Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search redirect (via lightsearchball.net) after running TDSSKiller


  • This topic is locked This topic is locked
14 replies to this topic

#1 rk9

rk9

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 07 May 2012 - 06:01 PM

Running Win 7 Ultimate 64
Searching for answers prior to this, I have DLed and run the latest version of TDSSKiller.
I have run various AntiMalware programs, and most seemed unhelpful, so have been uninstalled. Currently left Spybot, Malwarebytes and AVG Free installed.

Defogger has been run for this post.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Robert at 18:49:42 on 2012-05-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.5750 [GMT -4:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\splwow64.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\UI0Detect.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Google Update] "C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
uRun: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\Users\Robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: alexfung.info
Trusted Zone: firstenergycorp.com\www
Trusted Zone: netflix.com\www
Trusted Zone: oglaf.com\www
Trusted Zone: pittstate.edu\vpn
Trusted Zone: thepaymentwindow.com\epayexchange
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.pittstate.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cbord.webex.com/client/T27LB/smt/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{781E6F6D-3685-4D7A-9B58-080FDD86D970} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Guard BHO - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 93.113.196.134 www.google.com
Hosts: 93.113.196.135 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\2aalvpr7.default\
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - component: C:\Program Files (x86)\SiteRanker\firefox\components\siterank.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2010-8-17 116536]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-4-21 571320]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-8-10 227184]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-28 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-4-21 402336]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-10-17 2358656]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-9 493248]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 MonitorFunction;Driver for Monitor;C:\Windows\system32\DRIVERS\TVMonitor.sys --> C:\Windows\system32\DRIVERS\TVMonitor.sys [?]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Mshost Manager;Mshost Manager;C:\Windows\System32\config\systemprofile\AppData\Roaming\Plug.bat --> C:\Windows\System32\config\systemprofile\AppData\Roaming\Plug.bat [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 257696]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-4-21 1118648]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-07 22:48:20 302080 ----a-w- C:\Windows\System32\SET486A.tmp
2012-05-07 03:39:45 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-30 07:00:33 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-30 07:00:33 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-30 07:00:32 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-29 19:35:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-29 18:52:12 -------- d--h--w- C:\$AVG
2012-04-28 19:42:05 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-28 19:42:05 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-22 05:00:48 -------- d-----w- C:\ProgramData\IObit
2012-04-22 04:59:10 -------- d-----w- C:\Users\Robert\AppData\Roaming\IObit
2012-04-22 04:59:08 -------- d-----w- C:\Program Files (x86)\IObit
2012-04-21 15:30:45 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-04-21 12:40:15 85192 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys
2012-04-21 12:40:15 767928 ----a-w- C:\Windows\BDTSupport.dll
2012-04-21 12:40:15 149432 ----a-w- C:\Windows\SGDetectionTool.dll
2012-04-21 12:40:14 2271160 ----a-w- C:\Windows\PCTBDCore.dll
2012-04-21 12:40:14 1681336 ----a-w- C:\Windows\PCTBDRes.dll
2012-04-21 12:39:08 339608 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-04-21 12:39:08 145432 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-04-21 12:38:47 14776 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
2012-04-21 12:38:37 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-04-21 12:38:29 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-04-21 12:36:10 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-04-21 12:36:10 1096176 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-04-21 12:36:08 426104 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-04-21 12:36:05 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-04-21 12:36:05 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-21 12:34:49 -------- d-----w- C:\ProgramData\PC Tools
2012-04-21 12:34:48 -------- d-----w- C:\Users\Robert\AppData\Roaming\TestApp
2012-04-21 12:34:07 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-04-21 12:33:59 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-04-20 12:48:54 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-04-20 12:48:42 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-04-20 12:48:38 150696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-04-20 12:48:37 108544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2012-04-20 12:47:59 -------- d-----w- C:\Users\Robert\AppData\Roaming\OpenCandy
2012-04-20 12:46:25 -------- d-----w- C:\ProgramData\TuneUpMedia
2012-04-19 18:52:19 -------- d-----r- C:\Users\Robert\Dropbox
2012-04-19 18:51:08 -------- d-----w- C:\Users\Robert\AppData\Roaming\Dropbox
2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-16 03:04:24 -------- d-----w- C:\Users\Robert\AppData\Roaming\Malwarebytes
2012-04-16 03:04:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-16 03:04:19 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-16 03:04:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-16 02:52:21 -------- d-----w- C:\ProgramData\AMD
2012-04-16 02:52:19 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-04-16 02:52:16 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-04-16 02:47:27 -------- d-----w- C:\AMD
2012-04-16 00:56:58 -------- d-----w- C:\Users\Robert\AppData\Local\{B77A9E36-8597-11E1-826D-B8AC6F996F26}
.
==================== Find3M ====================
.
2012-05-05 09:41:07 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 09:41:07 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 09:41:03 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-20 12:48:34 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-04-20 12:48:34 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-03-19 09:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-03-09 05:26:42 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-03-09 05:26:32 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-03-09 05:26:24 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-03-09 05:26:20 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-03-09 05:26:10 16507392 ----a-w- C:\Windows\System32\amdocl64.dll
2012-03-09 05:25:16 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-03-09 05:24:22 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-03-09 05:24:14 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-02-22 09:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-02-17 23:16:53 65536 ----a-w- C:\Windows\ICE_JNIRegistry.dll
2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 18:50:54.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 PM

Posted 08 May 2012 - 11:44 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: PC Tools Spyware Doctor with AntiVirus
AV: AVG Anti-Virus Free Edition 2012


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 rk9

rk9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 09 May 2012 - 11:18 AM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
TuneUp Companion 2.4.4.3
Java™ 6 Update 29
Java version out of date!
Adobe Reader X (10.1.3)
Mozilla Firefox 10.0. Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

