Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS & Google keeps redirecting


  • This topic is locked This topic is locked
17 replies to this topic

#1 TomasPescod

TomasPescod

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 24 May 2012 - 01:37 AM

I keep on getting redirects while searching on Google it´s intermitent so it does not happen most of the time I run a search on Google, also YouTube is affected some times. I´m using Mozilla as my browser on Win 7 (64bit). I already ran SUPER AntiSpyware and Malwarebytes, TrendMicro Housecall and SpeedyPC. Also followed the recommended steps on the bleepingcomputer tutorial. The problem still persists.
Any help will be greatly appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Tomas Pescod at 16:54:05 on 2012-05-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.507.3082.18.6133.3523 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f701f161b383d4ba\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f701f161b383d4ba\AESTSr64.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\OSD\Service1.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OSD\Launch_CC.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\OSD\OSD_Main.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Windows\SysWOW64\MAFWTray.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\BitComet\BitComet.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.alienware.com/
uDefault_Page_URL = hxxp://www.alienware.com/
mStart Page = hxxp://home.sweetim.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.27.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [espaces] C:\premiumsoft\PhotoFun\photofun.exe
uRun: [AdobeBridge]
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [OSD] c:\Program Files\OSD\Launch.exe
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [FAStartup]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe
mRun: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&escargue &con BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&escargue todo con BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: &D&escargue todos los vídeos con BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: Enviar imagen al dispositivo &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.27.dll/206
LSP: mswsock.dll
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{27207DE7-815E-4944-8827-84FC7487272A} : DhcpNameServer = 192.168.48.1 201.221.253.254 201.221.253.252
TCP: Interfaces\{86E5C32B-471F-4F37-8ABA-37119BA003E9} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{D8A4BD60-F70C-4C73-8221-8F65DA1A227E} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D8A4BD60-F70C-4C73-8221-8F65DA1A227E}\759607564775966496D213263653 : DhcpNameServer = 192.168.48.1 201.221.253.254 201.221.253.252
TCP: Interfaces\{DA0F85F7-D8B1-4E23-ADA7-64F1F1C9E8ED} : DhcpNameServer = 192.168.42.129
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
{A2F122DA-055F-4df7-8F24-7354DBDBA85B}
{DA5BCE70-D057-4D63-943D-5F3927EC59F1}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [OSD] c:\Program Files\OSD\Launch.exe
mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun-x64: [FAStartup]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe
mRun-x64: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRunOnce-x64: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.27.dll/206
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tomas Pescod\AppData\Roaming\Mozilla\Firefox\Profiles\h1wiprwy.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://es-ES.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:es-ES:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda2_0yatb&p=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Panda Security\Panda ID Protect\Firefox\components\FFKeypad.dll
FF - component: C:\Users\Tomas Pescod\AppData\Roaming\Mozilla\Firefox\Profiles\h1wiprwy.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll
FF - component: C:\Users\Tomas Pescod\AppData\Roaming\Mozilla\Firefox\Profiles\h1wiprwy.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/10/19 20:41:46];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-8-28 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f701f161b383d4ba\AESTSr64.exe [2010-1-5 89600]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
R2 CustomSvc;Vista Session Launcher Service;C:\Program Files\OSD\Service1.exe [2010-1-5 13312]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-5 656624]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files\OSD\WinRing0x64.sys [2010-1-5 14544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Servicio de actualización de Google (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-2 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-6 1153368]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\system32\DRIVERS\lgandnetdiag64.sys --> C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [?]
S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandnetgps64.sys --> C:\Windows\system32\DRIVERS\lgandnetgps64.sys [?]
S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\system32\DRIVERS\lgandnetmodem64.sys --> C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [?]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;C:\Windows\system32\DRIVERS\lgandnetndis64.sys --> C:\Windows\system32\DRIVERS\lgandnetndis64.sys [?]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 gupdatem;Google Update Servicio (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-2 136176]
S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTVE.sys --> C:\Windows\system32\DRIVERS\IAMTVE.sys [?]
S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTXPE.sys --> C:\Windows\system32\DRIVERS\IAMTXPE.sys [?]
S3 ioatdma;Intel® QuickData Technology device;C:\Windows\system32\Drivers\qd260x64.sys --> C:\Windows\system32\Drivers\qd260x64.sys [?]
S3 ioatdma1;ioatdma1;C:\Windows\system32\Drivers\qd162x64.sys --> C:\Windows\system32\Drivers\qd162x64.sys [?]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\system32\Drivers\qd262x64.sys --> C:\Windows\system32\Drivers\qd262x64.sys [?]
S3 iSSetup;iSSetup;C:\Windows\system32\DRIVERS\iSSetup.sys --> C:\Windows\system32\DRIVERS\iSSetup.sys [?]
S3 MAFW;Service for M-Audio FireWire;C:\Windows\system32\DRIVERS\mafw.sys --> C:\Windows\system32\DRIVERS\mafw.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-21 22:38:16 -------- d-----w- C:\Users\Tomas Pescod\AppData\Roaming\SUPERAntiSpyware.com
2012-05-21 22:37:28 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-21 22:37:28 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-21 21:32:19 -------- d-----w- C:\Windows\Downloaded Program Files
2012-05-21 20:23:33 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-21 00:29:28 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-05-18 21:17:49 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4A811BC5-E3E1-4B94-97FD-C9C8A6C9FEE9}\mpengine.dll
2012-05-16 20:32:44 -------- d-sh--w- C:\found.000
2012-05-16 19:56:19 -------- d-----w- C:\Users\Tomas Pescod\AppData\Local\Temp
2012-05-12 00:24:20 -------- d-----w- C:\Users\Tomas Pescod\AppData\Roaming\DSound
2012-05-09 16:35:05 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-09 16:35:05 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-09 16:34:56 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 16:34:54 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 16:34:52 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-09 16:34:52 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-09 16:34:23 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 16:34:01 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 16:33:53 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 16:33:53 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 16:33:52 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 16:33:52 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 16:33:52 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-08 02:34:42 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-08 02:34:42 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-05-08 02:34:42 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-08 02:34:42 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-07 05:19:16 -------- d-----w- C:\Users\Tomas Pescod\AppData\Roaming\Sawer
2012-05-06 20:34:50 -------- d-----w- C:\Windows\System32\wbem\Logs
2012-05-06 20:19:17 -------- d-----w- C:\Users\Tomas Pescod\AppData\Roaming\SpeedyPC Software
2012-05-06 20:19:17 -------- d-----w- C:\Users\Tomas Pescod\AppData\Roaming\DriverCure
2012-05-06 20:19:07 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-05-06 20:19:02 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-05-06 20:19:02 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
2012-05-06 18:39:10 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-06 18:39:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-01 10:01:30 -------- d-----we C:\Windows\system64
2012-04-23 17:58:51 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-23 17:58:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-23 17:58:50 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-23 17:58:49 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-23 17:58:49 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-23 17:58:49 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-23 17:58:49 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
.
==================== Find3M ====================
.
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-13 03:56:40 947472 ----a-w- C:\Windows\SysWow64\msjava.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 17:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 16:54:47.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 24 May 2012 - 07:07 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 TomasPescod

