ok
12:28:16.0015 3604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:28:16.0015 3604 AsyncMac - ok
12:28:16.0046 3604 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:28:16.0046 3604 atapi - ok
12:28:16.0062 3604 Atdisk - ok
12:28:16.0078 3604 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:28:16.0078 3604 Atmarpc - ok
12:28:16.0109 3604 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:28:16.0109 3604 AudioSrv - ok
12:28:16.0140 3604 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:28:16.0140 3604 audstub - ok
12:28:16.0171 3604 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:28:16.0171 3604 b57w2k - ok
12:28:16.0218 3604 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:28:16.0218 3604 Beep - ok
12:28:16.0265 3604 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:28:16.0265 3604 BITS - ok
12:28:16.0281 3604 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:28:16.0281 3604 Browser - ok
12:28:16.0312 3604 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
12:28:16.0312 3604 BrScnUsb - ok
12:28:16.0328 3604 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
12:28:16.0328 3604 BrSerIf - ok
12:28:16.0328 3604 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
12:28:16.0328 3604 BrUsbSer - ok
12:28:16.0359 3604 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
12:28:16.0359 3604 BTCFilterService - ok
12:28:16.0359 3604 bvrp_pci - ok
12:28:16.0375 3604 catchme - ok
12:28:16.0390 3604 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:28:16.0390 3604 cbidf - ok
12:28:16.0390 3604 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:28:16.0390 3604 cbidf2k - ok
12:28:16.0437 3604 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:28:16.0437 3604 cd20xrnt - ok
12:28:16.0468 3604 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:28:16.0468 3604 Cdaudio - ok
12:28:16.0515 3604 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:28:16.0515 3604 Cdfs - ok
12:28:16.0531 3604 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:28:16.0531 3604 Cdrom - ok
12:28:16.0531 3604 Changer - ok
12:28:16.0562 3604 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:28:16.0562 3604 CiSvc - ok
12:28:16.0578 3604 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:28:16.0578 3604 ClipSrv - ok
12:28:16.0609 3604 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:28:16.0609 3604 clr_optimization_v2.0.50727_32 - ok
12:28:16.0640 3604 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:28:16.0640 3604 CmdIde - ok
12:28:16.0656 3604 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:28:16.0656 3604 Compbatt - ok
12:28:16.0656 3604 COMSysApp - ok
12:28:16.0718 3604 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:28:16.0718 3604 Cpqarray - ok
12:28:16.0750 3604 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:28:16.0750 3604 CryptSvc - ok
12:28:16.0781 3604 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:28:16.0781 3604 dac2w2k - ok
12:28:16.0796 3604 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:28:16.0796 3604 dac960nt - ok
12:28:16.0843 3604 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:28:16.0843 3604 DcomLaunch - ok
12:28:16.0890 3604 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:28:16.0890 3604 Dhcp - ok
12:28:16.0937 3604 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:28:16.0937 3604 Disk - ok
12:28:16.0937 3604 dmadmin - ok
12:28:16.0984 3604 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:28:17.0000 3604 dmboot - ok
12:28:17.0000 3604 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:28:17.0000 3604 dmio - ok
12:28:17.0015 3604 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:28:17.0015 3604 dmload - ok
12:28:17.0046 3604 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:28:17.0062 3604 dmserver - ok
12:28:17.0062 3604 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:28:17.0078 3604 DMusic - ok
12:28:17.0109 3604 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:28:17.0109 3604 Dnscache - ok
12:28:17.0156 3604 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:28:17.0156 3604 Dot3svc - ok
12:28:17.0156 3604 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:28:17.0171 3604 dpti2o - ok
12:28:17.0203 3604 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:28:17.0203 3604 drmkaud - ok
12:28:17.0234 3604 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:28:17.0234 3604 E100B - ok
12:28:17.0250 3604 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:28:17.0250 3604 EapHost - ok
12:28:17.0265 3604 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:28:17.0265 3604 ERSvc - ok
12:28:17.0312 3604 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:28:17.0312 3604 Eventlog - ok
12:28:17.0375 3604 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:28:17.0375 3604 EventSystem - ok
12:28:17.0390 3604 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:28:17.0390 3604 Fastfat - ok
12:28:17.0468 3604 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:28:17.0468 3604 FastUserSwitchingCompatibility - ok
12:28:17.0500 3604 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
12:28:17.0500 3604 Fax - ok
12:28:17.0531 3604 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:28:17.0531 3604 Fdc - ok
12:28:17.0562 3604 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:28:17.0562 3604 Fips - ok
12:28:17.0578 3604 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:28:17.0578 3604 Flpydisk - ok
12:28:17.0609 3604 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:28:17.0609 3604 FltMgr - ok
12:28:17.0703 3604 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:28:17.0703 3604 FontCache3.0.0.0 - ok
12:28:17.0750 3604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:28:17.0750 3604 Fs_Rec - ok
12:28:17.0781 3604 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:28:17.0796 3604 Ftdisk - ok
