Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Cell Phone shaped ad and random redirects on links


  • This topic is locked This topic is locked
14 replies to this topic

#1 tjjmbrito

tjjmbrito

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 18 May 2012 - 11:45 PM

Hello, for over a month now I have been getting random redirects to various sites (like casino sites, cash sites, advertisement sites, etc) when clicking any link - and it happens completely at random. Also, for the longest time I would have a cell phone shaped ad recommending products that were related to the site I was on (for example, if I was on Amazon, it would recommend where I can buy DVDs) I have never clicked a recommendation in the ad, so I am not sure where it would have taken me. I could click the 'x' that the ad had in the right hand corner, however this would only minimize it to a rectangular box that said "Recommended for you".
I was using the latest version of Firefox, and I thought the problem was with Firefox so I uninstalled it and began using IE 9. I have Windows 7 64 bit OS. I continue to have this ad in the bottom right hand corner even with IE9. The ad has now changed over (about a couple days ago) to a large square box that advertises for an online poker site or "who will you marry, so accurate it's scary!" I still get random redirects daily. The ad does not pop up on every site I visit, but it does appear 90% of the time. I cannot recall what I did to infect my computer with this as I do not illegally download files (not even music), and only programs that I know are from trusted sites and my antivirus program scans it. So I am not sure how I got this. I do know that BitDefender finds it, and I choose to remove it, but it always comes back. Malwarebytes did the same thing (finds it, removes it, but it comes back). Now when I run them, it says I have no infections, but clearly I do. I need some assistance removing this! Thanks :)

**Just to note, when I was doing the GMER step, the boxes from 'Systems' to 'Libraries' were greyed out so I couldn't check them







.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Valued Customer at 23:35:24 on 2012-05-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4094.2264 [GMT -4:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Bitdefender\Bitdefender 2012\antispam32\bdimguiaux.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: MRI_DISABLED - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\VALUED~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8C12FF1E-9714-4951-8524-D1B3427882C7} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BDC4D3B3-BD18-4E43-BD9D-AA94DC1E7417} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BDC4D3B3-BD18-4E43-BD9D-AA94DC1E7417}\2454C4C4333363 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BDC4D3B3-BD18-4E43-BD9D-AA94DC1E7417}\34F6E6E65636470527F602F4E4C495 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BDC4D3B3-BD18-4E43-BD9D-AA94DC1E7417}\3597D60716479636F6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BDC4D3B3-BD18-4E43-BD9D-AA94DC1E7417}\C696E6B6379737 : DhcpNameServer = 199.166.6.2 209.239.11.98
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: MRI_DISABLED - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: scriptproxy - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
Hosts: 67.215.245.19 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe [2009-9-2 383544]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-29 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2012-5-8 103440]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-1-23 66096]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-1 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-20 257696]
S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-1 136176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-19 02:46:42 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2012-05-19 02:30:03 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{189FC3D6-DF05-4FD4-98E2-9B2B457CA359}
2012-05-19 02:29:50 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{517B9137-4378-4D84-898E-34DBFE53E354}
2012-05-18 14:29:21 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{A9664EE5-6A95-47BD-9C22-D77E6D7AD579}
2012-05-18 14:29:08 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{D09964CE-3CB4-42C7-899A-68A3A64F975C}
2012-05-18 02:23:04 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{6DC3066F-678B-4ED4-83D9-A08C4EA87613}
2012-05-18 02:22:52 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{85CF3BE3-415E-4CE1-93C7-BEFDD2145C42}
2012-05-17 14:22:24 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{84A76014-1136-4443-B6FE-11AE550EFA90}
2012-05-17 14:22:12 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{2CCCBCA0-FC75-4BE0-B466-6FDB1018D570}
2012-05-17 02:21:44 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{CEDBFBB0-E005-48B5-9CF9-CE3F8A45E495}
2012-05-17 02:21:32 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{8014EC5A-FFB7-470E-A233-60F3AA7AE21E}
2012-05-16 15:55:00 -------- d-----w- C:\ProgramData\HP Photo Creations
2012-05-16 15:55:00 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2012-05-16 15:53:42 -------- d-----w- C:\Program Files\HP
2012-05-16 14:21:03 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{D67BA7F8-F958-40A7-BDC8-925862FAE2B8}
2012-05-16 14:20:51 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{AEE0B9A7-6393-4246-85C3-26BAEB0D0411}
2012-05-16 02:10:32 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{CA2204BB-99BE-48F0-B074-D38B8577E82C}
2012-05-16 02:10:19 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{AC34BEB2-2253-4972-94E1-556D9FBC324D}
2012-05-15 14:09:49 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{B1D04A4C-1D41-4804-A56E-E173BBBFECBD}
2012-05-15 14:09:35 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{54E9FF5C-4BE2-4D9F-B5D6-D077BE1FF68E}
2012-05-15 01:54:47 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{09230355-E016-4FF9-A4DB-CC1CECBDBA7D}
2012-05-15 01:54:35 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{0C0B2CCD-CCF1-4033-A1D6-4EDC6BB5AA8B}
2012-05-14 17:06:42 -------- d-----w- C:\Program Files (x86)\Coupons
2012-05-14 17:06:13 -------- d-----w- C:\Users\Valued Customer\AppData\Roaming\HpUpdate
2012-05-14 17:02:23 -------- d-----w- C:\Program Files (x86)\HP
2012-05-14 16:59:00 -------- d-----w- C:\Users\Valued Customer\AppData\Local\HP
2012-05-14 13:54:07 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{6ADC783D-2261-4701-A6FC-B551FCF65257}
2012-05-14 13:53:54 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{D88D0364-6C8A-4CC8-8CEF-DA15606AC3D4}
2012-05-13 16:54:16 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{0560CA81-5868-47DA-9FAA-1CF1865415A9}
2012-05-13 16:54:03 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{73582116-935C-4763-BCCB-F613300B667E}
2012-05-12 02:48:04 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{F41C28EE-E111-4486-9B0D-F38CB0FD876F}
2012-05-12 02:47:52 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{FF8CC1FD-11CC-473A-A791-E54B2F38B908}
2012-05-11 14:47:21 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{2EFDF433-14F3-431B-A1D5-21FB33D62823}
2012-05-11 14:47:08 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{91A8DCC2-311A-46E1-8A4D-6EB0C7430805}
2012-05-11 02:01:19 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{20CEDF32-05A1-4041-A1AC-936E2BAD3A6A}
2012-05-11 02:01:06 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{D45EFB27-5C44-48C5-9CE6-738084D1073F}
2012-05-10 17:30:44 -------- d-----w- C:\b8e98513d2e94bb224
2012-05-10 17:13:34 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 17:13:34 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 17:13:31 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 17:13:29 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 17:13:28 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 17:13:28 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 17:12:59 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 17:12:50 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 17:12:46 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 17:12:46 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 17:12:46 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 17:12:45 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 17:12:45 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 14:00:35 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{BE12A47F-24A1-403E-8621-BCAFF70D6E98}
2012-05-10 14:00:22 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{DEACDAF3-C5BA-42D1-9D17-FC418521CDD3}
2012-05-10 01:59:43 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{301ADAEF-2F2F-47E2-BE2B-256627DC5F4A}
2012-05-10 01:59:29 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{3DA037B9-725F-47D9-9DA1-547C24E5A8A9}
2012-05-09 13:58:58 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{5A58D060-C279-418B-BC1A-AE1A80656BA9}
2012-05-09 13:58:45 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{A1E49742-E4FD-47A9-A4BE-F805104166E5}
2012-05-09 01:58:15 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{844C6C86-02AC-4E15-820E-31FAE4F4700B}
2012-05-08 13:57:46 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{A8F266D6-5DD1-4CCA-9C33-2B70D8E8D5B9}
2012-05-08 13:57:34 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{A3E00F08-11B8-46CD-B308-31258F35F405}
2012-05-07 14:05:20 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{45CD2190-E6F3-4DE2-B180-9C72BC764BB1}
2012-05-07 14:05:08 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{0D0E3AC8-0412-4B41-8E4A-A5410992C2BF}
2012-05-06 14:55:21 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{F53AE39F-5514-48E0-8793-8ED99989503E}
2012-05-06 14:55:09 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{83FB4D7E-C0CD-4C3E-BBFA-56FC1C09327A}
2012-05-05 02:51:41 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{A5475818-B33A-46A6-AB1F-DE9695C13BC4}
2012-05-04 14:25:58 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{93BA9A3E-5953-47E0-B142-D601882634B6}
2012-05-04 14:25:45 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{BC2404FB-9B45-40A5-A189-9B3372674842}
2012-05-04 01:54:12 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{AACF5ACB-25A5-4C09-9D8E-B59095EB8BE9}
2012-05-04 01:53:54 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{23B628D5-8054-485E-92A7-7F823DE68361}
2012-05-03 13:53:20 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{133D8F4B-2E40-48F9-9C77-8F57AC6C4859}
2012-05-03 13:53:08 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{E17C38D2-2E70-4181-866B-F79A157D90B5}
2012-05-02 14:46:41 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{025654FB-4731-4C58-9A39-E5071AFD1892}
2012-05-02 14:46:29 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{945B1B33-8DFA-4A46-BEDB-EB95ADF999B8}
2012-05-01 15:07:45 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{F26F473D-7DAA-44E4-A10C-AE6D02C10963}
2012-05-01 15:07:29 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{389421B2-93E1-4325-9DB9-C50E1B739F2D}
2012-05-01 02:23:29 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{4376E6B1-2787-4E32-AED2-53957489C8D4}
2012-05-01 02:23:16 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{DCE89E32-2E34-4EAD-B85B-81293600DD6C}
2012-04-30 14:22:47 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{2E72D5AF-B22A-4F7B-B37D-F3CD4CDBE94C}
2012-04-30 14:22:34 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{F5C8A33F-B14B-4060-A557-DA88FA60CC4B}
2012-04-30 01:10:29 -------- d-----w- C:\Users\Valued Customer\AppData\Roaming\Malwarebytes
2012-04-30 01:09:23 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-30 01:09:22 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-30 01:09:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-29 15:15:19 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{9BC68C10-77F7-4B88-8529-C2280F576D80}
2012-04-29 15:15:07 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{3665085E-D18D-4188-8844-DAC975439AD0}
2012-04-29 03:14:38 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{2BCF7015-1491-41A8-B2B6-049D28C3EC4D}
2012-04-29 03:14:27 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{DEAE5377-6421-43BA-BD54-0795A0F9B087}
2012-04-28 15:13:57 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{FDF99ADD-224A-422B-A6BF-EFD06BE4517C}