TomasPescod
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 24 May 2012 - 05:20 PM

Hi Gringo,

Thanks for your reply. I greatly apreciate it. I ran Security Check, followed the instructions on black box, however the window closed after some processing and no checkup.txt was generated. What should I do?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 24 May 2012 - 05:28 PM

move to the next - run combofix


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 TomasPescod

TomasPescod
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 26 May 2012 - 01:34 PM

Hi Gringo,

I ran ComboFix abd it went well. Problem seems to be solved, no more redirects. Thanks a lot buddy! I wander if this issue was related to BitComet? Here´s the analisys log:

ComboFix 12-05-24.03 - Tomas Pescod 05/24/2012 20:19:22.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.507.3082.18.6133.3886 [GMT -7:00]
Running from: c:\users\Tomas Pescod\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tomas Pescod\AppData\Local\{6809f6e4-adf2-3725-2301-aa58cf49a544}
c:\users\Tomas Pescod\AppData\Local\{6809f6e4-adf2-3725-2301-aa58cf49a544}\@
c:\users\Tomas Pescod\AppData\Local\{6809f6e4-adf2-3725-2301-aa58cf49a544}\n
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}
c:\windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}\@
c:\windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}\L\00000004.@
c:\windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}\L\1afb2d56
c:\windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}\L\201d3dde
c:\windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}\n
c:\windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}\U\00000004.@
c:\windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}\U\00000008.@
c:\windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}\U\000000cb.@
c:\windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}\U\80000000.@
c:\windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}\U\80000032.@
c:\windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}\U\80000064.@
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-24 21:36 . 2012-05-24 21:51 -------- d-----w- c:\programdata\SecTaskMan
2012-05-24 06:46 . 2012-05-24 07:24 -------- d-----w- c:\users\Tomas Pescod\DoctorWeb
2012-05-23 02:15 . 2012-05-23 02:15 -------- d-----w- C:\found.001
2012-05-23 00:27 . 2012-05-23 00:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-21 22:38 . 2012-05-21 22:38 -------- d-----w- c:\users\Tomas Pescod\AppData\Roaming\SUPERAntiSpyware.com
2012-05-21 22:37 . 2012-05-21 22:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-21 22:37 . 2012-05-21 22:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-21 21:32 . 2012-05-21 21:32 -------- d-----w- c:\windows\Downloaded Program Files
2012-05-21 20:23 . 2012-05-21 20:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-21 00:29 . 2012-05-21 00:29 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-05-21 00:23 . 2012-05-21 00:29 -------- d-----w- c:\program files\Common Files\Adobe
2012-05-18 21:17 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A811BC5-E3E1-4B94-97FD-C9C8A6C9FEE9}\mpengine.dll
2012-05-16 20:32 . 2012-05-16 20:32 -------- d-----w- C:\found.000
2012-05-16 19:56 . 2012-05-25 03:59 -------- d-----w- c:\users\Tomas Pescod\AppData\Local\Temp
2012-05-12 00:24 . 2012-05-12 00:24 -------- d-----w- c:\users\Tomas Pescod\AppData\Roaming\DSound
2012-05-09 16:35 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 16:35 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 16:34 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 16:34 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 16:34 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 16:34 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 16:34 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 16:34 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 16:33 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 16:33 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 16:33 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 16:33 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 16:33 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 02:34 . 2012-05-08 02:34 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-08 02:34 . 2012-05-08 02:34 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-05-08 02:34 . 2012-05-08 02:34 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-08 02:34 . 2012-05-08 02:34 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-07 05:19 . 2012-05-07 05:19 -------- d-----w- c:\users\Tomas Pescod\AppData\Roaming\Sawer
2012-05-06 20:34 . 2012-05-06 20:34 -------- d-----w- c:\windows\system32\wbem\Logs
2012-05-06 20:19 . 2012-05-06 20:19 -------- d-----w- c:\users\Tomas Pescod\AppData\Roaming\SpeedyPC Software
2012-05-06 20:19 . 2012-05-06 20:19 -------- d-----w- c:\users\Tomas Pescod\AppData\Roaming\DriverCure
2012-05-06 20:19 . 2012-05-06 20:19 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-05-06 20:19 . 2012-05-06 20:19 -------- d-----w- c:\programdata\SpeedyPC Software
2012-05-06 20:19 . 2012-05-06 20:19 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-05-06 18:39 . 2012-05-21 23:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-06 18:39 . 2012-05-16 17:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-01 10:01 . 2012-05-01 10:01 -------- d-----we c:\windows\system64
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-14 19:17 . 2010-04-20 01:06 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-05-14 19:17 . 2010-04-20 01:06 457040 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-10 05:43 . 2010-04-07 15:15 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-05-10 05:43 . 2010-04-07 15:15 457040 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-04 22:56 . 2010-10-24 18:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 03:56 . 2012-03-13 03:56 947472 ----a-w- c:\windows\SysWow64\msjava.dll