12:28:17.0875 3604 getPlusHelper (fd7e9aba274df75e08320420b8e9a1d5) C:\Program Files\NOS\bin\getPlus_Helper.dll
12:28:17.0875 3604 getPlusHelper - ok
12:28:17.0906 3604 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:28:17.0906 3604 Gpc - ok
12:28:17.0953 3604 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
12:28:17.0953 3604 grmnusb - ok
12:28:18.0015 3604 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:28:18.0015 3604 gupdate - ok
12:28:18.0015 3604 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:28:18.0031 3604 gupdatem - ok
12:28:18.0140 3604 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:28:18.0156 3604 helpsvc - ok
12:28:18.0171 3604 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
12:28:18.0171 3604 HidBatt - ok
12:28:18.0203 3604 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:28:18.0203 3604 HidServ - ok
12:28:18.0234 3604 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:28:18.0234 3604 HidUsb - ok
12:28:18.0265 3604 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:28:18.0281 3604 hkmsvc - ok
12:28:18.0296 3604 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:28:18.0296 3604 hpn - ok
12:28:18.0343 3604 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
12:28:18.0343 3604 HSFHWBS2 - ok
12:28:18.0375 3604 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
12:28:18.0390 3604 HSF_DP - ok
12:28:18.0500 3604 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:28:18.0500 3604 HTTP - ok
12:28:18.0515 3604 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:28:18.0531 3604 HTTPFilter - ok
12:28:18.0562 3604 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:28:18.0562 3604 i2omgmt - ok
12:28:18.0593 3604 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:28:18.0593 3604 i2omp - ok
12:28:18.0625 3604 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:28:18.0625 3604 i8042prt - ok
12:28:18.0703 3604 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:28:18.0718 3604 ialm - ok
12:28:18.0843 3604 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:28:18.0843 3604 idsvc - ok
12:28:18.0953 3604 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:28:18.0953 3604 Imapi - ok
12:28:18.0984 3604 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:28:19.0000 3604 ImapiService - ok
12:28:19.0031 3604 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:28:19.0031 3604 ini910u - ok
12:28:19.0031 3604 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:28:19.0031 3604 IntelIde - ok
12:28:19.0078 3604 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:28:19.0078 3604 intelppm - ok
12:28:19.0093 3604 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:28:19.0093 3604 Ip6Fw - ok
12:28:19.0109 3604 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:28:19.0125 3604 IpFilterDriver - ok
12:28:19.0125 3604 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:28:19.0125 3604 IpInIp - ok
12:28:19.0156 3604 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:28:19.0156 3604 IpNat - ok
12:28:19.0171 3604 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:28:19.0171 3604 IPSec - ok
12:28:19.0187 3604 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:28:19.0187 3604 IRENUM - ok
12:28:19.0234 3604 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:28:19.0234 3604 isapnp - ok
12:28:19.0375 3604 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
12:28:19.0390 3604 JavaQuickStarterService - ok
12:28:19.0390 3604 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:28:19.0390 3604 Kbdclass - ok
12:28:19.0406 3604 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:28:19.0406 3604 kbdhid - ok
12:28:19.0484 3604 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:28:19.0500 3604 kmixer - ok
12:28:19.0515 3604 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:28:19.0515 3604 KSecDD - ok
12:28:19.0546 3604 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:28:19.0546 3604 lanmanserver - ok
12:28:19.0593 3604 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:28:19.0593 3604 lanmanworkstation - ok
12:28:19.0593 3604 lbrtfdc - ok
12:28:19.0640 3604 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:28:19.0640 3604 LmHosts - ok
12:28:19.0703 3604 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:28:19.0703 3604 MDM - ok
12:28:19.0750 3604 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:28:19.0750 3604 mdmxsdk - ok
12:28:19.0781 3604 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:28:19.0781 3604 Messenger - ok
12:28:19.0812 3604 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:28:19.0812 3604 mnmdd - ok
12:28:19.0843 3604 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:28:19.0843 3604 mnmsrvc - ok
12:28:19.0875 3604 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:28:19.0890 3604 Modem - ok
12:28:19.0890 3604 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
12:28:19.0906 3604 MODEMCSA - ok
12:28:19.0937 3604 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\WINDOWS\system32\DRIVERS\motccgp.sys
12:28:19.0937 3604 motccgp - ok
12:28:19.0953 3604 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
12:28:19.0953 3604 motccgpfl - ok
12:28:19.0968 3604 motmodem (69814acd50a9d6d28296050ef6215d46) C:\WINDOWS\system32\DRIVERS\motmodem.sys
12:28:19.0968 3604 motmodem - ok
12:28:20.0046 3604 MotoHelper (9dfd34e6841c460b5d992a1c5327ae69) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
12:28:20.0046 3604 MotoHelper - ok
12:28:20.0078 3604 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
12:28:20.0078 3604 MotoSwitchService - ok
12:28:20.0078 3604 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
12:28:20.0078 3604 Motousbnet - ok
12:28:20.0109 3604 motusbdevice (f780c53d98a0aad28f5b7403b184aea1) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
12:28:20.0125 3604 motusbdevice - ok