ComboFix 12-05-09.01 - Robert 05/09/2012 10:05:54.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.6758 [GMT -4:00]
Running from: c:\users\Robert\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\SysWow64\ReadMe.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Mshost Manager
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-09 14:30 . 2012-05-09 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-08 04:00 . 2012-05-08 04:00 -------- d-----w- c:\program files (x86)\Bards Tale Editor
2012-05-08 04:00 . 1999-04-06 03:13 131856 ----a-w- c:\windows\SysWow64\COMDLG32.OCX
2012-05-08 03:59 . 1999-04-06 03:13 721168 ----a-w- c:\windows\SysWow64\VB40032.DLL
2012-05-08 03:59 . 1999-04-06 03:13 171520 ----a-w- c:\windows\setup132.exe
2012-05-08 03:59 . 1999-04-06 03:13 60416 ----a-w- c:\windows\ST4UNST.EXE
2012-05-07 22:47 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-07 22:47 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-07 22:47 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-07 22:47 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-07 22:47 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-07 22:47 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-07 22:47 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-07 03:39 . 2012-05-07 23:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-30 07:00 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-30 07:00 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-30 07:00 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-29 19:35 . 2012-05-06 23:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-29 18:52 . 2012-04-29 18:52 -------- d-----w- C:\$AVG
2012-04-28 19:42 . 2012-04-29 04:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-28 19:42 . 2012-04-28 20:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-22 21:26 . 2012-04-22 21:27 -------- d-----w- c:\users\Robert\AppData\Roaming\dvdcss
2012-04-22 05:00 . 2012-04-22 05:01 -------- d-----w- c:\programdata\IObit
2012-04-22 04:59 . 2012-04-22 05:00 -------- d-----w- c:\users\Robert\AppData\Roaming\IObit
2012-04-22 04:59 . 2012-04-22 05:00 -------- d-----w- c:\program files (x86)\IObit
2012-04-21 15:30 . 2012-04-22 18:43 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-04-21 12:40 . 2012-03-20 16:21 149432 ----a-w- c:\windows\SGDetectionTool.dll0512.old
2012-04-21 12:40 . 2012-03-20 16:20 767928 ----a-w- c:\windows\BDTSupport.dll0512.old
2012-04-21 12:40 . 2012-03-20 16:21 2271160 ----a-w- c:\windows\PCTBDCore.dll0512.old
2012-04-21 12:38 . 2012-03-20 17:49 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-04-21 12:38 . 2012-04-22 18:49 -------- d-----w- c:\program files (x86)\PC Tools
2012-04-21 12:36 . 2012-02-28 15:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-04-21 12:36 . 2012-02-28 15:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-04-21 12:36 . 2012-04-22 18:49 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-04-21 12:34 . 2012-05-09 13:17 -------- d-----w- c:\programdata\PC Tools
2012-04-21 12:34 . 2012-04-21 12:34 -------- d-----w- c:\users\Robert\AppData\Roaming\TestApp
2012-04-21 12:34 . 2012-04-21 12:34 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-21 12:33 . 2012-04-22 18:49 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-04-19 18:52 . 2012-05-09 13:24 -------- d-----r- c:\users\Robert\Dropbox
2012-04-19 18:51 . 2012-05-09 15:43 -------- d-----w- c:\users\Robert\AppData\Roaming\Dropbox
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-16 03:04 . 2012-04-16 03:04 -------- d-----w- c:\users\Robert\AppData\Roaming\Malwarebytes
2012-04-16 03:04 . 2012-04-16 04:11 -------- d-----w- c:\programdata\Malwarebytes
2012-04-16 03:04 . 2012-04-16 03:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-16 03:04 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-16 02:52 . 2012-04-16 02:52 -------- d-----w- c:\programdata\AMD
2012-04-16 02:52 . 2012-04-16 02:52 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-16 02:52 . 2012-04-16 02:52 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-16 02:47 . 2012-04-16 02:47 -------- d-----w- C:\AMD
2012-04-16 00:56 . 2012-04-16 00:56 -------- d-----w- c:\users\Robert\AppData\Local\{B77A9E36-8597-11E1-826D-B8AC6F996F26}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 09:41 . 2012-04-02 22:33 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 09:41 . 2011-05-19 11:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 09:41 . 2012-04-02 22:41 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-20 12:48 . 2010-08-18 05:58 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-04-20 12:48 . 2010-08-18 05:58 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-03-19 09:17 . 2012-03-19 09:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-03-09 05:26 . 2012-03-09 05:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-03-09 05:26 . 2012-03-09 05:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-03-09 05:26 . 2012-03-09 05:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-03-09 05:26 . 2012-03-09 05:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-03-09 05:26 . 2012-03-09 05:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll
2012-03-09 05:25 . 2012-03-09 05:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-09 05:24 . 2012-03-09 05:24 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 05:24 . 2012-03-09 05:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-02-17 23:16 . 2012-02-17 23:16 65536 ----a-w- c:\windows\ICE_JNIRegistry.dll
2012-02-17 06:38 . 2012-03-13 22:11 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-13 22:11 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 22:11 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 22:11 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 22:11 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-13 22:12 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 22:12 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-01-16 5300360]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-11-11 64112]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-04-20 296056]
.
c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2010-12-3 293950]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2011-01-12 116536]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:41]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2361868720-301053035-2732398649-1001Core.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 17:51]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2361868720-301053035-2732398649-1001UA.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 17:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"combofix"="c:\combofix\CF17626.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: alexfung.info
Trusted Zone: firstenergycorp.com\www
Trusted Zone: netflix.com\www
Trusted Zone: oglaf.com\www
Trusted Zone: pittstate.edu\vpn
Trusted Zone: thepaymentwindow.com\epayexchange
TCP: DhcpNameServer = 192.168.2.1
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.pittstate.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\2aalvpr7.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-TomTomHOME.exe - c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
SafeBoot-42512179.sys
SafeBoot-62363606.sys
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-FastCAD - c:\program files\ProFantasy\CC3\UNINST.EXE
AddRemove-Sword Coast Keeper - c:\program files (x86)\Game Editors\Sword Coast Keeper\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:56,c1,9f,9e,cb,1b,cd,01
.
[HKEY_USERS\S-1-5-21-2361868720-301053035-2732398649-1001\Software\SecuROM\License information*]
"datasecu"=hex:bf,04,b7,36,5d,48,bc,2f,d0,e0,bb,cc,8d,39,f2,49,ef,f4,2d,14,68,
f3,94,3e,ae,3c,06,98,02,64,d7,43,11,59,04,f7,f5,56,d2,7e,0c,af,bb,73,67,31,\
"rkeysecu"=hex:29,74,f1,53,cd,e8,af,03,3a,6b,07,99,e2,77,19,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
.
**************************************************************************
.
Completion time: 2012-05-09 11:46:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-09 15:46
.
Pre-Run: 223,653,826,560 bytes free
Post-Run: 222,503,100,416 bytes free
.
- - End Of File - - 73D4514620EA36FA57B6F82BE3E0D985

Browsers are not redirecting my searches now.
I will reboot and verify again, then post whether issue is still resolved.
Thnak you.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 PM

Posted 09 May 2012 - 12:19 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 rk9