2012-03-01 06:46 . 2012-04-23 17:58 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-23 17:58 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-23 17:58 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-23 17:58 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-23 17:58 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-23 17:58 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-23 17:58 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-23 18:01 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-23 18:01 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-23 18:01 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-23 18:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-23 18:01 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-23 18:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-23 18:01 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-23 18:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GBMLite8AgentLaCie"="c:\program files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-17 4787072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OSD"="c:\program files\OSD\Launch.exe" [2009-05-12 36864]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"GBMLite8AgentLaCie"="c:\program files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-05-07 1073312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servicio de actualización de Google (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 136176]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys [x]
R3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandnetgps64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 gupdatem;Google Update Servicio (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 136176]
R3 IAMTVE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys [x]
R3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys [x]
R3 ioatdma;Intel® QuickData Technology device;c:\windows\System32\Drivers\qd260x64.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [x]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [x]
R3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/10/19 20:41];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-08-28 23:36 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f701f161b383d4ba\AESTSr64.exe [2009-03-02 89600]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 20:20]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 20:20]
.
2012-05-13 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]
.
2012-05-25 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-05-06 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
2012-05-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task becdd943-c646-4715-a62d-ee913d545d8b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16335392]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-07-28 94240]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-05 171520]
"Launch_CC App"="c:\program files\osd\launch_cc.exe" [2009-02-19 20480]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.alienware.com/
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &D&escargue &con BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&escargue todo con BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: &D&escargue todos los vídeos con BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Tomas Pescod\AppData\Roaming\Mozilla\Firefox\Profiles\h1wiprwy.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://es-ES.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:es-ES:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda2_0yatb&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-espaces - c:\premiumsoft\PhotoFun\photofun.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
Wow6432Node-HKLM-Run-SwitchBoard - c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SafeBoot-95034575.sys
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - (no file)
ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-(Predeterminado) - (no file)
AddRemove-OrangeVocoder_VST_2.02 - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"=hex:51,66,7a,6c,4c,1d,38,12,0e,bc,32,
bc,1f,12,85,04,ed,ca,7d,0c,c8,64,66,f0
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}"=hex:51,66,7a,6c,4c,1d,38,12,4a,94,5d,
df,2a,bb,93,08,e3,6a,3b,f5,24,5d,8e,ad
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"=hex:51,66,7a,6c,4c,1d,38,12,0c,e0,e4,
3d,b8,cc,34,0e,c3,b9,18,39,ba,81,ae,74
"{64182481-4F71-486B-A045-B233BD0DA8FC}"=hex:51,66,7a,6c,4c,1d,38,12,ef,27,0b,
60,43,01,05,0d,df,53,f1,73,b8,53,ec,e8
"{A2F122DA-055F-4DF7-8F24-7354DBDBA85B}"=hex:51,66,7a,6c,4c,1d,38,12,b4,21,e2,
a6,6d,4b,99,08,f0,32,30,14,de,85,ec,4f
"{A876E312-7D08-401A-B7A6-FAFC5DC2F292}"=hex:51,66,7a,6c,4c,1d,38,12,7c,e0,65,
ac,3a,33,74,05,c8,b0,b9,bc,58,9c,b6,86
"{B2A44031-7EAD-434C-AC9E-7F1DA176BA8C}"=hex:51,66,7a,6c,4c,1d,38,12,5f,43,b7,
b6,9f,30,22,06,d3,88,3c,5d,a4,28,fe,98
"{DA5BCE70-D057-4D63-943D-5F3927EC59F1}"=hex:51,66,7a,6c,4c,1d,38,12,1e,cd,48,
de,65,9e,0d,08,eb,2b,1c,79,22,b2,1d,e5
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ba,97,fb,39,30,ae,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Alienware\Command Center\AlienFusionController.exe
.
**************************************************************************
.
Completion time: 2012-05-24 21:03:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-25 04:03
.
Pre-Run: 169,498,574,848 bytes libres
Post-Run: 169,532,313,600 bytes libres
.
- - End Of File - - CE237D6FC6B89B82A44938387303D1DA