2012-04-28 15:13:45 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{4218EED0-71A3-4410-9418-899F8EA610C0}
2012-04-27 16:18:42 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{B7C190A2-CD64-42C6-832E-CC880625CC4A}
2012-04-27 16:18:30 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{A5F7233B-54BA-4ED1-88B6-88F67080343A}
2012-04-27 02:01:54 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{2CA62FDB-40D0-4E81-B39E-4E5F957D97FE}
2012-04-27 02:01:40 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{4AD0E4B7-28B0-4F8B-9A9A-0FCC05DE78B7}
2012-04-26 14:01:09 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{50C39320-90F6-4DE5-82F9-598B697010A5}
2012-04-26 14:00:57 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{0FBA798E-E0F1-45F4-9989-2A4F4B899297}
2012-04-26 02:00:30 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{D59B8978-32AE-45DD-9B04-57980F4FC854}
2012-04-25 13:59:59 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{522F6753-C73A-4F41-974F-A8A5D4B62E48}
2012-04-25 13:59:47 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{9E80DD62-66E5-444F-B646-E821CC5B458E}
2012-04-23 15:07:25 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{661806C8-2854-49A2-8D25-DEF99F23CE04}
2012-04-23 15:07:12 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{10ACCC7E-AFE5-41F8-8018-4B03A075A4BF}
2012-04-23 03:06:44 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{E27E94F5-FFA6-4490-A5E7-F30479BA16F6}
2012-04-23 03:06:32 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{CD9A87AE-3555-48D8-9FF2-46C4B2C49FBA}
2012-04-22 15:06:05 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{EA5C9FE6-F909-4F27-8AA8-9B6BCB333D10}
2012-04-22 15:05:53 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{7819835E-8C83-48AF-A25B-0D106BAA5489}
2012-04-22 03:05:19 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{CE066912-F472-44F8-8657-A2346C213C39}
2012-04-22 03:05:01 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{32D59E9F-EF15-48CE-B74D-52A4B14F4CC8}
2012-04-21 15:04:20 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{3171E8A6-3CFE-4384-873D-5F5595FACD1C}
2012-04-21 15:04:07 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{34B07AD2-CE18-40FC-B923-F08301DB3CE1}
2012-04-20 15:22:14 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-20 13:54:31 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-20 13:54:24 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{03EDF30E-E267-499A-A99B-D0C47BF9CEAA}
2012-04-20 13:54:11 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{F6F6F614-27D9-47D5-9D26-F85518FCE0BD}
2012-04-19 14:51:26 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{6CF9A9AE-97C8-4DF7-B709-89A7D6E8D9B8}
2012-04-19 14:51:14 -------- d-----w- C:\Users\Valued Customer\AppData\Local\{1C7F624F-62F9-46B4-BA9B-B5655E3B2C91}
.
==================== Find3M ====================
.
2012-05-04 23:57:36 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-10 15:38:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-30 19:42:42 691896 ----a-w- C:\Windows\System32\drivers\avc3.sys
2012-03-17 18:02:59 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-03-17 18:02:57 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-08 17:35:24 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-03-03 18:55:13 545064 ----a-w- C:\Windows\System32\drivers\avckf.sys
2012-03-03 18:25:29 240578 ----a-w- C:\ProgramData\1330798685.bdinstall.bin
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 23:36:57.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:21 AM

Posted 19 May 2012 - 01:26 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tjjmbrito

tjjmbrito
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 19 May 2012 - 12:07 PM

Hi Gringo
Thanks for the fast reply. Ran SecurityCheck and Combofix. Reactivated my firewall and antivirus software. Everything seems to be running without ads and no redirects (yet). Sometimes after MalwareBytes removed the infection everything would be fine ...but it would come back. So for now, everything seems fine. If it comes back, I can just re-open a new topic? Or can you look at the log to confirm it's been removed?
Thanks for your support :)

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

McAfee SiteAdvisor
Java™ 6 Update 31
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Bitdefender Bitdefender 2012 vsserv.exe
Bitdefender Bitdefender 2012 updatesrv.exe
Bitdefender Bitdefender 2012 bdagent.exe
Bitdefender Bitdefender 2012 antispam32 bdimguiaux.exe
``````````End of Log````````````




ComboFix 12-05-19.01 - Valued Customer 19/05/2012 12:17:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4094.2787 [GMT -4:00]
Running from: c:\users\Valued Customer\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1330798685.bdinstall.bin
c:\programdata\CP.ico
c:\users\Valued Customer\AppData\Local\._Revolution_
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 16:26 . 2012-05-19 16:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-19 02:46 . 2012-05-19 03:28 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-05-16 15:55 . 2012-05-16 15:56 -------- d-----w- c:\programdata\HP Photo Creations
2012-05-16 15:55 . 2012-05-16 15:55 -------- d-----w- c:\program files (x86)\HP Photo Creations
2012-05-16 15:53 . 2012-05-16 15:53 -------- d-----w- c:\program files\HP
2012-05-14 17:06 . 2012-05-14 17:06 -------- d-----w- c:\program files (x86)\Coupons
2012-05-14 17:06 . 2012-05-14 17:06 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\HpUpdate
2012-05-14 17:04 . 2012-05-16 15:43 -------- d-----w- c:\programdata\HP
2012-05-14 17:02 . 2012-05-16 15:54 -------- d-----w- c:\program files (x86)\HP
2012-05-14 16:59 . 2012-05-14 16:59 -------- d-----w- c:\users\Valued Customer\AppData\Local\HP
2012-05-10 17:30 . 2012-05-10 17:30 -------- d-----w- C:\b8e98513d2e94bb224
2012-05-10 17:13 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 17:13 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 17:13 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 17:13 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 17:13 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 17:13 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 17:12 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 17:12 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 17:12 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 17:12 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 17:12 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 17:12 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 17:12 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-04-30 01:10 . 2012-04-30 01:10 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Malwarebytes
2012-04-30 01:09 . 2012-04-30 01:09 -------- d-----w- c:\programdata\Malwarebytes
2012-04-30 01:09 . 2012-04-30 01:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-30 01:09 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 21:11 . 2012-04-29 21:11 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Template
2012-04-20 15:22 . 2012-05-04 23:57 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-20 13:54 . 2012-05-04 23:57 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 23:57 . 2011-05-29 23:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-10 15:38 . 2010-07-20 01:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-06 15:35 . 2011-03-28 22:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-30 19:42 . 2012-01-18 22:16 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-17 18:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-17 18:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-08 17:35 . 2012-03-08 17:35 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-03 18:55 . 2012-01-18 22:16 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-03-02 19:36 . 2012-03-02 19:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-02 19:36 . 2012-03-02 19:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-02 19:36 . 2012-03-02 19:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-02 19:36 . 2012-03-02 19:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-02 19:36 . 2012-03-02 19:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-02 19:36 . 2012-03-02 19:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-02 19:36 . 2012-03-02 19:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-02 19:36 . 2012-03-02 19:36 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-02 19:36 . 2012-03-02 19:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-02 19:36 . 2012-03-02 19:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-02 19:36 . 2012-03-02 19:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-02 19:36 . 2012-03-02 19:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-02 19:36 . 2012-03-02 19:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-02 19:36 . 2012-03-02 19:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-02 19:36 . 2012-03-02 19:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-02 19:36 . 2012-03-02 19:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-02 19:36 . 2012-03-02 19:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-02 19:36 . 2012-03-02 19:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-02 19:36 . 2012-03-02 19:36 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-02 19:36 . 2012-03-02 19:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-02 19:36 . 2012-03-02 19:36 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-02 19:36 . 2012-03-02 19:36 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-02 19:36 . 2012-03-02 19:36 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-02 19:36 . 2012-03-02 19:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-02 19:36 . 2012-03-02 19:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-02 19:36 . 2012-03-02 19:36 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-02 19:36 . 2012-03-02 19:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-02 19:36 . 2012-03-02 19:36 448512 ----a-w- c:\windows\system32\html.iec
2012-03-02 19:36 . 2012-03-02 19:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-02 19:36 . 2012-03-02 19:36 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-02 19:36 . 2012-03-02 19:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-02 19:36 . 2012-03-02 19:36 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-02 19:36 . 2012-03-02 19:36 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-02 19:36 . 2012-03-02 19:36 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-01 06:46 . 2012-04-12 15:27 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 15:27 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 15:27 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 15:27 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 15:27 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 15:27 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 15:27 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 15:30 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 15:30 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 15:30 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 15:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 15:30 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 15:30 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 15:30 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 15:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-27 102400]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-10-23 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-10-15 08:10 498160 ----a-w- c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-12-29 21:35 140520 ------w- c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-15 466736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe [2009-09-02 383544]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-01-13 103440]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-30 66096]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 23:57]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 00:23]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 00:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-30 1067256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1929918914-2418276299-3116538099-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1929918914-2418276299-3116538099-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
.