rk9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 09 May 2012 - 12:40 PM

13:23:40.0789 2468 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
13:23:41.0070 2468 ============================================================
13:23:41.0071 2468 Current date / time: 2012/05/09 13:23:41.0070
13:23:41.0071 2468 SystemInfo:
13:23:41.0071 2468
13:23:41.0071 2468 OS Version: 6.1.7601 ServicePack: 1.0
13:23:41.0071 2468 Product type: Workstation
13:23:41.0071 2468 ComputerName: ROBERT-PC
13:23:41.0071 2468 UserName: Robert
13:23:41.0071 2468 Windows directory: C:\Windows
13:23:41.0071 2468 System windows directory: C:\Windows
13:23:41.0071 2468 Running under WOW64
13:23:41.0071 2468 Processor architecture: Intel x64
13:23:41.0071 2468 Number of processors: 4
13:23:41.0071 2468 Page size: 0x1000
13:23:41.0071 2468 Boot type: Normal boot
13:23:41.0071 2468 ============================================================
13:23:41.0779 2468 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:23:41.0782 2468 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:23:41.0808 2468 Drive \Device\Harddisk2\DR2 - Size: 0x784FD000 (1.88 Gb), SectorSize: 0x1000, Cylinders: 0x1E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:23:41.0811 2468 ============================================================
13:23:41.0811 2468 \Device\Harddisk0\DR0:
13:23:41.0812 2468 MBR partitions:
13:23:41.0812 2468 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:23:41.0812 2468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB000
13:23:41.0812 2468 \Device\Harddisk1\DR1:
13:23:41.0812 2468 MBR partitions:
13:23:41.0812 2468 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A380D41
13:23:41.0812 2468 \Device\Harddisk2\DR2:
13:23:41.0813 2468 MBR partitions:
13:23:41.0813 2468 ============================================================
13:23:41.0834 2468 C: <-> \Device\Harddisk0\DR0\Partition1
13:23:41.0841 2468 E: <-> \Device\Harddisk1\DR1\Partition0
13:23:41.0841 2468 ============================================================
13:23:41.0841 2468 Initialize success
13:23:41.0841 2468 ============================================================
13:23:51.0827 4908 ============================================================
13:23:51.0827 4908 Scan started
13:23:51.0827 4908 Mode: Manual;
13:23:51.0827 4908 ============================================================
13:23:52.0487 4908 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:23:52.0489 4908 1394ohci - ok
13:23:52.0501 4908 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:23:52.0505 4908 ACPI - ok
13:23:52.0521 4908 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:23:52.0522 4908 AcpiPmi - ok
13:23:52.0622 4908 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:23:52.0622 4908 AdobeARMservice - ok
13:23:52.0729 4908 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:23:52.0732 4908 AdobeFlashPlayerUpdateSvc - ok
13:23:52.0782 4908 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:23:52.0787 4908 adp94xx - ok
13:23:52.0821 4908 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:23:52.0825 4908 adpahci - ok
13:23:52.0844 4908 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:23:52.0847 4908 adpu320 - ok
13:23:52.0866 4908 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:23:52.0866 4908 AeLookupSvc - ok
13:23:52.0919 4908 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:23:52.0925 4908 AFD - ok
13:23:52.0960 4908 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:23:52.0962 4908 agp440 - ok
13:23:52.0975 4908 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:23:52.0976 4908 ALG - ok
13:23:53.0005 4908 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:23:53.0006 4908 aliide - ok
13:23:53.0059 4908 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
13:23:53.0060 4908 AMD External Events Utility - ok
13:23:53.0078 4908 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:23:53.0079 4908 amdide - ok
13:23:53.0109 4908 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:23:53.0110 4908 AmdK8 - ok
13:23:53.0352 4908 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:23:53.0491 4908 amdkmdag - ok
13:23:53.0590 4908 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
13:23:53.0592 4908 amdkmdap - ok
13:23:53.0607 4908 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:23:53.0608 4908 AmdPPM - ok
13:23:53.0640 4908 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:23:53.0642 4908 amdsata - ok
13:23:53.0668 4908 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:23:53.0671 4908 amdsbs - ok
13:23:53.0684 4908 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:23:53.0684 4908 amdxata - ok
13:23:53.0728 4908 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:23:53.0729 4908 AppID - ok
13:23:53.0746 4908 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:23:53.0747 4908 AppIDSvc - ok
13:23:53.0775 4908 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:23:53.0776 4908 Appinfo - ok
13:23:53.0881 4908 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:23:53.0882 4908 Apple Mobile Device - ok
13:23:53.0916 4908 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:23:53.0919 4908 AppMgmt - ok
13:23:53.0940 4908 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:23:53.0942 4908 arc - ok
13:23:53.0949 4908 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:23:53.0951 4908 arcsas - ok
13:23:54.0049 4908 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:23:54.0077 4908 aspnet_state - ok
13:23:54.0100 4908 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:23:54.0101 4908 AsyncMac - ok
13:23:54.0133 4908 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:23:54.0134 4908 atapi - ok
13:23:54.0197 4908 atashost (20ae504b5deab806ecab6b7892acbdf0) C:\Windows\SysWOW64\atashost.exe
13:23:54.0198 4908 atashost - ok
13:23:54.0234 4908 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
13:23:54.0235 4908 AtiHDAudioService - ok
13:23:54.0466 4908 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:23:54.0509 4908 atikmdag - ok
13:23:54.0600 4908 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:23:54.0607 4908 AudioEndpointBuilder - ok
13:23:54.0612 4908 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:23:54.0616 4908 AudioSrv - ok
13:23:54.0805 4908 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
13:23:54.0829 4908 AVGIDSAgent - ok
13:23:54.0907 4908 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
13:23:54.0908 4908 AVGIDSDriver - ok
13:23:54.0922 4908 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
13:23:54.0923 4908 AVGIDSFilter - ok
13:23:54.0953 4908 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
13:23:54.0954 4908 AVGIDSHA - ok
13:23:54.0988 4908 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
13:23:54.0989 4908 Avgldx64 - ok
13:23:54.0998 4908 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:23:54.0998 4908 Avgmfx64 - ok
13:23:55.0016 4908 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:23:55.0016 4908 Avgrkx64 - ok
13:23:55.0037 4908 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
13:23:55.0039 4908 Avgtdia - ok
13:23:55.0117 4908 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
13:23:55.0118 4908 avgwd - ok
13:23:55.0146 4908 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:23:55.0148 4908 AxInstSV - ok
13:23:55.0186 4908 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:23:55.0191 4908 b06bdrv - ok
13:23:55.0218 4908 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:23:55.0221 4908 b57nd60a - ok
13:23:55.0248 4908 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:23:55.0250 4908 BDESVC - ok
13:23:55.0280 4908 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:23:55.0281 4908 Beep - ok
13:23:55.0343 4908 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:23:55.0350 4908 BFE - ok
13:23:55.0399 4908 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:23:55.0408 4908 BITS - ok
13:23:55.0446 4908 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:23:55.0448 4908 blbdrive - ok
13:23:55.0526 4908 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:23:55.0528 4908 Bonjour Service - ok
13:23:55.0571 4908 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:23:55.0573 4908 bowser - ok
13:23:55.0586 4908 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:23:55.0587 4908 BrFiltLo - ok
13:23:55.0597 4908 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:23:55.0598 4908 BrFiltUp - ok
13:23:55.0625 4908 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:23:55.0627 4908 BridgeMP - ok
13:23:55.0658 4908 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:23:55.0659 4908 Browser - ok
13:23:55.0676 4908 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:23:55.0680 4908 Brserid - ok
13:23:55.0690 4908 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:23:55.0692 4908 BrSerWdm - ok
13:23:55.0703 4908 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:23:55.0704 4908 BrUsbMdm - ok
13:23:55.0713 4908 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:23:55.0714 4908 BrUsbSer - ok
13:23:55.0744 4908 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
13:23:55.0745 4908 BTCFilterService - ok
13:23:55.0759 4908 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:23:55.0761 4908 BTHMODEM - ok
13:23:55.0798 4908 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:23:55.0800 4908 bthserv - ok
13:23:55.0814 4908 catchme - ok
13:23:55.0827 4908 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:23:55.0829 4908 cdfs - ok
13:23:55.0866 4908 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:23:55.0868 4908 cdrom - ok
13:23:55.0907 4908 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:23:55.0909 4908 CertPropSvc - ok
13:23:55.0921 4908 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:23:55.0922 4908 circlass - ok
13:23:55.0950 4908 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:23:55.0953 4908 CLFS - ok
13:23:56.0006 4908 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:23:56.0009 4908 clr_optimization_v2.0.50727_32 - ok
13:23:56.0058 4908 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:23:56.0060 4908 clr_optimization_v2.0.50727_64 - ok
13:23:56.0106 4908 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:23:56.0127 4908 clr_optimization_v4.0.30319_32 - ok
13:23:56.0169 4908 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:23:56.0185 4908 clr_optimization_v4.0.30319_64 - ok