12:28:20.0125 3604 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:28:20.0125 3604 Mouclass - ok
12:28:20.0156 3604 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:28:20.0156 3604 mouhid - ok
12:28:20.0203 3604 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:28:20.0203 3604 MountMgr - ok
12:28:20.0234 3604 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:28:20.0234 3604 mraid35x - ok
12:28:20.0250 3604 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:28:20.0250 3604 MRxDAV - ok
12:28:20.0296 3604 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:28:20.0296 3604 MRxSmb - ok
12:28:20.0328 3604 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:28:20.0328 3604 MSDTC - ok
12:28:20.0343 3604 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:28:20.0343 3604 Msfs - ok
12:28:20.0343 3604 MSIServer - ok
12:28:20.0375 3604 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:28:20.0375 3604 MSKSSRV - ok
12:28:20.0390 3604 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:28:20.0390 3604 MSPCLOCK - ok
12:28:20.0390 3604 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:28:20.0390 3604 MSPQM - ok
12:28:20.0484 3604 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:28:20.0484 3604 mssmbios - ok
12:28:20.0546 3604 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:28:20.0546 3604 Mup - ok
12:28:20.0609 3604 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:28:20.0609 3604 napagent - ok
12:28:20.0656 3604 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:28:20.0656 3604 NDIS - ok
12:28:20.0687 3604 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:28:20.0703 3604 NdisTapi - ok
12:28:20.0703 3604 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:28:20.0703 3604 Ndisuio - ok
12:28:20.0718 3604 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:28:20.0718 3604 NdisWan - ok
12:28:20.0750 3604 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:28:20.0750 3604 NDProxy - ok
12:28:20.0765 3604 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:28:20.0765 3604 NetBIOS - ok
12:28:20.0781 3604 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:28:20.0781 3604 NetBT - ok
12:28:20.0812 3604 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:28:20.0812 3604 NetDDE - ok
12:28:20.0828 3604 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:28:20.0828 3604 NetDDEdsdm - ok
12:28:20.0859 3604 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:20.0859 3604 Netlogon - ok
12:28:20.0906 3604 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:28:20.0921 3604 Netman - ok
12:28:21.0031 3604 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:28:21.0031 3604 NetTcpPortSharing - ok
12:28:21.0062 3604 NgFilter (e33e8d32b50da742187fbfc620217a31) C:\WINDOWS\system32\DRIVERS\ngfilter.sys
12:28:21.0062 3604 NgFilter - ok
12:28:21.0078 3604 NgLog (83d726fa030ab7b9da4cc9a585f57fc2) C:\WINDOWS\system32\DRIVERS\nglog.sys
12:28:21.0078 3604 NgLog - ok
12:28:21.0093 3604 NgVpn (957d39ef9c2df32ace05d47ce17a23c5) C:\WINDOWS\system32\DRIVERS\ngvpn.sys
12:28:21.0093 3604 NgVpn - ok
12:28:21.0140 3604 NgVpnMgr (bdc4a17c0365408c3e86c9c4ac1c1807) C:\WINDOWS\system32\ngvpnmgr.exe
12:28:21.0156 3604 NgVpnMgr - ok
12:28:21.0171 3604 NgWfp (4cec8c2c9fe2e697f79e798d0e969130) C:\WINDOWS\system32\DRIVERS\ngwfp.sys
12:28:21.0171 3604 NgWfp - ok
12:28:21.0281 3604 NitroReaderDriverReadSpool (3860f3d265843ea54e3d921b40946103) C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
12:28:21.0281 3604 NitroReaderDriverReadSpool - ok
12:28:21.0328 3604 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:28:21.0328 3604 Nla - ok
12:28:21.0375 3604 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:28:21.0375 3604 Npfs - ok
12:28:21.0390 3604 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:28:21.0406 3604 Ntfs - ok
12:28:21.0515 3604 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:21.0515 3604 NtLmSsp - ok
12:28:21.0578 3604 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:28:21.0578 3604 NtmsSvc - ok
12:28:21.0609 3604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:28:21.0609 3604 Null - ok
12:28:21.0703 3604 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:28:21.0718 3604 nv - ok
12:28:21.0781 3604 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:28:21.0781 3604 NwlnkFlt - ok
12:28:21.0796 3604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:28:21.0796 3604 NwlnkFwd - ok
12:28:21.0906 3604 OECApplicationUpdaterService (c38a1688acf272d1d19df40473686ddf) C:\Program Files\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe
12:28:21.0906 3604 OECApplicationUpdaterService - ok
12:28:21.0953 3604 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:28:21.0953 3604 ose - ok
12:28:22.0000 3604 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:28:22.0000 3604 Parport - ok
12:28:22.0000 3604 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:28:22.0000 3604 PartMgr - ok
12:28:22.0031 3604 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:28:22.0031 3604 ParVdm - ok
12:28:22.0046 3604 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:28:22.0046 3604 PCI - ok
12:28:22.0046 3604 PCIDump - ok
12:28:22.0062 3604 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:28:22.0062 3604 PCIIde - ok
12:28:22.0078 3604 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:28:22.0078 3604 Pcmcia - ok
12:28:22.0078 3604 PDCOMP - ok
12:28:22.0093 3604 PDFRAME - ok
12:28:22.0093 3604 PDRELI - ok
12:28:22.0093 3604 PDRFRAME - ok
12:28:22.0125 3604 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:28:22.0125 3604 perc2 - ok
12:28:22.0125 3604 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:28:22.0125 3604 perc2hib - ok
12:28:22.0171 3604 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:28:22.0171 3604 PlugPlay - ok
12:28:22.0218 3604 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:22.0218 3604 PolicyAgent - ok