**************************************************************************
.
Completion time: 2012-05-19 12:33:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 16:33
.
Pre-Run: 122,445,598,720 bytes free
Post-Run: 123,243,757,568 bytes free
.
- - End Of File - - 0A2048B0AFE9246B8B6E6E2F47706838

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:21 AM

Posted 19 May 2012 - 01:48 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tjjmbrito

tjjmbrito
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 19 May 2012 - 09:45 PM

Hi there and thanks for the fast reply again!
I have run both TDSSKiller and aswMBR - no problems running either of them and both finished successfully. Here are the reports, also I still haven't been redirected randomly nor have I experienced any ads. Let me know the next step :)




21:38:00.0264 3888 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
21:38:00.0623 3888 ============================================================
21:38:00.0623 3888 Current date / time: 2012/05/19 21:38:00.0623
21:38:00.0623 3888 SystemInfo:
21:38:00.0623 3888
21:38:00.0638 3888 OS Version: 6.1.7601 ServicePack: 1.0
21:38:00.0638 3888 Product type: Workstation
21:38:00.0638 3888 ComputerName: TIFFANY
21:38:00.0638 3888 UserName: Valued Customer
21:38:00.0638 3888 Windows directory: C:\Windows
21:38:00.0638 3888 System windows directory: C:\Windows
21:38:00.0638 3888 Running under WOW64
21:38:00.0638 3888 Processor architecture: Intel x64
21:38:00.0638 3888 Number of processors: 2
21:38:00.0638 3888 Page size: 0x1000
21:38:00.0638 3888 Boot type: Normal boot
21:38:00.0638 3888 ============================================================
21:38:01.0855 3888 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:38:01.0871 3888 ============================================================
21:38:01.0871 3888 \Device\Harddisk0\DR0:
21:38:01.0871 3888 MBR partitions:
21:38:01.0871 3888 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
21:38:01.0871 3888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
21:38:01.0871 3888 ============================================================
21:38:01.0886 3888 C: <-> \Device\Harddisk0\DR0\Partition1
21:38:01.0886 3888 ============================================================
21:38:01.0886 3888 Initialize success
21:38:01.0886 3888 ============================================================
21:38:23.0936 3812 ============================================================
21:38:23.0936 3812 Scan started
21:38:23.0936 3812 Mode: Manual;
21:38:23.0936 3812 ============================================================
21:38:27.0384 3812 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:38:27.0384 3812 1394ohci - ok
21:38:27.0415 3812 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:38:27.0431 3812 ACPI - ok
21:38:27.0462 3812 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:38:27.0462 3812 AcpiPmi - ok
21:38:27.0649 3812 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:38:27.0649 3812 AdobeFlashPlayerUpdateSvc - ok
21:38:27.0712 3812 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:38:27.0727 3812 adp94xx - ok
21:38:27.0774 3812 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:38:27.0790 3812 adpahci - ok
21:38:27.0821 3812 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:38:27.0821 3812 adpu320 - ok
21:38:27.0852 3812 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:38:27.0868 3812 AeLookupSvc - ok
21:38:27.0930 3812 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:38:27.0946 3812 AFD - ok
21:38:27.0992 3812 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:38:28.0008 3812 agp440 - ok
21:38:28.0024 3812 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:38:28.0024 3812 ALG - ok
21:38:28.0055 3812 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:38:28.0055 3812 aliide - ok
21:38:28.0102 3812 AMD External Events Utility (61a18bcaf557cd6614309e4978b81056) C:\Windows\system32\atiesrxx.exe
21:38:28.0102 3812 AMD External Events Utility - ok
21:38:28.0258 3812 AMDFusionSVC (1958f11f01432bce27ee339bddfc477a) c:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe
21:38:28.0273 3812 AMDFusionSVC - ok
21:38:28.0304 3812 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:38:28.0304 3812 amdide - ok
21:38:28.0351 3812 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:38:28.0367 3812 AmdK8 - ok
21:38:28.0648 3812 amdkmdag (f05b22ce901fc26ae55a1a27aa674d96) C:\Windows\system32\DRIVERS\atikmdag.sys
21:38:28.0866 3812 amdkmdag - ok
21:38:29.0053 3812 amdkmdap (ed25d58581b5a28593c277f482fccd62) C:\Windows\system32\DRIVERS\atikmpag.sys
21:38:29.0053 3812 amdkmdap - ok
21:38:29.0116 3812 AmdLLD64 (c27e46c19d5a48ca02c11e3c9b58f4c1) C:\Windows\system32\DRIVERS\AmdLLD64.sys
21:38:29.0116 3812 AmdLLD64 - ok
21:38:29.0147 3812 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:38:29.0147 3812 AmdPPM - ok
21:38:29.0209 3812 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:38:29.0209 3812 amdsata - ok
21:38:29.0240 3812 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:38:29.0240 3812 amdsbs - ok
21:38:29.0256 3812 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:38:29.0256 3812 amdxata - ok
21:38:29.0334 3812 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:38:29.0334 3812 ApfiltrService - ok
21:38:29.0381 3812 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:38:29.0381 3812 AppID - ok
21:38:29.0428 3812 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:38:29.0428 3812 AppIDSvc - ok
21:38:29.0474 3812 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:38:29.0474 3812 Appinfo - ok
21:38:29.0552 3812 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:38:29.0552 3812 arc - ok
21:38:29.0568 3812 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:38:29.0568 3812 arcsas - ok
21:38:29.0599 3812 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:38:29.0615 3812 AsyncMac - ok
21:38:29.0646 3812 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:38:29.0646 3812 atapi - ok
21:38:29.0708 3812 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:38:29.0708 3812 AtiPcie - ok
21:38:29.0771 3812 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:38:29.0802 3812 AudioEndpointBuilder - ok
21:38:29.0802 3812 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:38:29.0818 3812 AudioSrv - ok
21:38:29.0896 3812 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
21:38:29.0911 3812 avc3 - ok
21:38:29.0989 3812 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
21:38:30.0005 3812 avchv - ok
21:38:30.0098 3812 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
21:38:30.0098 3812 avckf - ok
21:38:30.0161 3812 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:38:30.0161 3812 AxInstSV - ok
21:38:30.0223 3812 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:38:30.0239 3812 b06bdrv - ok
21:38:30.0286 3812 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:38:30.0286 3812 b57nd60a - ok
21:38:30.0551 3812 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
21:38:30.0551 3812 BBSvc - ok
21:38:30.0660 3812 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
21:38:30.0660 3812 BBUpdate - ok
21:38:30.0676 3812 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
21:38:30.0691 3812 BCM42RLY - ok
21:38:30.0816 3812 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:38:30.0847 3812 BCM43XX - ok
21:38:31.0019 3812 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:38:31.0019 3812 BDESVC - ok
21:38:31.0128 3812 bdfsfltr (ea195950fa5dd4a8f7bc00822213a363) C:\Windows\system32\DRIVERS\bdfsfltr.sys
21:38:31.0144 3812 bdfsfltr - ok
21:38:31.0237 3812 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
21:38:31.0268 3812 bdfwfpf - ok
21:38:31.0346 3812 bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
21:38:31.0346 3812 bdsandbox - ok
21:38:31.0393 3812 BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
21:38:31.0409 3812 BDVEDISK - ok
21:38:31.0471 3812 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:38:31.0471 3812 Beep - ok
21:38:31.0549 3812 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:38:31.0580 3812 BFE - ok
21:38:31.0627 3812 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:38:31.0643 3812 BITS - ok
21:38:31.0752 3812 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:38:31.0752 3812 blbdrive - ok
21:38:31.0799 3812 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:38:31.0799 3812 bowser - ok
21:38:31.0814 3812 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:38:31.0814 3812 BrFiltLo - ok
21:38:31.0830 3812 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:38:31.0830 3812 BrFiltUp - ok
21:38:31.0877 3812 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:38:31.0877 3812 BridgeMP - ok
21:38:31.0924 3812 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:38:31.0924 3812 Browser - ok
21:38:31.0955 3812 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:38:31.0970 3812 Brserid - ok
21:38:31.0986 3812 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:38:32.0002 3812 BrSerWdm - ok
21:38:32.0017 3812 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:38:32.0017 3812 BrUsbMdm - ok
21:38:32.0033 3812 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:38:32.0033 3812 BrUsbSer - ok
21:38:32.0048 3812 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:38:32.0048 3812 BTHMODEM - ok
21:38:32.0095 3812 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:38:32.0095 3812 bthserv - ok
21:38:32.0111 3812 catchme - ok
21:38:32.0142 3812 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:38:32.0142 3812 cdfs - ok
21:38:32.0204 3812 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:38:32.0204 3812 cdrom - ok