13:23:56.0221 4908 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:23:56.0222 4908 CmBatt - ok
13:23:56.0244 4908 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:23:56.0245 4908 cmdide - ok
13:23:56.0289 4908 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:23:56.0293 4908 CNG - ok
13:23:56.0307 4908 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:23:56.0308 4908 Compbatt - ok
13:23:56.0345 4908 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:23:56.0346 4908 CompositeBus - ok
13:23:56.0354 4908 COMSysApp - ok
13:23:56.0367 4908 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:23:56.0368 4908 crcdisk - ok
13:23:56.0394 4908 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:23:56.0397 4908 CryptSvc - ok
13:23:56.0438 4908 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:23:56.0444 4908 CSC - ok
13:23:56.0470 4908 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:23:56.0474 4908 CscService - ok
13:23:56.0494 4908 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:23:56.0500 4908 DcomLaunch - ok
13:23:56.0536 4908 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:23:56.0540 4908 defragsvc - ok
13:23:56.0593 4908 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:23:56.0595 4908 DfsC - ok
13:23:56.0624 4908 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:23:56.0628 4908 Dhcp - ok
13:23:56.0647 4908 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:23:56.0649 4908 discache - ok
13:23:56.0663 4908 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:23:56.0664 4908 Disk - ok
13:23:56.0700 4908 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:23:56.0703 4908 Dnscache - ok
13:23:56.0742 4908 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:23:56.0746 4908 dot3svc - ok
13:23:56.0778 4908 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:23:56.0780 4908 DPS - ok
13:23:56.0811 4908 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:23:56.0812 4908 drmkaud - ok
13:23:56.0848 4908 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:23:56.0850 4908 dtsoftbus01 - ok
13:23:56.0892 4908 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:23:56.0897 4908 DXGKrnl - ok
13:23:56.0918 4908 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:23:56.0920 4908 EapHost - ok
13:23:57.0014 4908 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:23:57.0062 4908 ebdrv - ok
13:23:57.0132 4908 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:23:57.0133 4908 EFS - ok
13:23:57.0190 4908 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:23:57.0197 4908 ehRecvr - ok
13:23:57.0217 4908 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:23:57.0219 4908 ehSched - ok
13:23:57.0261 4908 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:23:57.0267 4908 elxstor - ok
13:23:57.0290 4908 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:23:57.0291 4908 ErrDev - ok
13:23:57.0339 4908 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:23:57.0343 4908 EventSystem - ok
13:23:57.0359 4908 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:23:57.0362 4908 exfat - ok
13:23:57.0379 4908 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:23:57.0381 4908 fastfat - ok
13:23:57.0431 4908 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:23:57.0438 4908 Fax - ok
13:23:57.0450 4908 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:23:57.0451 4908 fdc - ok
13:23:57.0466 4908 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:23:57.0467 4908 fdPHost - ok
13:23:57.0474 4908 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:23:57.0475 4908 FDResPub - ok
13:23:57.0482 4908 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:23:57.0483 4908 FileInfo - ok
13:23:57.0494 4908 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:23:57.0496 4908 Filetrace - ok
13:23:57.0509 4908 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:23:57.0510 4908 flpydisk - ok
13:23:57.0553 4908 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:23:57.0555 4908 FltMgr - ok
13:23:57.0615 4908 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:23:57.0638 4908 FontCache - ok
13:23:57.0703 4908 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:23:57.0704 4908 FontCache3.0.0.0 - ok
13:23:57.0731 4908 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:23:57.0732 4908 FsDepends - ok
13:23:57.0760 4908 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
13:23:57.0761 4908 fssfltr - ok
13:23:57.0849 4908 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:23:57.0879 4908 fsssvc - ok
13:23:57.0945 4908 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:23:57.0945 4908 Fs_Rec - ok
13:23:57.0983 4908 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:23:57.0985 4908 fvevol - ok
13:23:58.0008 4908 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:23:58.0010 4908 gagp30kx - ok
13:23:58.0041 4908 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:23:58.0041 4908 GEARAspiWDM - ok
13:23:58.0085 4908 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:23:58.0093 4908 gpsvc - ok
13:23:58.0132 4908 hcmon (ba207b48aa3d9d73fd4856400f852458) C:\Windows\system32\drivers\hcmon.sys
13:23:58.0133 4908 hcmon - ok
13:23:58.0143 4908 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:23:58.0145 4908 hcw85cir - ok
13:23:58.0192 4908 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:23:58.0196 4908 HdAudAddService - ok
13:23:58.0219 4908 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:23:58.0221 4908 HDAudBus - ok
13:23:58.0231 4908 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:23:58.0232 4908 HidBatt - ok
13:23:58.0242 4908 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:23:58.0243 4908 HidBth - ok
13:23:58.0255 4908 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:23:58.0257 4908 HidIr - ok
13:23:58.0281 4908 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:23:58.0282 4908 hidserv - ok
13:23:58.0324 4908 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:23:58.0325 4908 HidUsb - ok
13:23:58.0358 4908 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:23:58.0360 4908 hkmsvc - ok
13:23:58.0392 4908 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:23:58.0395 4908 HomeGroupListener - ok
13:23:58.0404 4908 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:23:58.0407 4908 HomeGroupProvider - ok
13:23:58.0430 4908 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:23:58.0431 4908 HpSAMD - ok
13:23:58.0488 4908 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:23:58.0496 4908 HTTP - ok
13:23:58.0523 4908 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:23:58.0524 4908 hwpolicy - ok
13:23:58.0558 4908 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:23:58.0560 4908 i8042prt - ok
13:23:58.0594 4908 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:23:58.0599 4908 iaStorV - ok
13:23:58.0696 4908 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:23:58.0706 4908 idsvc - ok
13:23:58.0729 4908 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:23:58.0730 4908 iirsp - ok
13:23:58.0773 4908 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:23:58.0782 4908 IKEEXT - ok
13:23:58.0800 4908 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:23:58.0802 4908 intelide - ok
13:23:58.0824 4908 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:23:58.0825 4908 intelppm - ok
13:23:58.0847 4908 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:23:58.0848 4908 IPBusEnum - ok
13:23:58.0879 4908 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:23:58.0881 4908 IpFilterDriver - ok
13:23:58.0924 4908 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:23:58.0928 4908 iphlpsvc - ok
13:23:58.0940 4908 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:23:58.0942 4908 IPMIDRV - ok
13:23:58.0961 4908 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:23:58.0963 4908 IPNAT - ok
13:23:59.0054 4908 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
13:23:59.0059 4908 iPod Service - ok
13:23:59.0084 4908 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:23:59.0085 4908 IRENUM - ok
13:23:59.0113 4908 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:23:59.0115 4908 isapnp - ok
13:23:59.0138 4908 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:23:59.0149 4908 iScsiPrt - ok
13:23:59.0173 4908 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:23:59.0174 4908 kbdclass - ok
13:23:59.0188 4908 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:23:59.0189 4908 kbdhid - ok
13:23:59.0222 4908 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:23:59.0223 4908 KeyIso - ok
13:23:59.0232 4908 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:23:59.0234 4908 KSecDD - ok
13:23:59.0264 4908 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:23:59.0266 4908 KSecPkg - ok
13:23:59.0289 4908 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:23:59.0290 4908 ksthunk - ok
13:23:59.0317 4908 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:23:59.0321 4908 KtmRm - ok
13:23:59.0350 4908 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:23:59.0354 4908 LanmanServer - ok
13:23:59.0379 4908 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:23:59.0382 4908 LanmanWorkstation - ok
13:23:59.0419 4908 libusb0 (e8e43d80198ba46789a497f9ab787217) C:\Windows\system32\DRIVERS\libusb0.sys
13:23:59.0421 4908 libusb0 - ok
13:23:59.0457 4908 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:23:59.0458 4908 lltdio - ok
13:23:59.0480 4908 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:23:59.0484 4908 lltdsvc - ok
13:23:59.0494 4908 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:23:59.0496 4908 lmhosts - ok
13:23:59.0520 4908 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:23:59.0521 4908 LSI_FC - ok
13:23:59.0527 4908 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:23:59.0529 4908 LSI_SAS - ok
13:23:59.0544 4908 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:23:59.0545 4908 LSI_SAS2 - ok
13:23:59.0559 4908 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:23:59.0561 4908 LSI_SCSI - ok
13:23:59.0580 4908 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:23:59.0581 4908 luafv - ok
13:23:59.0605 4908 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:23:59.0607 4908 Mcx2Svc - ok
13:23:59.0621 4908 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:23:59.0623 4908 megasas - ok
13:23:59.0642 4908 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:23:59.0646 4908 MegaSR - ok