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 26 May 2012 - 01:56 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 TomasPescod

TomasPescod
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 26 May 2012 - 10:23 PM

TDSS Log:

20:20:26.0281 4280 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
20:20:26.0971 4280 ============================================================
20:20:26.0971 4280 Current date / time: 2012/05/26 20:20:26.0971
20:20:26.0971 4280 SystemInfo:
20:20:26.0971 4280
20:20:26.0971 4280 OS Version: 6.1.7601 ServicePack: 1.0
20:20:26.0971 4280 Product type: Workstation
20:20:26.0971 4280 ComputerName: TOMASPESCOD-PC
20:20:26.0971 4280 UserName: Tomas Pescod
20:20:26.0971 4280 Windows directory: C:\Windows
20:20:26.0971 4280 System windows directory: C:\Windows
20:20:26.0971 4280 Running under WOW64
20:20:26.0971 4280 Processor architecture: Intel x64
20:20:26.0971 4280 Number of processors: 8
20:20:26.0971 4280 Page size: 0x1000
20:20:26.0971 4280 Boot type: Normal boot
20:20:26.0971 4280 ============================================================
20:20:27.0403 4280 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:20:27.0413 4280 ============================================================
20:20:27.0413 4280 \Device\Harddisk0\DR0:
20:20:27.0413 4280 MBR partitions:
20:20:27.0413 4280 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
20:20:27.0413 4280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
20:20:27.0413 4280 ============================================================
20:20:27.0431 4280 C: <-> \Device\Harddisk0\DR0\Partition1
20:20:27.0431 4280 ============================================================
20:20:27.0431 4280 Initialize success
20:20:27.0431 4280 ============================================================
20:20:34.0955 0364 ============================================================
20:20:34.0955 0364 Scan started
20:20:34.0955 0364 Mode: Manual;
20:20:34.0955 0364 ============================================================
20:20:35.0296 0364 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:20:35.0297 0364 !SASCORE - ok
20:20:35.0505 0364 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:20:35.0516 0364 1394ohci - ok
20:20:35.0547 0364 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
20:20:35.0548 0364 Acceler - ok
20:20:35.0594 0364 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:20:35.0608 0364 ACPI - ok
20:20:35.0620 0364 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:20:35.0622 0364 AcpiPmi - ok
20:20:35.0688 0364 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:20:35.0728 0364 adp94xx - ok
20:20:35.0759 0364 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:20:35.0775 0364 adpahci - ok
20:20:35.0802 0364 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:20:35.0814 0364 adpu320 - ok
20:20:35.0838 0364 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:20:35.0838 0364 AeLookupSvc - ok
20:20:35.0978 0364 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f701f161b383d4ba\AESTSr64.exe
20:20:35.0979 0364 AESTFilters - ok
20:20:36.0055 0364 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:20:36.0079 0364 AFD - ok
20:20:36.0121 0364 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:20:36.0123 0364 agp440 - ok
20:20:36.0137 0364 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:20:36.0140 0364 ALG - ok
20:20:36.0209 0364 AlienFusionService (a99e57669390f265d25288c8ba042d78) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
20:20:36.0209 0364 AlienFusionService - ok
20:20:36.0238 0364 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:20:36.0240 0364 aliide - ok
20:20:36.0279 0364 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:20:36.0281 0364 amdide - ok
20:20:36.0327 0364 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:20:36.0330 0364 AmdK8 - ok
20:20:36.0359 0364 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:20:36.0362 0364 AmdPPM - ok
20:20:36.0396 0364 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:20:36.0399 0364 amdsata - ok
20:20:36.0422 0364 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:20:36.0436 0364 amdsbs - ok
20:20:36.0455 0364 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:20:36.0455 0364 amdxata - ok
20:20:36.0507 0364 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys
20:20:36.0510 0364 Andbus - ok
20:20:36.0549 0364 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys
20:20:36.0551 0364 AndDiag - ok
20:20:36.0587 0364 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys
20:20:36.0589 0364 AndGps - ok
20:20:36.0624 0364 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys
20:20:36.0626 0364 ANDModem - ok
20:20:36.0666 0364 AndNetDiag (d8bec1647090125f4f54d7736eb535dc) C:\Windows\system32\DRIVERS\lgandnetdiag64.sys
20:20:36.0669 0364 AndNetDiag - ok
20:20:36.0710 0364 AndNetGps (046c59219d9ca71e70cb2ff9da6759a0) C:\Windows\system32\DRIVERS\lgandnetgps64.sys
20:20:36.0715 0364 AndNetGps - ok
20:20:36.0751 0364 ANDNetModem (fbaf1152c1f21350a18ed649b40eb302) C:\Windows\system32\DRIVERS\lgandnetmodem64.sys
20:20:36.0753 0364 ANDNetModem - ok
20:20:36.0792 0364 andnetndis (8eb80475499f2634f1d30d41bf699189) C:\Windows\system32\DRIVERS\lgandnetndis64.sys
20:20:36.0795 0364 andnetndis - ok
20:20:36.0856 0364 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:20:36.0858 0364 AppID - ok
20:20:36.0881 0364 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:20:36.0883 0364 AppIDSvc - ok
20:20:36.0925 0364 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:20:36.0925 0364 Appinfo - ok
20:20:36.0985 0364 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:20:36.0988 0364 arc - ok
20:20:37.0023 0364 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:20:37.0025 0364 arcsas - ok
20:20:37.0055 0364 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:20:37.0057 0364 AsyncMac - ok
20:20:37.0106 0364 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:20:37.0107 0364 atapi - ok
20:20:37.0188 0364 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:20:37.0191 0364 AudioEndpointBuilder - ok