21:38:32.0376 3812 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:38:32.0376 3812 CertPropSvc - ok
21:38:32.0407 3812 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:38:32.0407 3812 circlass - ok
21:38:32.0470 3812 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:38:32.0485 3812 CLFS - ok
21:38:32.0579 3812 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:38:32.0579 3812 clr_optimization_v2.0.50727_32 - ok
21:38:32.0641 3812 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:38:32.0641 3812 clr_optimization_v2.0.50727_64 - ok
21:38:32.0719 3812 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:38:32.0735 3812 clr_optimization_v4.0.30319_32 - ok
21:38:32.0750 3812 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:38:32.0766 3812 clr_optimization_v4.0.30319_64 - ok
21:38:32.0782 3812 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:38:32.0797 3812 CmBatt - ok
21:38:32.0813 3812 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:38:32.0813 3812 cmdide - ok
21:38:32.0875 3812 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:38:32.0891 3812 CNG - ok
21:38:32.0906 3812 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:38:32.0906 3812 Compbatt - ok
21:38:32.0922 3812 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:38:32.0938 3812 CompositeBus - ok
21:38:32.0938 3812 COMSysApp - ok
21:38:32.0953 3812 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:38:32.0969 3812 crcdisk - ok
21:38:33.0016 3812 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:38:33.0031 3812 CryptSvc - ok
21:38:33.0094 3812 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:38:33.0094 3812 CtClsFlt - ok
21:38:33.0156 3812 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
21:38:33.0172 3812 dc3d - ok
21:38:33.0234 3812 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:38:33.0250 3812 DcomLaunch - ok
21:38:33.0312 3812 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:38:33.0328 3812 defragsvc - ok
21:38:33.0359 3812 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:38:33.0359 3812 DfsC - ok
21:38:33.0406 3812 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:38:33.0421 3812 Dhcp - ok
21:38:33.0452 3812 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:38:33.0452 3812 discache - ok
21:38:33.0484 3812 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:38:33.0484 3812 Disk - ok
21:38:33.0530 3812 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:38:33.0530 3812 Dnscache - ok
21:38:33.0624 3812 DockLoginService - ok
21:38:33.0671 3812 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:38:33.0686 3812 dot3svc - ok
21:38:33.0733 3812 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:38:33.0733 3812 DPS - ok
21:38:33.0780 3812 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:38:33.0796 3812 drmkaud - ok
21:38:33.0874 3812 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:38:33.0889 3812 DXGKrnl - ok
21:38:33.0920 3812 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:38:33.0920 3812 EapHost - ok
21:38:34.0092 3812 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:38:34.0170 3812 ebdrv - ok
21:38:34.0326 3812 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:38:34.0326 3812 EFS - ok
21:38:34.0435 3812 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:38:34.0451 3812 ehRecvr - ok
21:38:34.0498 3812 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:38:34.0498 3812 ehSched - ok
21:38:34.0591 3812 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:38:34.0607 3812 elxstor - ok
21:38:34.0638 3812 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:38:34.0654 3812 ErrDev - ok
21:38:34.0700 3812 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:38:34.0716 3812 EventSystem - ok
21:38:34.0732 3812 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:38:34.0732 3812 exfat - ok
21:38:34.0763 3812 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:38:34.0763 3812 fastfat - ok
21:38:34.0841 3812 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:38:34.0856 3812 Fax - ok
21:38:34.0903 3812 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:38:34.0903 3812 fdc - ok
21:38:34.0950 3812 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:38:34.0950 3812 fdPHost - ok
21:38:34.0966 3812 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:38:34.0966 3812 FDResPub - ok
21:38:34.0981 3812 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:38:34.0981 3812 FileInfo - ok
21:38:35.0012 3812 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:38:35.0012 3812 Filetrace - ok
21:38:35.0028 3812 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:38:35.0028 3812 flpydisk - ok
21:38:35.0075 3812 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:38:35.0075 3812 FltMgr - ok
21:38:35.0168 3812 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:38:35.0215 3812 FontCache - ok
21:38:35.0356 3812 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:38:35.0371 3812 FontCache3.0.0.0 - ok
21:38:35.0449 3812 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:38:35.0465 3812 FsDepends - ok
21:38:35.0496 3812 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:38:35.0496 3812 Fs_Rec - ok
21:38:35.0543 3812 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:38:35.0558 3812 fvevol - ok
21:38:35.0574 3812 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:38:35.0574 3812 gagp30kx - ok
21:38:35.0636 3812 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:38:35.0668 3812 gpsvc - ok
21:38:35.0808 3812 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:38:35.0808 3812 gupdate - ok
21:38:35.0839 3812 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:38:35.0839 3812 gupdatem - ok
21:38:35.0870 3812 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:38:35.0886 3812 hcw85cir - ok
21:38:35.0933 3812 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:38:35.0933 3812 HDAudBus - ok
21:38:35.0948 3812 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:38:35.0948 3812 HidBatt - ok
21:38:35.0964 3812 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:38:35.0980 3812 HidBth - ok
21:38:35.0995 3812 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:38:35.0995 3812 HidIr - ok
21:38:36.0026 3812 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:38:36.0042 3812 hidserv - ok
21:38:36.0104 3812 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:38:36.0104 3812 HidUsb - ok
21:38:36.0136 3812 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:38:36.0136 3812 hkmsvc - ok
21:38:36.0182 3812 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:38:36.0198 3812 HomeGroupListener - ok
21:38:36.0245 3812 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:38:36.0245 3812 HomeGroupProvider - ok
21:38:36.0292 3812 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:38:36.0292 3812 HpSAMD - ok
21:38:36.0370 3812 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:38:36.0385 3812 HTTP - ok
21:38:36.0432 3812 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:38:36.0432 3812 hwpolicy - ok
21:38:36.0448 3812 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:38:36.0448 3812 i8042prt - ok
21:38:36.0494 3812 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:38:36.0510 3812 iaStorV - ok
21:38:36.0619 3812 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:38:36.0650 3812 idsvc - ok
21:38:36.0697 3812 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:38:36.0697 3812 iirsp - ok
21:38:36.0760 3812 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:38:36.0806 3812 IKEEXT - ok
21:38:36.0853 3812 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:38:36.0853 3812 intelide - ok
21:38:36.0884 3812 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:38:36.0884 3812 intelppm - ok
21:38:36.0931 3812 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:38:36.0931 3812 IPBusEnum - ok
21:38:36.0962 3812 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:38:36.0962 3812 IpFilterDriver - ok
21:38:37.0009 3812 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:38:37.0025 3812 iphlpsvc - ok
21:38:37.0072 3812 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:38:37.0072 3812 IPMIDRV - ok
21:38:37.0103 3812 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:38:37.0103 3812 IPNAT - ok
21:38:37.0134 3812 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:38:37.0134 3812 IRENUM - ok
21:38:37.0150 3812 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:38:37.0165 3812 isapnp - ok
21:38:37.0181 3812 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:38:37.0196 3812 iScsiPrt - ok
21:38:37.0228 3812 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:38:37.0228 3812 kbdclass - ok
21:38:37.0259 3812 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:38:37.0259 3812 kbdhid - ok
21:38:37.0290 3812 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:38:37.0306 3812 KeyIso - ok
21:38:37.0306 3812 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:38:37.0321 3812 KSecDD - ok
21:38:37.0337 3812 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:38:37.0337 3812 KSecPkg - ok
21:38:37.0384 3812 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:38:37.0384 3812 ksthunk - ok
21:38:37.0446 3812 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:38:37.0462 3812 KtmRm - ok
21:38:37.0524 3812 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:38:37.0524 3812 LanmanServer - ok
21:38:37.0571 3812 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:38:37.0586 3812 LanmanWorkstation - ok
21:38:37.0633 3812 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:38:37.0633 3812 lltdio - ok
21:38:37.0680 3812 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:38:37.0696 3812 lltdsvc - ok
21:38:37.0711 3812 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:38:37.0711 3812 lmhosts - ok