13:23:59.0727 4908 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:23:59.0729 4908 Microsoft Office Groove Audit Service - ok
13:23:59.0752 4908 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:23:59.0754 4908 MMCSS - ok
13:23:59.0769 4908 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:23:59.0770 4908 Modem - ok
13:23:59.0789 4908 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:23:59.0790 4908 monitor - ok
13:23:59.0818 4908 MonitorFunction (95314c3a08589471983c2c8173f23cda) C:\Windows\system32\DRIVERS\TVMonitor.sys
13:23:59.0819 4908 MonitorFunction - ok
13:23:59.0849 4908 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
13:23:59.0850 4908 motccgp - ok
13:23:59.0874 4908 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
13:23:59.0875 4908 motccgpfl - ok
13:23:59.0895 4908 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
13:23:59.0896 4908 motmodem - ok
13:24:00.0015 4908 MotoHelper (98a10ac4257a3ba48c9611338544ee49) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
13:24:00.0017 4908 MotoHelper - ok
13:24:00.0026 4908 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
13:24:00.0027 4908 MotoSwitchService - ok
13:24:00.0070 4908 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
13:24:00.0071 4908 Motousbnet - ok
13:24:00.0088 4908 motusbdevice - ok
13:24:00.0127 4908 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:24:00.0127 4908 mouclass - ok
13:24:00.0161 4908 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:24:00.0162 4908 mouhid - ok
13:24:00.0190 4908 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:24:00.0192 4908 mountmgr - ok
13:24:00.0206 4908 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:24:00.0208 4908 mpio - ok
13:24:00.0220 4908 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:24:00.0221 4908 mpsdrv - ok
13:24:00.0263 4908 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:24:00.0272 4908 MpsSvc - ok
13:24:00.0303 4908 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:24:00.0306 4908 MRxDAV - ok
13:24:00.0335 4908 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:24:00.0337 4908 mrxsmb - ok
13:24:00.0368 4908 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:24:00.0372 4908 mrxsmb10 - ok
13:24:00.0381 4908 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:24:00.0383 4908 mrxsmb20 - ok
13:24:00.0405 4908 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:24:00.0407 4908 msahci - ok
13:24:00.0430 4908 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:24:00.0432 4908 msdsm - ok
13:24:00.0451 4908 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:24:00.0454 4908 MSDTC - ok
13:24:00.0476 4908 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:24:00.0477 4908 Msfs - ok
13:24:00.0485 4908 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:24:00.0486 4908 mshidkmdf - ok
13:24:00.0497 4908 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:24:00.0497 4908 msisadrv - ok
13:24:00.0521 4908 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:24:00.0524 4908 MSiSCSI - ok
13:24:00.0526 4908 msiserver - ok
13:24:00.0549 4908 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:24:00.0551 4908 MSKSSRV - ok
13:24:00.0562 4908 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:24:00.0564 4908 MSPCLOCK - ok
13:24:00.0576 4908 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:24:00.0578 4908 MSPQM - ok
13:24:00.0608 4908 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:24:00.0612 4908 MsRPC - ok
13:24:00.0624 4908 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:24:00.0625 4908 mssmbios - ok
13:24:00.0633 4908 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:24:00.0634 4908 MSTEE - ok
13:24:00.0646 4908 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:24:00.0648 4908 MTConfig - ok
13:24:00.0674 4908 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:24:00.0674 4908 Mup - ok
13:24:00.0711 4908 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:24:00.0717 4908 napagent - ok
13:24:00.0748 4908 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:24:00.0752 4908 NativeWifiP - ok
13:24:00.0784 4908 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:24:00.0793 4908 NDIS - ok
13:24:00.0811 4908 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:24:00.0813 4908 NdisCap - ok
13:24:00.0831 4908 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:24:00.0832 4908 NdisTapi - ok
13:24:00.0857 4908 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:24:00.0859 4908 Ndisuio - ok
13:24:00.0891 4908 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:24:00.0893 4908 NdisWan - ok
13:24:00.0916 4908 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:24:00.0917 4908 NDProxy - ok
13:24:00.0930 4908 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:24:00.0932 4908 NetBIOS - ok
13:24:00.0966 4908 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:24:00.0969 4908 NetBT - ok
13:24:01.0004 4908 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:24:01.0005 4908 Netlogon - ok
13:24:01.0043 4908 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:24:01.0048 4908 Netman - ok
13:24:01.0137 4908 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:24:01.0141 4908 NetMsmqActivator - ok
13:24:01.0144 4908 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:24:01.0145 4908 NetPipeActivator - ok
13:24:01.0171 4908 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:24:01.0177 4908 netprofm - ok
13:24:01.0180 4908 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:24:01.0181 4908 NetTcpActivator - ok
13:24:01.0184 4908 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:24:01.0185 4908 NetTcpPortSharing - ok
13:24:01.0213 4908 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:24:01.0215 4908 nfrd960 - ok
13:24:01.0255 4908 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:24:01.0259 4908 NlaSvc - ok
13:24:01.0268 4908 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:24:01.0269 4908 Npfs - ok
13:24:01.0275 4908 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:24:01.0277 4908 nsi - ok
13:24:01.0282 4908 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:24:01.0283 4908 nsiproxy - ok
13:24:01.0346 4908 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:24:01.0373 4908 Ntfs - ok
13:24:01.0442 4908 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:24:01.0443 4908 Null - ok
13:24:01.0475 4908 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:24:01.0477 4908 nvraid - ok
13:24:01.0502 4908 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:24:01.0505 4908 nvstor - ok
13:24:01.0518 4908 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:24:01.0520 4908 nv_agp - ok
13:24:01.0595 4908 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:24:01.0600 4908 odserv - ok
13:24:01.0615 4908 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:24:01.0617 4908 ohci1394 - ok
13:24:01.0641 4908 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:24:01.0644 4908 ose - ok
13:24:01.0671 4908 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:24:01.0673 4908 p2pimsvc - ok
13:24:01.0689 4908 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:24:01.0694 4908 p2psvc - ok
13:24:01.0715 4908 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:24:01.0717 4908 Parport - ok
13:24:01.0750 4908 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:24:01.0751 4908 partmgr - ok
13:24:01.0761 4908 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:24:01.0764 4908 PcaSvc - ok
13:24:01.0790 4908 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:24:01.0792 4908 pci - ok
13:24:01.0805 4908 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:24:01.0805 4908 pciide - ok
13:24:01.0826 4908 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:24:01.0829 4908 pcmcia - ok
13:24:01.0840 4908 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:24:01.0840 4908 pcw - ok
13:24:01.0863 4908 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:24:01.0869 4908 PEAUTH - ok
13:24:01.0913 4908 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:24:01.0934 4908 PeerDistSvc - ok
13:24:01.0976 4908 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:24:01.0979 4908 PerfHost - ok
13:24:02.0091 4908 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:24:02.0122 4908 pla - ok
13:24:02.0172 4908 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:24:02.0177 4908 PlugPlay - ok
13:24:02.0192 4908 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:24:02.0194 4908 PNRPAutoReg - ok
13:24:02.0212 4908 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:24:02.0214 4908 PNRPsvc - ok
13:24:02.0254 4908 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:24:02.0260 4908 PolicyAgent - ok
13:24:02.0286 4908 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:24:02.0288 4908 Power - ok
13:24:02.0347 4908 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:24:02.0349 4908 PptpMiniport - ok
13:24:02.0366 4908 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:24:02.0368 4908 Processor - ok
13:24:02.0401 4908 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:24:02.0405 4908 ProfSvc - ok
13:24:02.0468 4908 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:24:02.0469 4908 ProtectedStorage - ok
13:24:02.0594 4908 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:24:02.0596 4908 Psched - ok
13:24:02.0644 4908 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:24:02.0673 4908 ql2300 - ok
13:24:02.0747 4908 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:24:02.0749 4908 ql40xx - ok
13:24:02.0772 4908 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:24:02.0776 4908 QWAVE - ok
13:24:02.0784 4908 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:24:02.0786 4908 QWAVEdrv - ok
13:24:02.0801 4908 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:24:02.0802 4908 RasAcd - ok
13:24:02.0834 4908 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:24:02.0835 4908 RasAgileVpn - ok
13:24:02.0843 4908 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:24:02.0845 4908 RasAuto - ok
13:24:02.0877 4908 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:24:02.0879 4908 Rasl2tp - ok
13:24:02.0921 4908 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:24:02.0926 4908 RasMan - ok
13:24:02.0933 4908 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:24:02.0935 4908 RasPppoe - ok
13:24:02.0946 4908 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:24:02.0948 4908 RasSstp - ok