20:20:37.0196 0364 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:20:37.0199 0364 AudioSrv - ok
20:20:37.0265 0364 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:20:37.0268 0364 AxInstSV - ok
20:20:37.0309 0364 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:20:37.0343 0364 b06bdrv - ok
20:20:37.0393 0364 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:20:37.0408 0364 b57nd60a - ok
20:20:37.0464 0364 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:20:37.0467 0364 BDESVC - ok
20:20:37.0482 0364 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:20:37.0484 0364 Beep - ok
20:20:37.0566 0364 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:20:37.0569 0364 BFE - ok
20:20:37.0674 0364 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:20:37.0678 0364 BITS - ok
20:20:37.0739 0364 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:20:37.0742 0364 blbdrive - ok
20:20:37.0781 0364 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:20:37.0783 0364 bowser - ok
20:20:37.0806 0364 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:20:37.0808 0364 BrFiltLo - ok
20:20:37.0817 0364 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:20:37.0819 0364 BrFiltUp - ok
20:20:37.0848 0364 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:20:37.0851 0364 BridgeMP - ok
20:20:37.0905 0364 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:20:37.0906 0364 Browser - ok
20:20:37.0938 0364 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:20:37.0948 0364 Brserid - ok
20:20:37.0964 0364 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:20:37.0966 0364 BrSerWdm - ok
20:20:37.0980 0364 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:20:37.0982 0364 BrUsbMdm - ok
20:20:37.0994 0364 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:20:37.0996 0364 BrUsbSer - ok
20:20:38.0040 0364 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:20:38.0042 0364 BthEnum - ok
20:20:38.0063 0364 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:20:38.0065 0364 BTHMODEM - ok
20:20:38.0091 0364 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:20:38.0094 0364 BthPan - ok
20:20:38.0157 0364 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
20:20:38.0179 0364 BTHPORT - ok
20:20:38.0223 0364 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:20:38.0224 0364 bthserv - ok
20:20:38.0243 0364 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
20:20:38.0246 0364 BTHUSB - ok
20:20:38.0266 0364 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
20:20:38.0266 0364 btwaudio - ok
20:20:38.0288 0364 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
20:20:38.0289 0364 btwavdt - ok
20:20:38.0418 0364 btwdins (6dde1e97be4d50253dfb9090a6a62524) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:20:38.0422 0364 btwdins - ok
20:20:38.0453 0364 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:20:38.0453 0364 btwl2cap - ok
20:20:38.0468 0364 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
20:20:38.0469 0364 btwrchid - ok
20:20:38.0471 0364 catchme - ok
20:20:38.0517 0364 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:20:38.0520 0364 cdfs - ok
20:20:38.0580 0364 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:20:38.0587 0364 cdrom - ok
20:20:38.0645 0364 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:20:38.0647 0364 CertPropSvc - ok
20:20:38.0674 0364 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:20:38.0676 0364 circlass - ok
20:20:38.0734 0364 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:20:38.0748 0364 CLFS - ok
20:20:38.0872 0364 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:20:38.0875 0364 clr_optimization_v2.0.50727_32 - ok
20:20:38.0934 0364 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:20:38.0937 0364 clr_optimization_v2.0.50727_64 - ok
20:20:39.0074 0364 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:20:39.0082 0364 clr_optimization_v4.0.30319_32 - ok
20:20:39.0128 0364 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:20:39.0136 0364 clr_optimization_v4.0.30319_64 - ok
20:20:39.0169 0364 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:20:39.0171 0364 CmBatt - ok
20:20:39.0203 0364 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:20:39.0205 0364 cmdide - ok
20:20:39.0278 0364 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:20:39.0295 0364 CNG - ok
20:20:39.0318 0364 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:20:39.0318 0364 Compbatt - ok
20:20:39.0363 0364 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:20:39.0366 0364 CompositeBus - ok
20:20:39.0376 0364 COMSysApp - ok
20:20:39.0401 0364 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:20:39.0403 0364 crcdisk - ok
20:20:39.0464 0364 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:20:39.0465 0364 CryptSvc - ok
20:20:39.0532 0364 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:20:39.0535 0364 DcomLaunch - ok
20:20:39.0577 0364 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:20:39.0579 0364 defragsvc - ok
20:20:39.0619 0364 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:20:39.0621 0364 DfsC - ok
20:20:39.0664 0364 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:20:39.0666 0364 Dhcp - ok
20:20:39.0680 0364 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:20:39.0681 0364 discache - ok
20:20:39.0713 0364 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:20:39.0715 0364 Disk - ok
20:20:39.0762 0364 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:20:39.0763 0364 Dnscache - ok
20:20:39.0803 0364 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:20:39.0814 0364 dot3svc - ok
20:20:39.0855 0364 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:20:39.0856 0364 DPS - ok
20:20:39.0895 0364 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:20:39.0897 0364 drmkaud - ok
20:20:39.0972 0364 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:20:39.0977 0364 DXGKrnl - ok
20:20:40.0040 0364 e1kexpress (04dddea79b9e616f50b9132752f656fc) C:\Windows\system32\DRIVERS\e1k62x64.sys
20:20:40.0041 0364 e1kexpress - ok