12:28:22.0312 3604 ppped (3adfecb5ce0b7196282f0c0da695b508) C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
12:28:22.0312 3604 ppped - ok
12:28:22.0359 3604 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:28:22.0359 3604 PptpMiniport - ok
12:28:22.0359 3604 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:22.0375 3604 ProtectedStorage - ok
12:28:22.0375 3604 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:28:22.0375 3604 PSched - ok
12:28:22.0484 3604 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:28:22.0500 3604 Ptilink - ok
12:28:22.0625 3604 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:28:22.0625 3604 ql1080 - ok
12:28:22.0640 3604 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:28:22.0640 3604 Ql10wnt - ok
12:28:22.0656 3604 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:28:22.0656 3604 ql12160 - ok
12:28:22.0671 3604 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:28:22.0671 3604 ql1240 - ok
12:28:22.0671 3604 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:28:22.0671 3604 ql1280 - ok
12:28:22.0687 3604 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:28:22.0687 3604 RasAcd - ok
12:28:22.0718 3604 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:28:22.0718 3604 RasAuto - ok
12:28:22.0734 3604 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:28:22.0750 3604 Rasl2tp - ok
12:28:22.0781 3604 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:28:22.0781 3604 RasMan - ok
12:28:22.0796 3604 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:28:22.0796 3604 RasPppoe - ok
12:28:22.0812 3604 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:28:22.0812 3604 Raspti - ok
12:28:22.0859 3604 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:28:22.0859 3604 Rdbss - ok
12:28:22.0859 3604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:28:22.0859 3604 RDPCDD - ok
12:28:22.0875 3604 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:28:22.0875 3604 rdpdr - ok
12:28:22.0921 3604 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:28:22.0921 3604 RDPWD - ok
12:28:22.0968 3604 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:28:22.0968 3604 RDSessMgr - ok
12:28:23.0000 3604 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:28:23.0000 3604 redbook - ok
12:28:23.0031 3604 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:28:23.0031 3604 RemoteAccess - ok
12:28:23.0062 3604 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:28:23.0062 3604 RemoteRegistry - ok
12:28:23.0109 3604 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:28:23.0109 3604 RpcLocator - ok
12:28:23.0218 3604 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
12:28:23.0234 3604 RpcSs - ok
12:28:23.0250 3604 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:28:23.0265 3604 RSVP - ok
12:28:23.0296 3604 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:23.0296 3604 SamSs - ok
12:28:23.0328 3604 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:28:23.0328 3604 SCardSvr - ok
12:28:23.0375 3604 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:28:23.0375 3604 Schedule - ok
12:28:23.0406 3604 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:28:23.0406 3604 Secdrv - ok
12:28:23.0531 3604 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:28:23.0531 3604 seclogon - ok
12:28:23.0593 3604 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
12:28:23.0609 3604 senfilt - ok
12:28:23.0609 3604 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:28:23.0625 3604 SENS - ok
12:28:23.0656 3604 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:28:23.0656 3604 serenum - ok
12:28:23.0671 3604 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:28:23.0671 3604 Serial - ok
12:28:23.0687 3604 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:28:23.0687 3604 Sfloppy - ok
12:28:23.0750 3604 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:28:23.0750 3604 SharedAccess - ok
12:28:23.0781 3604 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:28:23.0796 3604 ShellHWDetection - ok
12:28:23.0796 3604 Simbad - ok
12:28:23.0828 3604 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:28:23.0828 3604 sisagp - ok
12:28:23.0875 3604 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
12:28:23.0875 3604 smwdm - ok
12:28:23.0921 3604 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:28:23.0921 3604 SONYPVU1 - ok
12:28:23.0937 3604 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:28:23.0937 3604 Sparrow - ok
12:28:23.0968 3604 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:28:23.0968 3604 splitter - ok
12:28:24.0015 3604 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:28:24.0015 3604 Spooler - ok
12:28:24.0031 3604 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:28:24.0031 3604 sr - ok
12:28:24.0078 3604 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:28:24.0078 3604 srservice - ok
12:28:24.0125 3604 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:28:24.0125 3604 Srv - ok
12:28:24.0125 3604 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:28:24.0140 3604 SSDPSRV - ok
12:28:24.0171 3604 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:28:24.0187 3604 stisvc - ok
12:28:24.0203 3604 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:28:24.0203 3604 swenum - ok
12:28:24.0234 3604 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:28:24.0234 3604 swmidi - ok
12:28:24.0234 3604 SwPrv - ok
12:28:24.0281 3604 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:28:24.0281 3604 symc810 - ok
12:28:24.0296 3604 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:28:24.0296 3604 symc8xx - ok
12:28:24.0296 3604 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:28:24.0296 3604 sym_hi - ok
12:28:24.0312 3604 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:28:24.0312 3604 sym_u3 - ok