13:24:02.0984 4908 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:24:02.0987 4908 rdbss - ok
13:24:02.0998 4908 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:24:02.0999 4908 rdpbus - ok
13:24:03.0006 4908 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:24:03.0007 4908 RDPCDD - ok
13:24:03.0038 4908 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:24:03.0040 4908 RDPDR - ok
13:24:03.0063 4908 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:24:03.0064 4908 RDPENCDD - ok
13:24:03.0069 4908 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:24:03.0070 4908 RDPREFMP - ok
13:24:03.0106 4908 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
13:24:03.0108 4908 RdpVideoMiniport - ok
13:24:03.0143 4908 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:24:03.0146 4908 RDPWD - ok
13:24:03.0167 4908 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:24:03.0169 4908 rdyboost - ok
13:24:03.0185 4908 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:24:03.0187 4908 RemoteAccess - ok
13:24:03.0210 4908 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:24:03.0213 4908 RemoteRegistry - ok
13:24:03.0233 4908 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:24:03.0235 4908 RpcEptMapper - ok
13:24:03.0240 4908 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:24:03.0241 4908 RpcLocator - ok
13:24:03.0279 4908 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:24:03.0283 4908 RpcSs - ok
13:24:03.0304 4908 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:24:03.0305 4908 rspndr - ok
13:24:03.0335 4908 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:24:03.0337 4908 RTL8167 - ok
13:24:03.0361 4908 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:24:03.0362 4908 s3cap - ok
13:24:03.0393 4908 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:24:03.0394 4908 SamSs - ok
13:24:03.0407 4908 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:24:03.0409 4908 sbp2port - ok
13:24:03.0495 4908 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
13:24:03.0501 4908 SBSDWSCService - ok
13:24:03.0528 4908 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:24:03.0531 4908 SCardSvr - ok
13:24:03.0573 4908 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:24:03.0574 4908 scfilter - ok
13:24:03.0632 4908 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:24:03.0657 4908 Schedule - ok
13:24:03.0683 4908 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:24:03.0684 4908 SCPolicySvc - ok
13:24:03.0709 4908 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:24:03.0712 4908 SDRSVC - ok
13:24:03.0744 4908 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:24:03.0745 4908 secdrv - ok
13:24:03.0760 4908 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:24:03.0761 4908 seclogon - ok
13:24:03.0786 4908 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:24:03.0788 4908 SENS - ok
13:24:03.0796 4908 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:24:03.0798 4908 SensrSvc - ok
13:24:03.0804 4908 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:24:03.0806 4908 Serenum - ok
13:24:03.0819 4908 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:24:03.0821 4908 Serial - ok
13:24:03.0846 4908 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:24:03.0847 4908 sermouse - ok
13:24:03.0887 4908 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:24:03.0890 4908 SessionEnv - ok
13:24:03.0915 4908 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:24:03.0916 4908 sffdisk - ok
13:24:03.0928 4908 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:24:03.0930 4908 sffp_mmc - ok
13:24:03.0942 4908 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:24:03.0943 4908 sffp_sd - ok
13:24:03.0954 4908 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:24:03.0955 4908 sfloppy - ok
13:24:03.0982 4908 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:24:03.0986 4908 SharedAccess - ok
13:24:04.0001 4908 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:24:04.0005 4908 ShellHWDetection - ok
13:24:04.0022 4908 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:24:04.0023 4908 SiSRaid2 - ok
13:24:04.0034 4908 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:24:04.0036 4908 SiSRaid4 - ok
13:24:04.0060 4908 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:24:04.0061 4908 Smb - ok
13:24:04.0091 4908 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:24:04.0092 4908 SNMPTRAP - ok
13:24:04.0130 4908 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:24:04.0130 4908 spldr - ok
13:24:04.0166 4908 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:24:04.0170 4908 Spooler - ok
13:24:04.0272 4908 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:24:04.0289 4908 sppsvc - ok
13:24:04.0339 4908 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:24:04.0342 4908 sppuinotify - ok
13:24:04.0398 4908 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:24:04.0403 4908 srv - ok
13:24:04.0438 4908 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:24:04.0443 4908 srv2 - ok
13:24:04.0454 4908 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:24:04.0456 4908 srvnet - ok
13:24:04.0485 4908 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:24:04.0488 4908 SSDPSRV - ok
13:24:04.0499 4908 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:24:04.0501 4908 SstpSvc - ok
13:24:04.0521 4908 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:24:04.0523 4908 stexstor - ok
13:24:04.0573 4908 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:24:04.0580 4908 stisvc - ok
13:24:04.0607 4908 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:24:04.0608 4908 storflt - ok
13:24:04.0624 4908 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:24:04.0625 4908 storvsc - ok
13:24:04.0730 4908 SupportSoft RemoteAssist (42fef84684d217870f3c8813b6f58276) C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
13:24:04.0732 4908 SupportSoft RemoteAssist - ok
13:24:04.0742 4908 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:24:04.0742 4908 swenum - ok
13:24:04.0773 4908 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:24:04.0779 4908 swprv - ok
13:24:04.0782 4908 Synth3dVsc - ok
13:24:04.0854 4908 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:24:04.0880 4908 SysMain - ok
13:24:04.0941 4908 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:24:04.0943 4908 TabletInputService - ok
13:24:04.0979 4908 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:24:04.0984 4908 TapiSrv - ok
13:24:04.0999 4908 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:24:05.0000 4908 TBS - ok
13:24:05.0074 4908 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:24:05.0108 4908 Tcpip - ok
13:24:05.0207 4908 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:24:05.0216 4908 TCPIP6 - ok
13:24:05.0279 4908 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:24:05.0281 4908 tcpipreg - ok
13:24:05.0295 4908 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:24:05.0296 4908 TDPIPE - ok
13:24:05.0323 4908 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:24:05.0324 4908 TDTCP - ok
13:24:05.0372 4908 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:24:05.0374 4908 tdx - ok
13:24:05.0503 4908 TeamViewer6 (1c46c27e9f1938b9589859c70450d275) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
13:24:05.0514 4908 TeamViewer6 - ok
13:24:05.0585 4908 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
13:24:05.0586 4908 teamviewervpn - ok
13:24:05.0607 4908 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:24:05.0608 4908 TermDD - ok
13:24:05.0646 4908 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:24:05.0654 4908 TermService - ok
13:24:05.0671 4908 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:24:05.0673 4908 Themes - ok
13:24:05.0696 4908 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:24:05.0697 4908 THREADORDER - ok
13:24:05.0716 4908 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:24:05.0718 4908 TrkWks - ok
13:24:05.0760 4908 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:24:05.0763 4908 TrustedInstaller - ok
13:24:05.0795 4908 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:24:05.0797 4908 tssecsrv - ok
13:24:05.0824 4908 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:24:05.0825 4908 TsUsbFlt - ok
13:24:05.0828 4908 tsusbhub - ok
13:24:05.0883 4908 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:24:05.0885 4908 tunnel - ok
13:24:05.0907 4908 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:24:05.0908 4908 uagp35 - ok
13:24:05.0942 4908 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:24:05.0946 4908 udfs - ok
13:24:06.0001 4908 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
13:24:06.0004 4908 ufad-ws60 - ok
13:24:06.0029 4908 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:24:06.0032 4908 UI0Detect - ok
13:24:06.0057 4908 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:24:06.0059 4908 uliagpkx - ok
13:24:06.0078 4908 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:24:06.0079 4908 umbus - ok
13:24:06.0100 4908 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:24:06.0101 4908 UmPass - ok
13:24:06.0135 4908 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:24:06.0138 4908 UmRdpService - ok
13:24:06.0156 4908 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:24:06.0161 4908 upnphost - ok
13:24:06.0195 4908 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:24:06.0197 4908 USBAAPL64 - ok
13:24:06.0234 4908 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:24:06.0235 4908 usbccgp - ok
13:24:06.0267 4908 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:24:06.0269 4908 usbcir - ok
13:24:06.0283 4908 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:24:06.0285 4908 usbehci - ok
13:24:06.0311 4908 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:24:06.0315 4908 usbhub - ok
13:24:06.0329 4908 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:24:06.0331 4908 usbohci - ok
13:24:06.0365 4908 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:24:06.0367 4908 usbprint - ok
13:24:06.0387 4908 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:24:06.0388 4908 usbscan - ok
13:24:06.0404 4908 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:24:06.0406 4908 USBSTOR - ok
13:24:06.0418 4908 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
13:24:06.0419 4908 usbuhci - ok
13:24:06.0447 4908 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
13:24:06.0449 4908 usb_rndisx - ok