20:20:40.0086 0364 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:20:40.0087 0364 EapHost - ok
20:20:40.0328 0364 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:20:40.0394 0364 ebdrv - ok
20:20:40.0547 0364 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:20:40.0547 0364 EFS - ok
20:20:40.0636 0364 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:20:40.0659 0364 ehRecvr - ok
20:20:40.0709 0364 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:20:40.0717 0364 ehSched - ok
20:20:40.0801 0364 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:20:40.0830 0364 elxstor - ok
20:20:40.0859 0364 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:20:40.0860 0364 ErrDev - ok
20:20:40.0922 0364 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:20:40.0924 0364 EventSystem - ok
20:20:40.0989 0364 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:20:41.0003 0364 exfat - ok
20:20:41.0043 0364 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
20:20:41.0054 0364 FACAP - ok
20:20:41.0281 0364 FAService (53e30a6e86aa93c0ffc0bc0439e3e636) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
20:20:41.0291 0364 FAService - ok
20:20:41.0437 0364 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:20:41.0450 0364 fastfat - ok
20:20:41.0536 0364 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:20:41.0559 0364 Fax - ok
20:20:41.0574 0364 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:20:41.0576 0364 fdc - ok
20:20:41.0601 0364 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:20:41.0602 0364 fdPHost - ok
20:20:41.0631 0364 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:20:41.0631 0364 FDResPub - ok
20:20:41.0654 0364 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:20:41.0656 0364 FileInfo - ok
20:20:41.0672 0364 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:20:41.0674 0364 Filetrace - ok
20:20:41.0688 0364 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:20:41.0691 0364 flpydisk - ok
20:20:41.0785 0364 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:20:41.0795 0364 FltMgr - ok
20:20:41.0899 0364 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:20:41.0905 0364 FontCache - ok
20:20:42.0018 0364 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:20:42.0020 0364 FontCache3.0.0.0 - ok
20:20:42.0046 0364 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:20:42.0047 0364 FsDepends - ok
20:20:42.0088 0364 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:20:42.0088 0364 Fs_Rec - ok
20:20:42.0133 0364 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:20:42.0144 0364 fvevol - ok
20:20:42.0178 0364 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:20:42.0180 0364 gagp30kx - ok
20:20:42.0277 0364 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
20:20:42.0280 0364 getPlusHelper - ok
20:20:42.0380 0364 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:20:42.0384 0364 gpsvc - ok
20:20:42.0479 0364 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:20:42.0480 0364 gupdate - ok
20:20:42.0500 0364 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:20:42.0501 0364 gupdatem - ok
20:20:42.0521 0364 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:20:42.0523 0364 hcw85cir - ok
20:20:42.0591 0364 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:20:42.0606 0364 HdAudAddService - ok
20:20:42.0641 0364 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:20:42.0648 0364 HDAudBus - ok
20:20:42.0667 0364 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:20:42.0669 0364 HidBatt - ok
20:20:42.0691 0364 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:20:42.0694 0364 HidBth - ok
20:20:42.0725 0364 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:20:42.0727 0364 HidIr - ok
20:20:42.0753 0364 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:20:42.0754 0364 hidserv - ok
20:20:42.0784 0364 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:20:42.0786 0364 HidUsb - ok
20:20:42.0812 0364 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:20:42.0815 0364 hkmsvc - ok
20:20:42.0889 0364 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:20:42.0890 0364 HomeGroupListener - ok
20:20:42.0933 0364 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:20:42.0934 0364 HomeGroupProvider - ok
20:20:42.0967 0364 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:20:42.0969 0364 HpSAMD - ok
20:20:43.0046 0364 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:20:43.0074 0364 HTTP - ok
20:20:43.0124 0364 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:20:43.0125 0364 hwpolicy - ok
20:20:43.0145 0364 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:20:43.0148 0364 i8042prt - ok
20:20:43.0258 0364 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:20:43.0260 0364 IAANTMON - ok
20:20:43.0309 0364 IAMTVE (87a72502c8ac5e89b5a46ff6e874f5c5) C:\Windows\system32\DRIVERS\IAMTVE.sys
20:20:43.0311 0364 IAMTVE - ok
20:20:43.0354 0364 IAMTXPE (5516f8e518a2f6a8755498f3e73957cf) C:\Windows\system32\DRIVERS\IAMTXPE.sys
20:20:43.0357 0364 IAMTXPE - ok
20:20:43.0402 0364 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
20:20:43.0404 0364 iaStor - ok
20:20:43.0461 0364 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:20:43.0489 0364 iaStorV - ok
20:20:43.0616 0364 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:20:43.0647 0364 idsvc - ok
20:20:43.0679 0364 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:20:43.0681 0364 iirsp - ok
20:20:43.0770 0364 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:20:43.0774 0364 IKEEXT - ok
20:20:43.0814 0364 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:20:43.0816 0364 intelide - ok
20:20:43.0839 0364 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:20:43.0840 0364 intelppm - ok
20:20:43.0884 0364 ioatdma (3db35c88389e3a21adeb4a6cfc4075f9) C:\Windows\System32\Drivers\qd260x64.sys
20:20:43.0886 0364 ioatdma - ok
20:20:43.0901 0364 ioatdma1 (127f0a7586acec7b83131bff2b4394c1) C:\Windows\System32\Drivers\qd162x64.sys
20:20:43.0904 0364 ioatdma1 - ok