12:28:24.0343 3604 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:28:24.0343 3604 sysaudio - ok
12:28:24.0375 3604 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:28:24.0375 3604 SysmonLog - ok
12:28:24.0406 3604 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:28:24.0406 3604 TapiSrv - ok
12:28:24.0500 3604 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:28:24.0500 3604 Tcpip - ok
12:28:24.0546 3604 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:28:24.0546 3604 TDPIPE - ok
12:28:24.0546 3604 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:28:24.0546 3604 TDTCP - ok
12:28:24.0578 3604 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:28:24.0578 3604 TermDD - ok
12:28:24.0593 3604 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:28:24.0609 3604 TermService - ok
12:28:24.0640 3604 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:28:24.0656 3604 Themes - ok
12:28:24.0687 3604 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:28:24.0687 3604 TlntSvr - ok
12:28:24.0718 3604 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:28:24.0718 3604 TosIde - ok
12:28:24.0765 3604 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:28:24.0765 3604 TrkWks - ok
12:28:24.0812 3604 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:28:24.0812 3604 Udfs - ok
12:28:24.0843 3604 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:28:24.0843 3604 ultra - ok
12:28:24.0890 3604 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:28:24.0890 3604 Update - ok
12:28:24.0906 3604 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:28:24.0906 3604 upnphost - ok
12:28:24.0937 3604 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:28:24.0937 3604 UPS - ok
12:28:24.0968 3604 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:28:24.0968 3604 usbccgp - ok
12:28:25.0000 3604 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:28:25.0000 3604 usbehci - ok
12:28:25.0015 3604 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:28:25.0015 3604 usbhub - ok
12:28:25.0046 3604 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:28:25.0046 3604 usbprint - ok
12:28:25.0078 3604 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:28:25.0078 3604 usbscan - ok
12:28:25.0093 3604 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:28:25.0109 3604 USBSTOR - ok
12:28:25.0109 3604 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:28:25.0109 3604 usbuhci - ok
12:28:25.0109 3604 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:28:25.0109 3604 VgaSave - ok
12:28:25.0156 3604 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:28:25.0156 3604 viaagp - ok
12:28:25.0187 3604 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:28:25.0187 3604 ViaIde - ok
12:28:25.0218 3604 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:28:25.0218 3604 VolSnap - ok
12:28:25.0250 3604 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:28:25.0265 3604 VSS - ok
12:28:25.0281 3604 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:28:25.0281 3604 w32time - ok
12:28:25.0296 3604 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:28:25.0296 3604 Wanarp - ok
12:28:25.0343 3604 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:28:25.0359 3604 Wdf01000 - ok
12:28:25.0359 3604 WDICA - ok
12:28:25.0375 3604 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:28:25.0375 3604 wdmaud - ok
12:28:25.0390 3604 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:28:25.0390 3604 WebClient - ok
12:28:25.0687 3604 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:28:25.0687 3604 winachsf - ok
12:28:25.0734 3604 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:28:25.0734 3604 winmgmt - ok
12:28:25.0781 3604 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:28:25.0781 3604 WmdmPmSN - ok
12:28:25.0843 3604 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:28:25.0843 3604 Wmi - ok
12:28:25.0875 3604 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:28:25.0875 3604 WmiApSrv - ok
12:28:26.0015 3604 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:28:26.0015 3604 WMPNetworkSvc - ok
12:28:26.0093 3604 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:28:26.0093 3604 WpdUsb - ok
12:28:26.0125 3604 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:28:26.0125 3604 WS2IFSL - ok
12:28:26.0156 3604 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:28:26.0171 3604 wscsvc - ok
12:28:26.0171 3604 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:28:26.0187 3604 wuauserv - ok
12:28:26.0218 3604 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:28:26.0218 3604 WudfPf - ok
12:28:26.0250 3604 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:28:26.0250 3604 WudfRd - ok
12:28:26.0281 3604 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:28:26.0281 3604 WudfSvc - ok
12:28:26.0328 3604 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:28:26.0343 3604 WZCSVC - ok
12:28:26.0359 3604 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:28:26.0359 3604 xmlprov - ok
12:28:26.0390 3604 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:28:26.0625 3604 \Device\Harddisk0\DR0 - ok
12:28:26.0640 3604 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
12:28:26.0640 3604 \Device\Harddisk2\DR4 - ok
12:28:26.0640 3604 Boot (0x1200) (231fe52bd6ec6e573ef66e6aa9321645) \Device\Harddisk0\DR0\Partition0
12:28:26.0640 3604 \Device\Harddisk0\DR0\Partition0 - ok
12:28:26.0656 3604 Boot (0x1200) (d7100bac34d69fa822e2d453a27d5cad) \Device\Harddisk2\DR4\Partition0
12:28:26.0656 3604 \Device\Harddisk2\DR4\Partition0 - ok
12:28:26.0656 3604 ============================================================
12:28:26.0656 3604 Scan finished
12:28:26.0656 3604 ============================================================
12:28:26.0656 2060 Detected object count: 0
12:28:26.0656 2060 Actual detected object count: 0