13:24:06.0466 4908 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:24:06.0468 4908 UxSms - ok
13:24:06.0497 4908 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:24:06.0499 4908 VaultSvc - ok
13:24:06.0532 4908 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:24:06.0533 4908 vdrvroot - ok
13:24:06.0567 4908 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:24:06.0573 4908 vds - ok
13:24:06.0601 4908 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:24:06.0602 4908 vga - ok
13:24:06.0618 4908 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:24:06.0619 4908 VgaSave - ok
13:24:06.0623 4908 VGPU - ok
13:24:06.0641 4908 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:24:06.0644 4908 vhdmp - ok
13:24:06.0653 4908 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:24:06.0655 4908 viaide - ok
13:24:06.0718 4908 VMAuthdService (42f0ecaf36636841a4a006850695507f) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
13:24:06.0719 4908 VMAuthdService - ok
13:24:06.0736 4908 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:24:06.0739 4908 vmbus - ok
13:24:06.0748 4908 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:24:06.0749 4908 VMBusHID - ok
13:24:06.0793 4908 vmci (3d810a11c3e7fd4682a8824f54c1a04f) C:\Windows\system32\drivers\vmci.sys
13:24:06.0794 4908 vmci - ok
13:24:06.0815 4908 vmkbd (1af6462718e5ab0ed55014a6ef3790ef) C:\Windows\system32\drivers\VMkbd.sys
13:24:06.0816 4908 vmkbd - ok
13:24:06.0827 4908 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
13:24:06.0828 4908 VMnetAdapter - ok
13:24:06.0835 4908 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
13:24:06.0836 4908 VMnetBridge - ok
13:24:06.0845 4908 VMnetDHCP - ok
13:24:06.0861 4908 VMnetuserif (daf5e04eb56cd0ed945fb2fdd94812db) C:\Windows\system32\drivers\vmnetuserif.sys
13:24:06.0861 4908 VMnetuserif - ok
13:24:06.0870 4908 VMparport (a459ee9a95fde6b7140336e2f5e6a4cb) C:\Windows\system32\drivers\VMparport.sys
13:24:06.0870 4908 VMparport - ok
13:24:06.0934 4908 VMUSBArbService (f22098dbdd13c1221c274496b3e18da7) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
13:24:06.0936 4908 VMUSBArbService - ok
13:24:06.0942 4908 VMware NAT Service - ok
13:24:06.0953 4908 vmx86 (ae7f667db83e108e83c86a56b821e9a6) C:\Windows\system32\drivers\vmx86.sys
13:24:06.0954 4908 vmx86 - ok
13:24:06.0983 4908 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:24:06.0984 4908 volmgr - ok
13:24:07.0021 4908 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:24:07.0025 4908 volmgrx - ok
13:24:07.0045 4908 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:24:07.0048 4908 volsnap - ok
13:24:07.0075 4908 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
13:24:07.0077 4908 vpcbus - ok
13:24:07.0112 4908 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:24:07.0123 4908 vpcnfltr - ok
13:24:07.0151 4908 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
13:24:07.0153 4908 vpcusb - ok
13:24:07.0187 4908 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
13:24:07.0189 4908 vpcvmm - ok
13:24:07.0280 4908 vpnagent (e4d2305ebb9de0871a1e13294d0f349b) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
13:24:07.0283 4908 vpnagent - ok
13:24:07.0322 4908 vpnva (0e4df91e83da5739ffb18535d4db10aa) C:\Windows\system32\DRIVERS\vpnva64.sys
13:24:07.0323 4908 vpnva - ok
13:24:07.0344 4908 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:24:07.0347 4908 vsmraid - ok
13:24:07.0406 4908 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:24:07.0435 4908 VSS - ok
13:24:07.0527 4908 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
13:24:07.0528 4908 vstor2-ws60 - ok
13:24:07.0576 4908 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:24:07.0577 4908 vwifibus - ok
13:24:07.0632 4908 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:24:07.0648 4908 W32Time - ok
13:24:07.0662 4908 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:24:07.0663 4908 WacomPen - ok
13:24:07.0716 4908 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:24:07.0717 4908 WANARP - ok
13:24:07.0720 4908 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:24:07.0721 4908 Wanarpv6 - ok
13:24:07.0772 4908 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:24:07.0794 4908 WatAdminSvc - ok
13:24:07.0852 4908 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:24:07.0883 4908 wbengine - ok
13:24:07.0944 4908 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:24:07.0948 4908 WbioSrvc - ok
13:24:07.0982 4908 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:24:07.0988 4908 wcncsvc - ok
13:24:07.0992 4908 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:24:07.0995 4908 WcsPlugInService - ok
13:24:08.0024 4908 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:24:08.0025 4908 Wd - ok
13:24:08.0048 4908 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:24:08.0055 4908 Wdf01000 - ok
13:24:08.0063 4908 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:24:08.0065 4908 WdiServiceHost - ok
13:24:08.0068 4908 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:24:08.0070 4908 WdiSystemHost - ok
13:24:08.0098 4908 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:24:08.0102 4908 WebClient - ok
13:24:08.0118 4908 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:24:08.0122 4908 Wecsvc - ok
13:24:08.0129 4908 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:24:08.0132 4908 wercplsupport - ok
13:24:08.0152 4908 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:24:08.0154 4908 WerSvc - ok
13:24:08.0201 4908 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:24:08.0202 4908 WfpLwf - ok
13:24:08.0212 4908 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:24:08.0214 4908 WIMMount - ok
13:24:08.0241 4908 WinDefend - ok
13:24:08.0249 4908 WinHttpAutoProxySvc - ok
13:24:08.0286 4908 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:24:08.0288 4908 Winmgmt - ok
13:24:08.0361 4908 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:24:08.0394 4908 WinRM - ok
13:24:08.0496 4908 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:24:08.0498 4908 WinUsb - ok
13:24:08.0536 4908 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:24:08.0546 4908 Wlansvc - ok
13:24:08.0619 4908 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:24:08.0620 4908 wlcrasvc - ok
13:24:08.0733 4908 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:24:08.0744 4908 wlidsvc - ok
13:24:08.0833 4908 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:24:08.0835 4908 WmiAcpi - ok
13:24:08.0875 4908 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:24:08.0878 4908 wmiApSrv - ok
13:24:08.0900 4908 WMPNetworkSvc - ok
13:24:08.0920 4908 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:24:08.0922 4908 WPCSvc - ok
13:24:08.0952 4908 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:24:08.0955 4908 WPDBusEnum - ok
13:24:08.0981 4908 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:24:08.0982 4908 ws2ifsl - ok
13:24:08.0996 4908 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:24:08.0999 4908 wscsvc - ok
13:24:09.0002 4908 WSearch - ok
13:24:09.0085 4908 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:24:09.0125 4908 wuauserv - ok
13:24:09.0211 4908 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:24:09.0213 4908 WudfPf - ok
13:24:09.0227 4908 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:24:09.0229 4908 WUDFRd - ok
13:24:09.0255 4908 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:24:09.0258 4908 wudfsvc - ok
13:24:09.0285 4908 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:24:09.0289 4908 WwanSvc - ok
13:24:09.0349 4908 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:24:09.0399 4908 \Device\Harddisk0\DR0 - ok
13:24:09.0862 4908 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk1\DR1
13:24:09.0865 4908 \Device\Harddisk1\DR1 - ok
13:24:09.0892 4908 MBR (0x1B8) (56df9397e06f43590c14471d2868f3e7) \Device\Harddisk2\DR2
13:24:13.0469 4908 \Device\Harddisk2\DR2 - ok
13:24:13.0472 4908 Boot (0x1200) (3df757e0694b5697370f0380c28023d3) \Device\Harddisk0\DR0\Partition0
13:24:13.0473 4908 \Device\Harddisk0\DR0\Partition0 - ok
13:24:13.0492 4908 Boot (0x1200) (7498d025b97913f15b15c94c9f3dc9d3) \Device\Harddisk0\DR0\Partition1
13:24:13.0494 4908 \Device\Harddisk0\DR0\Partition1 - ok
13:24:13.0506 4908 Boot (0x1200) (f0e7c0be0ee39eaec720c0501327c3c3) \Device\Harddisk1\DR1\Partition0
13:24:13.0507 4908 \Device\Harddisk1\DR1\Partition0 - ok
13:24:13.0507 4908 ============================================================
13:24:13.0507 4908 Scan finished
13:24:13.0507 4908 ============================================================
13:24:13.0518 4404 Detected object count: 0
13:24:13.0518 4404 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-09 13:25:17
-----------------------------
13:25:17.129 OS Version: Windows x64 6.1.7601 Service Pack 1
13:25:17.129 Number of processors: 4 586 0x170A
13:25:17.130 ComputerName: ROBERT-PC UserName: Robert
13:25:22.032 Initialize success
13:25:56.557 AVAST engine defs: 12050900
13:26:08.882 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
13:26:08.884 Disk 0 Vendor: ST3320418AS CC35 Size: 305244MB BusType: 3
13:26:08.905 Disk 0 MBR read successfully
13:26:08.907 Disk 0 MBR scan
13:26:08.911 Disk 0 Windows 7 default MBR code
13:26:08.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:26:08.928 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305142 MB offset 206848
13:26:08.945 Disk 0 scanning C:\Windows\system32\drivers
13:26:21.420 Service scanning
13:26:39.111 Modules scanning
13:26:39.117 Disk 0 trace - called modules:
13:26:39.139 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:26:39.143 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007aaf060]
13:26:39.148 3 CLASSPNP.SYS[fffff88001b8f43f] -> nt!IofCallDriver -> [0xfffffa8007806580]
13:26:39.152 5 ACPI.sys[fffff88000ee87a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8007808060]
13:26:39.867 AVAST engine scan C:\Windows
13:26:42.488 AVAST engine scan C:\Windows\system32
13:29:28.302 AVAST engine scan C:\Windows\system32\drivers
13:29:42.753 AVAST engine scan C:\Users\Robert
13:35:52.217 AVAST engine scan C:\ProgramData
13:36:42.285 Scan finished successfully
13:38:27.649 Disk 0 MBR has been saved successfully to "C:\Users\Robert\Desktop\MBR.dat"
13:38:27.653 The log file has been saved successfully to "C:\Users\Robert\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 PM