21:38:37.0758 3812 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:38:37.0758 3812 LSI_FC - ok
21:38:37.0774 3812 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:38:37.0774 3812 LSI_SAS - ok
21:38:37.0789 3812 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:38:37.0789 3812 LSI_SAS2 - ok
21:38:37.0820 3812 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:38:37.0820 3812 LSI_SCSI - ok
21:38:37.0836 3812 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:38:37.0852 3812 luafv - ok
21:38:37.0914 3812 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:38:37.0914 3812 MBAMProtector - ok
21:38:38.0023 3812 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:38:38.0039 3812 MBAMService - ok
21:38:38.0117 3812 McAfee SiteAdvisor Service (be8c524313db75fa26fb2b0c0aaff88e) c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
21:38:38.0117 3812 McAfee SiteAdvisor Service - ok
21:38:38.0164 3812 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:38:38.0164 3812 Mcx2Svc - ok
21:38:38.0195 3812 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:38:38.0210 3812 megasas - ok
21:38:38.0242 3812 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:38:38.0242 3812 MegaSR - ok
21:38:38.0273 3812 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:38:38.0288 3812 MMCSS - ok
21:38:38.0288 3812 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:38:38.0288 3812 Modem - ok
21:38:38.0320 3812 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:38:38.0320 3812 monitor - ok
21:38:38.0366 3812 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:38:38.0366 3812 mouclass - ok
21:38:38.0398 3812 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:38:38.0398 3812 mouhid - ok
21:38:38.0444 3812 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:38:38.0444 3812 mountmgr - ok
21:38:38.0476 3812 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:38:38.0491 3812 mpio - ok
21:38:38.0569 3812 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:38:38.0600 3812 mpsdrv - ok
21:38:38.0663 3812 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:38:38.0694 3812 MpsSvc - ok
21:38:38.0741 3812 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:38:38.0741 3812 MRxDAV - ok
21:38:38.0788 3812 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:38:38.0788 3812 mrxsmb - ok
21:38:38.0850 3812 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:38:38.0850 3812 mrxsmb10 - ok
21:38:38.0866 3812 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:38:38.0866 3812 mrxsmb20 - ok
21:38:38.0897 3812 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:38:38.0897 3812 msahci - ok
21:38:38.0944 3812 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:38:38.0944 3812 msdsm - ok
21:38:38.0975 3812 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:38:38.0990 3812 MSDTC - ok
21:38:39.0037 3812 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:38:39.0037 3812 Msfs - ok
21:38:39.0068 3812 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:38:39.0068 3812 mshidkmdf - ok
21:38:39.0115 3812 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:38:39.0115 3812 msisadrv - ok
21:38:39.0146 3812 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:38:39.0162 3812 MSiSCSI - ok
21:38:39.0162 3812 msiserver - ok
21:38:39.0193 3812 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:38:39.0193 3812 MSKSSRV - ok
21:38:39.0224 3812 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:38:39.0224 3812 MSPCLOCK - ok
21:38:39.0224 3812 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:38:39.0240 3812 MSPQM - ok
21:38:39.0287 3812 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:38:39.0302 3812 MsRPC - ok
21:38:39.0334 3812 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:38:39.0334 3812 mssmbios - ok
21:38:39.0349 3812 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:38:39.0349 3812 MSTEE - ok
21:38:39.0365 3812 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:38:39.0365 3812 MTConfig - ok
21:38:39.0396 3812 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:38:39.0396 3812 Mup - ok
21:38:39.0443 3812 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:38:39.0474 3812 napagent - ok
21:38:39.0505 3812 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:38:39.0521 3812 NativeWifiP - ok
21:38:39.0583 3812 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:38:39.0614 3812 NDIS - ok
21:38:39.0646 3812 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:38:39.0646 3812 NdisCap - ok
21:38:39.0677 3812 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:38:39.0692 3812 NdisTapi - ok
21:38:39.0724 3812 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:38:39.0739 3812 Ndisuio - ok
21:38:39.0786 3812 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:38:39.0786 3812 NdisWan - ok
21:38:39.0833 3812 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:38:39.0833 3812 NDProxy - ok
21:38:39.0848 3812 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:38:39.0848 3812 NetBIOS - ok
21:38:39.0895 3812 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:38:39.0895 3812 NetBT - ok
21:38:39.0942 3812 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:38:39.0942 3812 Netlogon - ok
21:38:40.0004 3812 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:38:40.0020 3812 Netman - ok
21:38:40.0051 3812 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:38:40.0067 3812 netprofm - ok
21:38:40.0160 3812 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:38:40.0176 3812 NetTcpPortSharing - ok
21:38:40.0207 3812 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:38:40.0223 3812 nfrd960 - ok
21:38:40.0270 3812 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:38:40.0285 3812 NlaSvc - ok
21:38:40.0301 3812 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:38:40.0316 3812 Npfs - ok
21:38:40.0348 3812 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:38:40.0348 3812 nsi - ok
21:38:40.0363 3812 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:38:40.0363 3812 nsiproxy - ok
21:38:40.0472 3812 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:38:40.0519 3812 Ntfs - ok
21:38:40.0675 3812 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:38:40.0675 3812 Null - ok
21:38:40.0706 3812 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:38:40.0722 3812 nvraid - ok
21:38:40.0738 3812 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:38:40.0738 3812 nvstor - ok
21:38:40.0769 3812 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:38:40.0769 3812 nv_agp - ok
21:38:40.0909 3812 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:38:41.0003 3812 odserv - ok
21:38:41.0034 3812 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:38:41.0050 3812 ohci1394 - ok
21:38:41.0096 3812 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:38:41.0112 3812 ose - ok
21:38:41.0174 3812 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:38:41.0190 3812 p2pimsvc - ok
21:38:41.0221 3812 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:38:41.0237 3812 p2psvc - ok
21:38:41.0284 3812 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:38:41.0284 3812 Parport - ok
21:38:41.0315 3812 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:38:41.0315 3812 partmgr - ok
21:38:41.0330 3812 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:38:41.0346 3812 PcaSvc - ok
21:38:41.0393 3812 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:38:41.0393 3812 pci - ok
21:38:41.0393 3812 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:38:41.0393 3812 pciide - ok
21:38:41.0424 3812 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:38:41.0424 3812 pcmcia - ok
21:38:41.0440 3812 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:38:41.0440 3812 pcw - ok
21:38:41.0486 3812 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:38:41.0502 3812 PEAUTH - ok
21:38:41.0611 3812 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:38:41.0611 3812 PerfHost - ok
21:38:41.0752 3812 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:38:41.0830 3812 pla - ok
21:38:41.0892 3812 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:38:41.0908 3812 PlugPlay - ok
21:38:41.0939 3812 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:38:41.0939 3812 PNRPAutoReg - ok
21:38:41.0970 3812 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:38:41.0970 3812 PNRPsvc - ok
21:38:42.0079 3812 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
21:38:42.0079 3812 Point64 - ok
21:38:42.0142 3812 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:38:42.0157 3812 PolicyAgent - ok
21:38:42.0204 3812 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:38:42.0220 3812 Power - ok
21:38:42.0266 3812 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:38:42.0282 3812 PptpMiniport - ok
21:38:42.0313 3812 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:38:42.0329 3812 Processor - ok
21:38:42.0344 3812 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:38:42.0344 3812 ProfSvc - ok
21:38:42.0391 3812 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:38:42.0391 3812 ProtectedStorage - ok
21:38:42.0438 3812 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:38:42.0454 3812 Psched - ok
21:38:42.0500 3812 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:38:42.0500 3812 PxHlpa64 - ok
21:38:42.0563 3812 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:38:42.0625 3812 ql2300 - ok
21:38:42.0812 3812 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:38:42.0812 3812 ql40xx - ok
21:38:42.0844 3812 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:38:42.0859 3812 QWAVE - ok
21:38:42.0875 3812 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:38:42.0875 3812 QWAVEdrv - ok