and the aswmbr log is as follows

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-02 12:31:16
-----------------------------
12:31:16.843 OS Version: Windows 5.1.2600 Service Pack 3
12:31:16.843 Number of processors: 2 586 0x403
12:31:16.843 ComputerName: FRONTDESK UserName: Staff
12:31:18.265 Initialize success
12:35:34.734 AVAST engine defs: 12050200
12:35:40.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
12:35:40.343 Disk 0 Vendor: HDS728080PLA380 PF2OA63A Size: 76293MB BusType: 3
12:35:40.359 Disk 0 MBR read successfully
12:35:40.359 Disk 0 MBR scan
12:35:40.359 Disk 0 Windows XP default MBR code
12:35:40.359 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:35:40.359 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76245 MB offset 80325
12:35:40.375 Disk 0 scanning sectors +156232125
12:35:40.453 Disk 0 scanning C:\WINDOWS\system32\drivers
12:35:55.328 Service scanning
12:36:15.562 Modules scanning
12:36:20.718 Disk 0 trace - called modules:
12:36:20.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
12:36:20.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6e4ab8]
12:36:20.750 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a781b00]
12:36:21.703 AVAST engine scan C:\WINDOWS
12:36:42.406 AVAST engine scan C:\WINDOWS\system32
12:40:11.125 AVAST engine scan C:\WINDOWS\system32\drivers
12:40:28.593 AVAST engine scan C:\Documents and Settings\Staff
12:42:43.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Staff\Desktop\Computer logs\MBR.dat"
12:42:43.250 The log file has been saved successfully to "C:\Documents and Settings\Staff\Desktop\Computer logs\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-02 12:45:20
-----------------------------
12:45:20.546 OS Version: Windows 5.1.2600 Service Pack 3
12:45:20.546 Number of processors: 2 586 0x403
12:45:20.546 ComputerName: FRONTDESK UserName: Staff
12:45:21.593 Initialize success
12:45:30.015 AVAST engine defs: 12050200
12:45:34.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
12:45:34.718 Disk 0 Vendor: HDS728080PLA380 PF2OA63A Size: 76293MB BusType: 3
12:45:34.750 Disk 0 MBR read successfully
12:45:34.750 Disk 0 MBR scan
12:45:34.750 Disk 0 Windows XP default MBR code
12:45:34.750 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:45:34.765 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76245 MB offset 80325
12:45:34.765 Disk 0 scanning sectors +156232125
12:45:34.859 Disk 0 scanning C:\WINDOWS\system32\drivers
12:45:56.015 Service scanning
12:46:18.843 Modules scanning
12:46:33.359 Disk 0 trace - called modules:
12:46:33.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
12:46:33.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6e4ab8]
12:46:33.390 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a781b00]
12:46:33.984 AVAST engine scan C:\WINDOWS
12:47:00.921 AVAST engine scan C:\WINDOWS\system32
12:51:28.609 AVAST engine scan C:\WINDOWS\system32\drivers
12:51:57.750 AVAST engine scan C:\Documents and Settings\Staff
13:02:12.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Staff\Desktop\Computer logs\MBR.dat"
13:02:12.906 The log file has been saved successfully to "C:\Documents and Settings\Staff\Desktop\Computer logs\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 AM