Posted 09 May 2012 - 01:08 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 rk9

rk9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 09 May 2012 - 03:42 PM

No issues running the script or Combo Fix (Other than me taking too long and having to turn AVG off for an extra 15 minutes in the middle of the scan).

Computer seems to be behaving as needed/expected.
If you don't see anything odd in the log, I think I'm all set.

Thank you!

ComboFix 12-05-09.01 - Robert 05/09/2012 16:23:47.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.6157 [GMT -4:00]
Running from: c:\users\Robert\Desktop\ComboFix.exe
Command switches used :: c:\users\Robert\Desktop\cfscript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-09 20:28 . 2012-05-09 20:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-08 04:00 . 2012-05-08 04:00 -------- d-----w- c:\program files (x86)\Bards Tale Editor
2012-05-08 04:00 . 1999-04-06 03:13 131856 ----a-w- c:\windows\SysWow64\COMDLG32.OCX
2012-05-08 03:59 . 1999-04-06 03:13 721168 ----a-w- c:\windows\SysWow64\VB40032.DLL
2012-05-08 03:59 . 1999-04-06 03:13 171520 ----a-w- c:\windows\setup132.exe
2012-05-08 03:59 . 1999-04-06 03:13 60416 ----a-w- c:\windows\ST4UNST.EXE
2012-05-07 22:47 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-07 22:47 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-07 22:47 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-07 22:47 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-07 22:47 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-07 22:47 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-07 22:47 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-07 03:39 . 2012-05-07 23:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-30 07:00 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-30 07:00 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-30 07:00 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-29 19:35 . 2012-05-06 23:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-29 18:52 . 2012-04-29 18:52 -------- d-----w- C:\$AVG
2012-04-28 19:42 . 2012-04-29 04:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-28 19:42 . 2012-04-28 20:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-22 21:26 . 2012-04-22 21:27 -------- d-----w- c:\users\Robert\AppData\Roaming\dvdcss
2012-04-22 05:00 . 2012-04-22 05:01 -------- d-----w- c:\programdata\IObit
2012-04-22 04:59 . 2012-04-22 05:00 -------- d-----w- c:\users\Robert\AppData\Roaming\IObit
2012-04-22 04:59 . 2012-04-22 05:00 -------- d-----w- c:\program files (x86)\IObit
2012-04-21 15:30 . 2012-04-22 18:43 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-04-21 12:40 . 2012-03-20 16:21 149432 ----a-w- c:\windows\SGDetectionTool.dll0512.old
2012-04-21 12:40 . 2012-03-20 16:20 767928 ----a-w- c:\windows\BDTSupport.dll0512.old
2012-04-21 12:40 . 2012-03-20 16:21 2271160 ----a-w- c:\windows\PCTBDCore.dll0512.old
2012-04-21 12:38 . 2012-03-20 17:49 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-04-21 12:38 . 2012-04-22 18:49 -------- d-----w- c:\program files (x86)\PC Tools
2012-04-21 12:36 . 2012-02-28 15:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-04-21 12:36 . 2012-02-28 15:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-04-21 12:36 . 2012-04-22 18:49 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-04-21 12:34 . 2012-05-09 13:17 -------- d-----w- c:\programdata\PC Tools
2012-04-21 12:34 . 2012-04-21 12:34 -------- d-----w- c:\users\Robert\AppData\Roaming\TestApp
2012-04-21 12:34 . 2012-04-21 12:34 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-21 12:33 . 2012-04-22 18:49 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-04-19 18:52 . 2012-05-09 17:01 -------- d-----r- c:\users\Robert\Dropbox
2012-04-19 18:51 . 2012-05-09 17:01 -------- d-----w- c:\users\Robert\AppData\Roaming\Dropbox
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-16 03:04 . 2012-04-16 03:04 -------- d-----w- c:\users\Robert\AppData\Roaming\Malwarebytes
2012-04-16 03:04 . 2012-04-16 04:11 -------- d-----w- c:\programdata\Malwarebytes
2012-04-16 03:04 . 2012-04-16 03:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-16 03:04 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-16 02:52 . 2012-04-16 02:52 -------- d-----w- c:\programdata\AMD
2012-04-16 02:52 . 2012-04-16 02:52 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-16 02:52 . 2012-04-16 02:52 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-16 02:47 . 2012-04-16 02:47 -------- d-----w- C:\AMD
2012-04-16 00:56 . 2012-04-16 00:56 -------- d-----w- c:\users\Robert\AppData\Local\{B77A9E36-8597-11E1-826D-B8AC6F996F26}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 09:41 . 2012-04-02 22:33 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 09:41 . 2011-05-19 11:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 09:41 . 2012-04-02 22:41 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-20 12:48 . 2010-08-18 05:58 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-04-20 12:48 . 2010-08-18 05:58 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-03-19 09:17 . 2012-03-19 09:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-03-09 05:26 . 2012-03-09 05:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-03-09 05:26 . 2012-03-09 05:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-03-09 05:26 . 2012-03-09 05:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-03-09 05:26 . 2012-03-09 05:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-03-09 05:26 . 2012-03-09 05:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll
2012-03-09 05:25 . 2012-03-09 05:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-09 05:24 . 2012-03-09 05:24 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 05:24 . 2012-03-09 05:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-02-17 23:16 . 2012-02-17 23:16 65536 ----a-w- c:\windows\ICE_JNIRegistry.dll
2012-02-17 06:38 . 2012-03-13 22:11 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-13 22:11 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 22:11 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 22:11 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 22:11 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-13 22:12 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 22:12 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-09_15.43.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-20 05:03 . 2012-05-09 17:03 52096 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-09 17:03 31590 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-15 02:20 . 2012-05-09 17:03 13626 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2361868720-301053035-2732398649-1001_UserData.bin
- 2012-05-09 14:33 . 2012-05-09 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-09 17:01 . 2012-05-09 17:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-09 17:01 . 2012-05-09 17:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-09 14:33 . 2012-05-09 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-16 02:16 . 2012-05-09 18:38 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-04-16 02:16 . 2012-05-09 13:20 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-05-09 13:20 507904 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-09 18:38 507904 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-09 13:20 5914624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-09 18:38 5914624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-09 13:20 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-09 18:38 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-01-16 5300360]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-11-11 64112]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-04-20 296056]
.
c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2010-12-3 293950]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42512179.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62363606.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2011-01-12 116536]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 17908948
*NewlyCreated* - ASWMBR
*Deregistered* - 17908948
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:41]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2361868720-301053035-2732398649-1001Core.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 17:51]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2361868720-301053035-2732398649-1001UA.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 17:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: alexfung.info
Trusted Zone: firstenergycorp.com\www
Trusted Zone: netflix.com\www
Trusted Zone: oglaf.com\www
Trusted Zone: pittstate.edu\vpn
Trusted Zone: thepaymentwindow.com\epayexchange
TCP: DhcpNameServer = 192.168.2.1
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.pittstate.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\2aalvpr7.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:56,c1,9f,9e,cb,1b,cd,01
.
[HKEY_USERS\S-1-5-21-2361868720-301053035-2732398649-1001\Software\SecuROM\License information*]
"datasecu"=hex:bf,04,b7,36,5d,48,bc,2f,d0,e0,bb,cc,8d,39,f2,49,ef,f4,2d,14,68,
f3,94,3e,ae,3c,06,98,02,64,d7,43,11,59,04,f7,f5,56,d2,7e,0c,af,bb,73,67,31,\
"rkeysecu"=hex:29,74,f1,53,cd,e8,af,03,3a,6b,07,99,e2,77,19,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-09 16:30:45
ComboFix-quarantined-files.txt 2012-05-09 20:30
ComboFix2.txt 2012-05-09 15:46
.
Pre-Run: 222,158,987,264 bytes free
Post-Run: 222,239,850,496 bytes free
.
- - End Of File - - 1BD0BCDD82A56EE2D136D94AC6C68BD7

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 PM

Posted 09 May 2012 - 04:16 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

BitTorrent
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 rk9

rk9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 09 May 2012 - 04:57 PM

No problems running these, or any other problems. Search functions still working correctly.
Thanks!

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.09.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Robert :: ROBERT-PC [administrator]

5/9/2012 5:42:59 PM
mbam-log-2012-05-09 (17-42-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 207906
Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:53:04 PM, on 5/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Evernote Clipper.lnk = ?
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alexfung.info
O15 - Trusted Zone: http://www.oglaf.com
O15 - Trusted IP range: 192.168.2.1
O16 - DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} (SettingsHelper Class) - https://registration.rr.com/RegHelper.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn.pittstate.edu/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 10.4.1) -
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.7.0) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 10.4.1) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cbord.webex.com/client/T27LB/smt/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\SysWOW64\atashost.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14412 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 PM

Posted 09 May 2012 - 06:31 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
      O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
      O4 - Startup: Dropbox.lnk = Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Global Startup: Evernote Clipper.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 rk9

rk9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 09 May 2012 - 08:26 PM

C:\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\TDSSKiller_Quarantine\06.05.2012_19.22.45\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.05.2012_19.22.45\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\06.05.2012_19.22.45\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\06.05.2012_19.22.45\tdlfs0000\tsk0003.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\06.05.2012_19.22.45\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.05.2012_19.22.45\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\29.04.2012_15.34.19\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\29.04.2012_15.34.19\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\29.04.2012_15.34.19\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\29.04.2012_15.34.19\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\29.04.2012_15.34.19\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\29.04.2012_15.34.19\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35K04IOP\1[1].htm JS/Fraud.NAP trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35K04IOP\1[1].htm JS/Fraud.NAP trojan

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 PM

Posted 09 May 2012 - 09:04 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35K04IOP\1[1].htm"
    del /f /s /q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35K04IOP\1[1].htm"
    rd /s /q "C:\TDSSKiller_Quarantine\"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 rk9

rk9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 09 May 2012 - 09:22 PM

All set. Thank you very much for your help!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 PM

Posted 09 May 2012 - 09:27 PM

You are more than welcome and glad I was able to help



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 PM

Posted 11 May 2012 - 11:14 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users