21:38:42.0906 3812 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:38:42.0906 3812 RasAcd - ok
21:38:42.0953 3812 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:38:42.0953 3812 RasAgileVpn - ok
21:38:42.0968 3812 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:38:42.0968 3812 RasAuto - ok
21:38:43.0015 3812 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:38:43.0015 3812 Rasl2tp - ok
21:38:43.0046 3812 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:38:43.0062 3812 RasMan - ok
21:38:43.0093 3812 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:38:43.0093 3812 RasPppoe - ok
21:38:43.0124 3812 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:38:43.0124 3812 RasSstp - ok
21:38:43.0156 3812 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:38:43.0171 3812 rdbss - ok
21:38:43.0187 3812 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:38:43.0187 3812 rdpbus - ok
21:38:43.0202 3812 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:38:43.0218 3812 RDPCDD - ok
21:38:43.0234 3812 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:38:43.0234 3812 RDPENCDD - ok
21:38:43.0249 3812 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:38:43.0265 3812 RDPREFMP - ok
21:38:43.0296 3812 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:38:43.0312 3812 RDPWD - ok
21:38:43.0358 3812 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:38:43.0374 3812 rdyboost - ok
21:38:43.0405 3812 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:38:43.0405 3812 RemoteAccess - ok
21:38:43.0452 3812 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:38:43.0468 3812 RemoteRegistry - ok
21:38:43.0483 3812 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:38:43.0483 3812 RpcEptMapper - ok
21:38:43.0499 3812 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:38:43.0499 3812 RpcLocator - ok
21:38:43.0561 3812 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:38:43.0561 3812 RpcSs - ok
21:38:43.0608 3812 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:38:43.0608 3812 rspndr - ok
21:38:43.0655 3812 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\System32\Drivers\RtsUStor.sys
21:38:43.0655 3812 RSUSBSTOR - ok
21:38:43.0733 3812 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:38:43.0748 3812 RTL8167 - ok
21:38:43.0780 3812 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:38:43.0780 3812 SamSs - ok
21:38:43.0811 3812 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:38:43.0811 3812 sbp2port - ok
21:38:43.0858 3812 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:38:43.0873 3812 SCardSvr - ok
21:38:43.0904 3812 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:38:43.0904 3812 scfilter - ok
21:38:43.0967 3812 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:38:44.0029 3812 Schedule - ok
21:38:44.0076 3812 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:38:44.0076 3812 SCPolicySvc - ok
21:38:44.0092 3812 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:38:44.0107 3812 SDRSVC - ok
21:38:44.0201 3812 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:38:44.0201 3812 secdrv - ok
21:38:44.0248 3812 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:38:44.0248 3812 seclogon - ok
21:38:44.0279 3812 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:38:44.0279 3812 SENS - ok
21:38:44.0294 3812 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:38:44.0310 3812 SensrSvc - ok
21:38:44.0326 3812 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:38:44.0326 3812 Serenum - ok
21:38:44.0341 3812 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:38:44.0341 3812 Serial - ok
21:38:44.0372 3812 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:38:44.0372 3812 sermouse - ok
21:38:44.0419 3812 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:38:44.0435 3812 SessionEnv - ok
21:38:44.0450 3812 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:38:44.0466 3812 sffdisk - ok
21:38:44.0466 3812 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:38:44.0466 3812 sffp_mmc - ok
21:38:44.0482 3812 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:38:44.0482 3812 sffp_sd - ok
21:38:44.0497 3812 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:38:44.0513 3812 sfloppy - ok
21:38:44.0575 3812 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:38:44.0591 3812 SharedAccess - ok
21:38:44.0653 3812 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:38:44.0669 3812 ShellHWDetection - ok
21:38:44.0700 3812 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:38:44.0700 3812 SiSRaid2 - ok
21:38:44.0716 3812 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:38:44.0716 3812 SiSRaid4 - ok
21:38:44.0762 3812 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:38:44.0778 3812 Smb - ok
21:38:44.0840 3812 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:38:44.0856 3812 SNMPTRAP - ok
21:38:44.0856 3812 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:38:44.0856 3812 spldr - ok
21:38:44.0918 3812 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:38:44.0934 3812 Spooler - ok
21:38:45.0106 3812 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:38:45.0199 3812 sppsvc - ok
21:38:45.0340 3812 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:38:45.0340 3812 sppuinotify - ok
21:38:45.0418 3812 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:38:45.0433 3812 srv - ok
21:38:45.0464 3812 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:38:45.0480 3812 srv2 - ok
21:38:45.0496 3812 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:38:45.0511 3812 srvnet - ok
21:38:45.0558 3812 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:38:45.0574 3812 SSDPSRV - ok
21:38:45.0589 3812 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:38:45.0589 3812 SstpSvc - ok
21:38:45.0745 3812 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
21:38:45.0745 3812 STacSV - ok
21:38:45.0792 3812 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:38:45.0792 3812 stexstor - ok
21:38:45.0854 3812 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
21:38:45.0886 3812 STHDA - ok
21:38:45.0948 3812 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:38:45.0964 3812 stisvc - ok
21:38:46.0010 3812 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:38:46.0010 3812 swenum - ok
21:38:46.0073 3812 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:38:46.0104 3812 swprv - ok
21:38:46.0198 3812 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:38:46.0260 3812 SysMain - ok
21:38:46.0416 3812 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:38:46.0432 3812 TabletInputService - ok
21:38:46.0463 3812 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:38:46.0478 3812 TapiSrv - ok
21:38:46.0525 3812 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:38:46.0525 3812 TBS - ok
21:38:46.0759 3812 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:38:46.0806 3812 Tcpip - ok
21:38:47.0087 3812 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:38:47.0102 3812 TCPIP6 - ok
21:38:47.0274 3812 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:38:47.0290 3812 tcpipreg - ok
21:38:47.0321 3812 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:38:47.0321 3812 TDPIPE - ok
21:38:47.0368 3812 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:38:47.0368 3812 TDTCP - ok
21:38:47.0414 3812 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:38:47.0414 3812 tdx - ok
21:38:47.0461 3812 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:38:47.0461 3812 TermDD - ok
21:38:47.0508 3812 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:38:47.0524 3812 TermService - ok
21:38:47.0570 3812 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:38:47.0570 3812 Themes - ok
21:38:47.0602 3812 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:38:47.0617 3812 THREADORDER - ok
21:38:47.0633 3812 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:38:47.0633 3812 TrkWks - ok
21:38:47.0695 3812 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
21:38:47.0695 3812 trufos - ok
21:38:47.0773 3812 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:38:47.0789 3812 TrustedInstaller - ok
21:38:47.0820 3812 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:38:47.0820 3812 tssecsrv - ok
21:38:47.0882 3812 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:38:47.0898 3812 TsUsbFlt - ok
21:38:47.0960 3812 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:38:47.0960 3812 tunnel - ok
21:38:47.0992 3812 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:38:47.0992 3812 uagp35 - ok
21:38:48.0038 3812 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:38:48.0054 3812 udfs - ok
21:38:48.0085 3812 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:38:48.0085 3812 UI0Detect - ok
21:38:48.0132 3812 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:38:48.0132 3812 uliagpkx - ok
21:38:48.0179 3812 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:38:48.0179 3812 umbus - ok
21:38:48.0210 3812 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:38:48.0210 3812 UmPass - ok
21:38:48.0428 3812 Update Server (7de3f30967cf77bd1fc440c2b847629a) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
21:38:48.0475 3812 Update Server - ok
21:38:48.0569 3812 UPDATESRV (6fa5ffc3765c9c444d82faf1d46c1cae) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
21:38:48.0569 3812 UPDATESRV - ok
21:38:48.0616 3812 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:38:48.0631 3812 upnphost - ok
21:38:48.0678 3812 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:38:48.0678 3812 usbccgp - ok
21:38:48.0709 3812 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:38:48.0709 3812 usbcir - ok