Posted 02 May 2012 - 03:18 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 60chevy

60chevy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 03 May 2012 - 10:01 AM

I ran the script and combofix worked as planned. I have been browsing with no popups or redirects at all. Everything seems fine at this point. The combofix log is pasted below

ComboFix 12-05-02.03 - Staff 05/02/2012 14:40:34.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1515 [GMT -6:00]
Running from: c:\documents and settings\Staff\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Staff\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-04-04 14:25 . 2012-04-13 17:46 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 17:46 . 2011-06-09 14:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 21:56 . 2009-11-25 23:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-11 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-11 23:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2004-08-11 23:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-01-16 5300360]
"FreeScreenSharing"="c:\documents and settings\Staff\Local Settings\Application Data\FreeScreenSharing\FreeScreenSharing.exe" [2011-11-22 2204488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bomgar_Cleanup_ZD3912529323"="rd" [X]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\OEConnection\\OEConnection Application Update Service\\OECUpdaterServiceProxy.exe"=
"c:\\Program Files\\OEConnection\\CollisionLink Shop\\2.0.3\\Launcher.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\OEConnection\\CollisionLink Shop\\2.0.5\\Launcher.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Backup Assistant Plus\\verizon.exe"=
.
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [12/6/2011 3:00 PM 214896]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [8/1/2007 6:04 PM 203843]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [6/24/2010 2:16 PM 196912]
R2 OECApplicationUpdaterService;OECApplicationUpdaterService;c:\program files\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe [7/1/2009 7:14 PM 28672]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [8/1/2007 6:02 PM 25240]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [8/1/2007 6:03 PM 76440]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 11:29 AM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 8:25 AM 253088]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [1/25/2012 9:38 AM 6016]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 11:29 AM 136176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [1/25/2012 9:38 AM 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [1/25/2012 9:38 AM 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [1/25/2012 9:38 AM 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [1/25/2012 9:38 AM 11008]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [8/1/2007 6:03 PM 20632]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [8/1/2007 6:03 PM 21656]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 46870332
*NewlyCreated* - ASWMBR
*Deregistered* - 46870332
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 17:46]
.
2012-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 17:29]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 17:29]
.
2012-04-24 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2012-05-01 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2012-04-24 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
Trusted Zone: aahassignments.com
Trusted Zone: ewfclaims.com
Trusted Zone: fficassignments.com
Trusted Zone: innovation-connect.com
Trusted Zone: mitchell.com\repaircenter
Trusted Zone: reviewestimates.com
Trusted Zone: stateautoclaims.com
Trusted Zone: theshopofchoice.com
Trusted Zone: vehicleassignments.com
Trusted Zone: viewclaim.com
Trusted Zone: viewclaims.com\www
TCP: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
DPF: axInspectorCAB - hxxp://qualifier.cccis.com/Screener2/axInspectorCAB.CAB
DPF: {04A4D411-72FB-4767-8BD3-A21A1B76BFE2} - hxxps://www.audatexsolutions.com/Falcon/PrintCtrl.cab
DPF: {12C69821-302A-4D8E-93CC-FD571CE3EACC} - hxxps://www.audatexsolutions.com/Falcon/PrintCtrl.cab
DPF: {9CD0643B-E2DC-405F-A48B-22878D4A1EED} - hxxps://www.audatexsolutions.com/Falcon/PrintCtrl.cab
DPF: {9EDA8D1B-86C1-4E72-8F13-1E4E5175AB3A} - hxxps://www.audatexsolutions.com/Falcon/ExportCtrl.cab
DPF: {AE592127-175C-4C7D-865D-4096C07A56C9} - hxxps://www.audatexsolutions.com/Falcon/ExportCtrl.cab
DPF: {BB51318B-8A94-46F9-ACB4-81B508FF8BEB} - hxxps://www.audatexsolutions.com/Falcon/ExportCtrl.cab
DPF: {DFC7B7A7-A425-478D-AACE-4BD6A90591F2} - hxxps://www.audatexsolutions.com/Falcon/ExportCtrl.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-02 14:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2992)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-05-02 14:48:49
ComboFix-quarantined-files.txt 2012-05-02 20:48
ComboFix2.txt 2012-05-02 15:08
.
Pre-Run: 43,209,498,624 bytes free
Post-Run: 43,381,006,336 bytes free
.
- - End Of File - - 55934C115D3D335253C74387B0AC561D

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 AM

Posted 03 May 2012 - 12:28 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Internet Explorer Default Page
Java™ 6 Update 22
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 60chevy

60chevy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 03 May 2012 - 05:40 PM

Ha Gringo,

I downloaded the Revo uninstaller and ran it as advised. I did make one mistake and hopefully did not do any damage to my Registry. When prompted I deleted the enteries which were in bold and then at the next screen I deleted all enteries but did not realise it was the reg enteries which needed to be left alone. I donwloaded and installed the latest version of adobe and all programs seem to be working fine.

my computer is running fine and no issues with browsing...no popups or redirects.




Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4009

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/19/2010 5:22:35 PM
mbam-log-2010-04-19 (17-22-35).txt

Scan type: Quick scan
Objects scanned: 121836
Time elapsed: 11 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:48:35 PM, on 5/3/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Program Files\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Documents and Settings\Staff\Local Settings\Application Data\FreeScreenSharing\FreeScreenSharing.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\All Users\Application Data\CCCIS\CCCONE\CCCONELauncher.exe
C:\Documents and Settings\All Users\Application Data\CCCIS\CCCONE\v0945\CCCONE.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Backup Assistant Plus\verizon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
O4 - HKCU\..\Run: [FreeScreenSharing] "C:\Documents and Settings\Staff\Local Settings\Application Data\FreeScreenSharing\FreeScreenSharing.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Bomgar_Cleanup_ZD3912529323] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4F5917BB" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD3912529323 /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Bomgar_Cleanup_ZD3912529323] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4F5917BB" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD3912529323 /f (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.viewclaims.com
O16 - DPF: axInspectorCAB - http://qualifier.cccis.com/Screener2/axInspectorCAB.CAB
O16 - DPF: {04A4D411-72FB-4767-8BD3-A21A1B76BFE2} (ADXE Print) - https://www.audatexsolutions.com/Falcon/PrintCtrl.cab
O16 - DPF: {12C69821-302A-4D8E-93CC-FD571CE3EACC} (ADXE Print) - https://www.audatexsolutions.com/Falcon/PrintCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135714726843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259183152484
O16 - DPF: {9CD0643B-E2DC-405F-A48B-22878D4A1EED} (ADXE Print) - https://www.audatexsolutions.com/Falcon/PrintCtrl.cab
O16 - DPF: {9EDA8D1B-86C1-4E72-8F13-1E4E5175AB3A} (ADXE Export) - https://www.audatexsolutions.com/Falcon/ExportCtrl.cab
O16 - DPF: {AE592127-175C-4C7D-865D-4096C07A56C9} (ADXE Export) - https://www.audatexsolutions.com/Falcon/ExportCtrl.cab
O16 - DPF: {BB51318B-8A94-46F9-ACB4-81B508FF8BEB} (ADXE Export) - https://www.audatexsolutions.com/Falcon/ExportCtrl.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {DFC7B7A7-A425-478D-AACE-4BD6A90591F2} (ADXE Export) - https://www.audatexsolutions.com/Falcon/ExportCtrl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: OECApplicationUpdaterService - OEConnection - C:\Program Files\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe

--
End of file - 8619 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 AM

Posted 03 May 2012 - 09:37 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
      O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
      O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [FreeScreenSharing] "C:\Documents and Settings\Staff\Local Settings\Application Data\FreeScreenSharing\FreeScreenSharing.exe"
      O4 - HKUS\S-1-5-18\..\Run: [Bomgar_Cleanup_ZD3912529323] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4F5917BB" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD3912529323 /f (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [Bomgar_Cleanup_ZD3912529323] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4F5917BB" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD3912529323 /f (User 'Default user')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 60chevy

60chevy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 06 May 2012 - 11:58 AM

Hi Gringo,

below are the requested logs


C:\Documents and Settings\Staff\My Documents\QhostsTrojanRemovalTool.exe probably a variant of Win32/SecurityStronghold application
C:\Downloads\FreewarePrimoPDF.exe Win32/OpenCandy application
C:\Program Files\Qhosts Trojan Removal Tool\QhostsTrojanRemovalTool.exe probably a variant of Win32/SecurityStronghold application
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1664\A0122124.dll Win32/OpenCandy application

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 AM

Posted 06 May 2012 - 03:10 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Documents and Settings\Staff\My Documents\QhostsTrojanRemovalTool.exe"
    del /f /s /q "C:\Downloads\FreewarePrimoPDF.exe"
    del /f /s /q "C:\Program Files\Qhosts Trojan Removal Tool\QhostsTrojanRemovalTool.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 60chevy

60chevy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 07 May 2012 - 03:13 PM

Hi Gringo,

I have a couple questions at this point. Should I enable the windows firewall at this time? Also there are a few programs which still remain on my desktop. They are Hijack this, aswMBR and Security Check. Should these programs be removed and if so how do I remove them. The system is running fine with no issues at this time thanks to you!

Kevin

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 AM

Posted 08 May 2012 - 09:36 AM

Hello


yes enable windows firewall and just delete what ever is left over

You are more than welcome

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 AM

Posted 11 May 2012 - 01:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users