20:20:43.0916 0364 ioatdma2 (70cc19b5c076f8497cab4a77d6500e8a) C:\Windows\System32\Drivers\qd262x64.sys
20:20:43.0918 0364 ioatdma2 - ok
20:20:43.0956 0364 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:20:43.0960 0364 IPBusEnum - ok
20:20:43.0987 0364 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:20:43.0989 0364 IpFilterDriver - ok
20:20:44.0078 0364 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:20:44.0081 0364 iphlpsvc - ok
20:20:44.0117 0364 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:20:44.0120 0364 IPMIDRV - ok
20:20:44.0137 0364 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:20:44.0145 0364 IPNAT - ok
20:20:44.0175 0364 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:20:44.0177 0364 IRENUM - ok
20:20:44.0214 0364 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:20:44.0216 0364 isapnp - ok
20:20:44.0247 0364 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:20:44.0258 0364 iScsiPrt - ok
20:20:44.0292 0364 iSSetup (5a7dd313752f3252ddfc56334e3f2b4f) C:\Windows\system32\DRIVERS\iSSetup.sys
20:20:44.0300 0364 iSSetup - ok
20:20:44.0349 0364 itecir (9291643b494f87bfdac95a524f69e737) C:\Windows\system32\DRIVERS\itecir.sys
20:20:44.0351 0364 itecir - ok
20:20:44.0379 0364 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:20:44.0379 0364 kbdclass - ok
20:20:44.0402 0364 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:20:44.0404 0364 kbdhid - ok
20:20:44.0433 0364 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:20:44.0433 0364 KeyIso - ok
20:20:44.0449 0364 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:20:44.0452 0364 KSecDD - ok
20:20:44.0469 0364 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:20:44.0476 0364 KSecPkg - ok
20:20:44.0502 0364 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:20:44.0504 0364 ksthunk - ok
20:20:44.0551 0364 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:20:44.0565 0364 KtmRm - ok
20:20:44.0607 0364 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:20:44.0609 0364 LanmanServer - ok
20:20:44.0648 0364 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:20:44.0649 0364 LanmanWorkstation - ok
20:20:44.0689 0364 LHidFilt (aa3d903c5a7538803f2400a8391f1881) C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:20:44.0691 0364 LHidFilt - ok
20:20:44.0728 0364 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:20:44.0731 0364 lltdio - ok
20:20:44.0778 0364 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:20:44.0794 0364 lltdsvc - ok
20:20:44.0820 0364 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:20:44.0821 0364 lmhosts - ok
20:20:44.0845 0364 LMouFilt (90b4b2b0b5f05abb9fb365405a7b825b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:20:44.0847 0364 LMouFilt - ok
20:20:44.0899 0364 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:20:44.0902 0364 LSI_FC - ok
20:20:44.0918 0364 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:20:44.0928 0364 LSI_SAS - ok
20:20:44.0945 0364 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:20:44.0948 0364 LSI_SAS2 - ok
20:20:44.0962 0364 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:20:44.0965 0364 LSI_SCSI - ok
20:20:44.0984 0364 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:20:44.0987 0364 luafv - ok
20:20:45.0050 0364 MAFW (3404abc72d1075b171231d4169207312) C:\Windows\system32\DRIVERS\mafw.sys
20:20:45.0062 0364 MAFW - ok
20:20:45.0104 0364 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:20:45.0107 0364 Mcx2Svc - ok
20:20:45.0118 0364 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:20:45.0121 0364 megasas - ok
20:20:45.0154 0364 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:20:45.0169 0364 MegaSR - ok
20:20:45.0206 0364 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:20:45.0208 0364 MMCSS - ok
20:20:45.0217 0364 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:20:45.0219 0364 Modem - ok
20:20:45.0244 0364 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:20:45.0245 0364 monitor - ok
20:20:45.0305 0364 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:20:45.0306 0364 mouclass - ok
20:20:45.0333 0364 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:20:45.0336 0364 mouhid - ok
20:20:45.0375 0364 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:20:45.0377 0364 mountmgr - ok
20:20:45.0403 0364 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:20:45.0412 0364 mpio - ok
20:20:45.0430 0364 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:20:45.0432 0364 mpsdrv - ok
20:20:45.0537 0364 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:20:45.0541 0364 MpsSvc - ok
20:20:45.0586 0364 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:20:45.0594 0364 MRxDAV - ok
20:20:45.0630 0364 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:20:45.0650 0364 mrxsmb - ok
20:20:45.0701 0364 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:20:45.0714 0364 mrxsmb10 - ok
20:20:45.0737 0364 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:20:45.0745 0364 mrxsmb20 - ok
20:20:45.0772 0364 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:20:45.0773 0364 msahci - ok
20:20:45.0809 0364 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:20:45.0818 0364 msdsm - ok
20:20:45.0860 0364 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:20:45.0864 0364 MSDTC - ok
20:20:45.0903 0364 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:20:45.0903 0364 Msfs - ok
20:20:45.0924 0364 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:20:45.0926 0364 mshidkmdf - ok
20:20:45.0938 0364 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:20:45.0938 0364 msisadrv - ok
20:20:45.0976 0364 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:20:45.0989 0364 MSiSCSI - ok
20:20:45.0992 0364 msiserver - ok
20:20:46.0018 0364 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:20:46.0020 0364 MSKSSRV - ok
20:20:46.0027 0364 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:20:46.0029 0364 MSPCLOCK - ok
20:20:46.0035 0364 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:20:46.0036 0364 MSPQM - ok
20:20:46.0090 0364 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:20:46.0103 0364 MsRPC - ok