21:38:48.0725 3812 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:38:48.0725 3812 usbehci - ok
21:38:48.0787 3812 usbfilter (d524f3716d85b744762ff5eaaef8f3a2) C:\Windows\system32\DRIVERS\usbfilter.sys
21:38:48.0803 3812 usbfilter - ok
21:38:48.0834 3812 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:38:48.0850 3812 usbhub - ok
21:38:48.0865 3812 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:38:48.0865 3812 usbohci - ok
21:38:48.0928 3812 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:38:48.0928 3812 usbprint - ok
21:38:48.0974 3812 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:38:48.0974 3812 usbscan - ok
21:38:48.0990 3812 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
21:38:48.0990 3812 USBSTOR - ok
21:38:49.0021 3812 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:38:49.0021 3812 usbuhci - ok
21:38:49.0052 3812 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:38:49.0068 3812 usbvideo - ok
21:38:49.0115 3812 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:38:49.0115 3812 UxSms - ok
21:38:49.0146 3812 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:38:49.0146 3812 VaultSvc - ok
21:38:49.0177 3812 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:38:49.0177 3812 vdrvroot - ok
21:38:49.0240 3812 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:38:49.0255 3812 vds - ok
21:38:49.0302 3812 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:38:49.0302 3812 vga - ok
21:38:49.0318 3812 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:38:49.0318 3812 VgaSave - ok
21:38:49.0364 3812 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:38:49.0380 3812 vhdmp - ok
21:38:49.0380 3812 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:38:49.0396 3812 viaide - ok
21:38:49.0411 3812 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:38:49.0411 3812 volmgr - ok
21:38:49.0474 3812 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:38:49.0489 3812 volmgrx - ok
21:38:49.0505 3812 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:38:49.0520 3812 volsnap - ok
21:38:49.0567 3812 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:38:49.0583 3812 vsmraid - ok
21:38:49.0676 3812 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:38:49.0723 3812 VSS - ok
21:38:49.0817 3812 VSSERV - ok
21:38:49.0973 3812 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:38:49.0973 3812 vwifibus - ok
21:38:49.0988 3812 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:38:49.0988 3812 vwififlt - ok
21:38:50.0051 3812 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:38:50.0066 3812 W32Time - ok
21:38:50.0098 3812 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:38:50.0098 3812 WacomPen - ok
21:38:50.0160 3812 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:38:50.0160 3812 WANARP - ok
21:38:50.0176 3812 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:38:50.0176 3812 Wanarpv6 - ok
21:38:50.0269 3812 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:38:50.0316 3812 WatAdminSvc - ok
21:38:50.0410 3812 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:38:50.0472 3812 wbengine - ok
21:38:50.0612 3812 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:38:50.0612 3812 WbioSrvc - ok
21:38:50.0659 3812 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:38:50.0675 3812 wcncsvc - ok
21:38:50.0690 3812 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:38:50.0706 3812 WcsPlugInService - ok
21:38:50.0753 3812 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:38:50.0768 3812 Wd - ok
21:38:50.0815 3812 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:38:50.0831 3812 Wdf01000 - ok
21:38:50.0846 3812 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:38:50.0846 3812 WdiServiceHost - ok
21:38:50.0846 3812 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:38:50.0862 3812 WdiSystemHost - ok
21:38:50.0909 3812 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:38:50.0924 3812 WebClient - ok
21:38:50.0971 3812 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:38:51.0002 3812 Wecsvc - ok
21:38:51.0002 3812 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:38:51.0018 3812 wercplsupport - ok
21:38:51.0049 3812 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:38:51.0049 3812 WerSvc - ok
21:38:51.0143 3812 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:38:51.0143 3812 WfpLwf - ok
21:38:51.0205 3812 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
21:38:51.0205 3812 WimFltr - ok
21:38:51.0221 3812 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:38:51.0221 3812 WIMMount - ok
21:38:51.0268 3812 WinDefend - ok
21:38:51.0283 3812 WinHttpAutoProxySvc - ok
21:38:51.0361 3812 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:38:51.0361 3812 Winmgmt - ok
21:38:51.0470 3812 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:38:51.0517 3812 WinRM - ok
21:38:51.0736 3812 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:38:51.0736 3812 WinUsb - ok
21:38:51.0814 3812 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:38:51.0860 3812 Wlansvc - ok
21:38:52.0048 3812 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:38:52.0063 3812 wlidsvc - ok
21:38:52.0110 3812 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
21:38:52.0110 3812 wltrysvc - ok
21:38:52.0266 3812 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:38:52.0266 3812 WmiAcpi - ok
21:38:52.0344 3812 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:38:52.0344 3812 wmiApSrv - ok
21:38:52.0391 3812 WMPNetworkSvc - ok
21:38:52.0438 3812 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:38:52.0438 3812 WPCSvc - ok
21:38:52.0484 3812 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:38:52.0484 3812 WPDBusEnum - ok
21:38:52.0531 3812 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:38:52.0531 3812 ws2ifsl - ok
21:38:52.0562 3812 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:38:52.0562 3812 wscsvc - ok
21:38:52.0562 3812 WSearch - ok
21:38:52.0687 3812 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:38:52.0781 3812 wuauserv - ok
21:38:52.0952 3812 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:38:52.0952 3812 WudfPf - ok
21:38:53.0015 3812 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:38:53.0015 3812 WUDFRd - ok
21:38:53.0046 3812 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:38:53.0046 3812 wudfsvc - ok
21:38:53.0108 3812 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:38:53.0124 3812 WwanSvc - ok
21:38:53.0155 3812 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
21:38:53.0389 3812 \Device\Harddisk0\DR0 - ok
21:38:53.0405 3812 Boot (0x1200) (0437f2279a05ddd37b790bc9884941c7) \Device\Harddisk0\DR0\Partition0
21:38:53.0405 3812 \Device\Harddisk0\DR0\Partition0 - ok
21:38:53.0436 3812 Boot (0x1200) (ee306775af50d28e385e82a1a66ff4b4) \Device\Harddisk0\DR0\Partition1
21:38:53.0436 3812 \Device\Harddisk0\DR0\Partition1 - ok
21:38:53.0436 3812 ============================================================
21:38:53.0436 3812 Scan finished
21:38:53.0436 3812 ============================================================
21:38:53.0452 1356 Detected object count: 0
21:38:53.0452 1356 Actual detected object count: 0
21:39:25.0065 2420 Deinitialize success













aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-19 21:39:27
-----------------------------
21:39:27.607 OS Version: Windows x64 6.1.7601 Service Pack 1
21:39:27.607 Number of processors: 2 586 0x301
21:39:27.607 ComputerName: TIFFANY UserName:
21:39:29.307 Initialize success
21:41:28.498 AVAST engine defs: 12051901
21:41:43.459 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:41:43.459 Disk 0 Vendor: ST9250315AS D005DEM1 Size: 238475MB BusType: 3
21:41:43.521 Disk 0 MBR read successfully
21:41:43.521 Disk 0 MBR scan
21:41:43.568 Disk 0 Windows VISTA default MBR code
21:41:43.583 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:41:43.630 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
21:41:43.661 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
21:41:43.693 Disk 0 scanning C:\Windows\system32\drivers
21:42:00.088 Service scanning
21:42:29.229 Modules scanning
21:42:29.229 Disk 0 trace - called modules:
21:42:29.245 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:42:29.260 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800492d790]
21:42:29.260 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800488f520]
21:42:29.276 5 ACPI.sys[fffff88000f137a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004891680]
21:42:30.773 AVAST engine scan C:\Windows
21:42:34.627 AVAST engine scan C:\Windows\system32
21:47:14.600 AVAST engine scan C:\Windows\system32\drivers
21:47:32.540 AVAST engine scan C:\Users\Valued Customer
22:06:12.263 AVAST engine scan C:\ProgramData
22:08:08.109 Scan finished successfully
22:41:22.713 Disk 0 MBR has been saved successfully to "C:\Users\Valued Customer\Desktop\MBR.dat"
22:41:22.713 The log file has been saved successfully to "C:\Users\Valued Customer\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:21 AM

Posted 19 May 2012 - 10:14 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tjjmbrito

tjjmbrito
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 20 May 2012 - 02:51 PM

Hello, Next steps have been completed without any issues. Everything still seems to be running perfectly (no ads, no random redirects)

Here is my latest ComboFix log:


ComboFix 12-05-20.06 - Valued Customer 20/05/2012 14:21:36.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4094.2530 [GMT -4:00]
Running from: c:\users\Valued Customer\Desktop\ComboFix.exe
Command switches used :: c:\users\Valued Customer\Desktop\CFScript.txt
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 )))))))))))))))))))))))))))))))
.
.
2012-05-20 19:27 . 2012-05-20 19:27 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-05-20 19:27 . 2012-05-20 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-19 02:46 . 2012-05-19 03:28 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-05-16 15:55 . 2012-05-16 15:56 -------- d-----w- c:\programdata\HP Photo Creations
2012-05-16 15:55 . 2012-05-16 15:55 -------- d-----w- c:\program files (x86)\HP Photo Creations
2012-05-16 15:53 . 2012-05-16 15:53 -------- d-----w- c:\program files\HP
2012-05-14 17:06 . 2012-05-14 17:06 -------- d-----w- c:\program files (x86)\Coupons
2012-05-14 17:06 . 2012-05-14 17:06 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\HpUpdate
2012-05-14 17:04 . 2012-05-16 15:43 -------- d-----w- c:\programdata\HP
2012-05-14 17:02 . 2012-05-16 15:54 -------- d-----w- c:\program files (x86)\HP
2012-05-14 16:59 . 2012-05-14 16:59 -------- d-----w- c:\users\Valued Customer\AppData\Local\HP
2012-05-10 17:30 . 2012-05-10 17:30 -------- d-----w- C:\b8e98513d2e94bb224
2012-05-10 17:13 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 17:13 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 17:13 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 17:13 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 17:13 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 17:13 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 17:12 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 17:12 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 17:12 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 17:12 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 17:12 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 17:12 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 17:12 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-04-30 01:10 . 2012-04-30 01:10 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Malwarebytes
2012-04-30 01:09 . 2012-04-30 01:09 -------- d-----w- c:\programdata\Malwarebytes
2012-04-30 01:09 . 2012-04-30 01:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-30 01:09 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 21:11 . 2012-04-29 21:11 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Template
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 23:57 . 2012-04-20 13:54 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 23:57 . 2011-05-29 23:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 23:57 . 2012-04-20 15:22 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-10 15:38 . 2010-07-20 01:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-06 15:35 . 2011-03-28 22:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-30 19:42 . 2012-01-18 22:16 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-17 18:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-17 18:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-08 17:35 . 2012-03-08 17:35 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-03 18:55 . 2012-01-18 22:16 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-03-02 19:36 . 2012-03-02 19:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-02 19:36 . 2012-03-02 19:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-02 19:36 . 2012-03-02 19:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-02 19:36 . 2012-03-02 19:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-02 19:36 . 2012-03-02 19:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-02 19:36 . 2012-03-02 19:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-02 19:36 . 2012-03-02 19:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-02 19:36 . 2012-03-02 19:36 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-02 19:36 . 2012-03-02 19:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-02 19:36 . 2012-03-02 19:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-02 19:36 . 2012-03-02 19:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-02 19:36 . 2012-03-02 19:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-02 19:36 . 2012-03-02 19:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-02 19:36 . 2012-03-02 19:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-02 19:36 . 2012-03-02 19:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-02 19:36 . 2012-03-02 19:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-02 19:36 . 2012-03-02 19:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-02 19:36 . 2012-03-02 19:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-02 19:36 . 2012-03-02 19:36 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-02 19:36 . 2012-03-02 19:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-02 19:36 . 2012-03-02 19:36 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-02 19:36 . 2012-03-02 19:36 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-02 19:36 . 2012-03-02 19:36 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-02 19:36 . 2012-03-02 19:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-02 19:36 . 2012-03-02 19:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-02 19:36 . 2012-03-02 19:36 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-02 19:36 . 2012-03-02 19:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-02 19:36 . 2012-03-02 19:36 448512 ----a-w- c:\windows\system32\html.iec
2012-03-02 19:36 . 2012-03-02 19:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-02 19:36 . 2012-03-02 19:36 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-02 19:36 . 2012-03-02 19:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-02 19:36 . 2012-03-02 19:36 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-02 19:36 . 2012-03-02 19:36 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-02 19:36 . 2012-03-02 19:36 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-01 06:46 . 2012-04-12 15:27 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 15:27 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 15:27 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 15:27 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 15:27 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 15:27 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 15:27 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 15:30 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 15:30 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 15:30 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 15:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 15:30 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 15:30 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 15:30 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 15:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-19_16.28.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-05-20 19:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-19 15:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-19 15:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-20 19:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-19 15:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-20 19:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-20 01:50 . 2012-05-20 15:11 51166 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-20 15:11 47620 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-23 15:09 . 2012-05-20 15:11 29552 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1929918914-2418276299-3116538099-1000_UserData.bin
- 2010-09-23 12:59 . 2012-05-16 23:25 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-23 12:59 . 2012-05-19 20:47 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-23 12:59 . 2012-05-19 20:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-23 12:59 . 2012-05-16 23:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-16 23:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-19 20:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-20 19:29 . 2012-05-20 19:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-19 16:27 . 2012-05-19 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-19 16:27 . 2012-05-19 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-20 19:29 . 2012-05-20 19:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-24 16:42 . 2012-05-19 19:58 272422 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-05-20 19:34 628874 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-19 15:36 628874 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-19 15:36 111026 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-20 19:34 111026 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-19 16:27 309948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-20 19:29 309948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-26 02:39 . 2012-05-20 19:29 5705380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1929918914-2418276299-3116538099-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-27 102400]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-10-23 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-10-15 08:10 498160 ----a-w- c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-12-29 21:35 140520 ------w- c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-15 466736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe [2009-09-02 383544]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-01-13 103440]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-30 66096]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 23:57]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 00:23]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 00:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-30 1067256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1929918914-2418276299-3116538099-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1929918914-2418276299-3116538099-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
.
**************************************************************************
.
Completion time: 2012-05-20 15:43:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-20 19:43
.
Pre-Run: 122,026,582,016 bytes free
Post-Run: 122,172,760,064 bytes free
.
- - End Of File - - C55B45432AF2951EED62F9219EA08378

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:21 AM

Posted 20 May 2012 - 08:49 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1.2
Bing Bar
Coupon Printer for Windows
Java™ 6 Update 31
PokerStars
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tjjmbrito

tjjmbrito
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 20 May 2012 - 09:42 PM

Completed all the instructions...computer is running fine still. No pop-ups, no redirects.





Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Valued Customer :: TIFFANY [administrator]

Protection: Enabled

20/05/2012 10:39:04 PM
mbam-log-2012-05-20 (22-39-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210283
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)












Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:30:38 PM, on 20/05/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Bitdefender\Bitdefender 2012\antispam32\bdimguiaux.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD Fusion Utility Service (AMDFusionSVC) - Advanced Micro Devices - c:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe
O23 - Service: Dock Login Service (DockLoginService) - Unknown owner - C:\Program Files\Dell\DellDock\DockLogin.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10687 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:21 AM

Posted 20 May 2012 - 10:00 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
      O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 tjjmbrito

tjjmbrito
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 21 May 2012 - 11:23 AM

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:21 AM

Posted 21 May 2012 - 03:15 PM

Hello

The Online scan looks very good!!

These are false Positives

C:\Program Files (x86)\Dell DataSafe Local Backup\<-- Dell backup program


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 tjjmbrito

tjjmbrito
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 21 May 2012 - 08:47 PM

Thanks for all your support Gringo :) My computer is running better than ever! Thanks for the articles as well, they were a helpful read.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:21 AM

Posted 21 May 2012 - 09:50 PM

You are more than welcome and glad I was able to help



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:21 AM

Posted 24 May 2012 - 05:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users