20:20:46.0171 0364 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:20:46.0172 0364 mssmbios - ok
20:20:46.0190 0364 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:20:46.0192 0364 MSTEE - ok
20:20:46.0202 0364 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:20:46.0205 0364 MTConfig - ok
20:20:46.0220 0364 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:20:46.0221 0364 Mup - ok
20:20:46.0269 0364 NAL (dfd81776f4cbdbdaec684e6d8e8f5cf5) C:\Windows\system32\Drivers\iqvw64e.sys
20:20:46.0271 0364 NAL - ok
20:20:46.0333 0364 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:20:46.0357 0364 napagent - ok
20:20:46.0402 0364 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:20:46.0419 0364 NativeWifiP - ok
20:20:46.0521 0364 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:20:46.0546 0364 NDIS - ok
20:20:46.0573 0364 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:20:46.0575 0364 NdisCap - ok
20:20:46.0600 0364 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:20:46.0603 0364 NdisTapi - ok
20:20:46.0643 0364 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:20:46.0645 0364 Ndisuio - ok
20:20:46.0684 0364 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:20:46.0696 0364 NdisWan - ok
20:20:46.0742 0364 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:20:46.0744 0364 NDProxy - ok
20:20:46.0891 0364 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:20:46.0896 0364 Nero BackItUp Scheduler 4.0 - ok
20:20:46.0919 0364 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:20:46.0920 0364 NetBIOS - ok
20:20:46.0967 0364 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:20:46.0979 0364 NetBT - ok
20:20:47.0022 0364 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:20:47.0023 0364 Netlogon - ok
20:20:47.0088 0364 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:20:47.0090 0364 Netman - ok
20:20:47.0138 0364 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:20:47.0141 0364 netprofm - ok
20:20:47.0235 0364 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:20:47.0238 0364 NetTcpPortSharing - ok
20:20:47.0679 0364 NETw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\NETw5v64.sys
20:20:47.0802 0364 NETw5v64 - ok
20:20:48.0013 0364 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:20:48.0015 0364 nfrd960 - ok
20:20:48.0076 0364 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:20:48.0078 0364 NlaSvc - ok
20:20:48.0096 0364 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:20:48.0096 0364 Npfs - ok
20:20:48.0112 0364 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:20:48.0113 0364 nsi - ok
20:20:48.0130 0364 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:20:48.0130 0364 nsiproxy - ok
20:20:48.0265 0364 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:20:48.0300 0364 Ntfs - ok
20:20:48.0374 0364 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:20:48.0376 0364 Null - ok
20:20:49.0217 0364 nvlddmkm (ff02bae39d23bb74959f6f49bbd589d3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:20:49.0269 0364 nvlddmkm - ok
20:20:49.0375 0364 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:20:49.0388 0364 nvraid - ok
20:20:49.0411 0364 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:20:49.0424 0364 nvstor - ok
20:20:49.0461 0364 nvsvc (7c1ad7110624b1b546cdc752486ae9fa) C:\Windows\system32\nvvsvc.exe
20:20:49.0464 0364 nvsvc - ok
20:20:49.0486 0364 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:20:49.0495 0364 nv_agp - ok
20:20:49.0526 0364 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:20:49.0529 0364 ohci1394 - ok
20:20:49.0581 0364 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:20:49.0583 0364 p2pimsvc - ok
20:20:49.0639 0364 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:20:49.0641 0364 p2psvc - ok
20:20:49.0673 0364 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:20:49.0675 0364 Parport - ok
20:20:49.0709 0364 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:20:49.0711 0364 partmgr - ok
20:20:49.0736 0364 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:20:49.0737 0364 PcaSvc - ok
20:20:49.0762 0364 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:20:49.0774 0364 pci - ok
20:20:49.0793 0364 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:20:49.0795 0364 pciide - ok
20:20:49.0817 0364 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:20:49.0830 0364 pcmcia - ok
20:20:49.0850 0364 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:20:49.0850 0364 pcw - ok
20:20:49.0904 0364 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:20:49.0920 0364 PEAUTH - ok
20:20:50.0003 0364 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:20:50.0005 0364 PerfHost - ok
20:20:50.0131 0364 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:20:50.0160 0364 pla - ok
20:20:50.0221 0364 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:20:50.0224 0364 PlugPlay - ok
20:20:50.0236 0364 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:20:50.0239 0364 PNRPAutoReg - ok
20:20:50.0274 0364 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:20:50.0276 0364 PNRPsvc - ok
20:20:50.0321 0364 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:20:50.0324 0364 PolicyAgent - ok
20:20:50.0368 0364 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:20:50.0370 0364 Power - ok
20:20:50.0459 0364 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:20:50.0461 0364 PptpMiniport - ok
20:20:50.0496 0364 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:20:50.0498 0364 Processor - ok
20:20:50.0526 0364 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:20:50.0527 0364 ProfSvc - ok
20:20:50.0554 0364 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:20:50.0554 0364 ProtectedStorage - ok
20:20:50.0593 0364 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:20:50.0595 0364 Psched - ok
20:20:50.0705 0364 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:20:50.0737 0364 ql2300 - ok
20:20:50.0863 0364 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:20:50.0866 0364 ql40xx - ok
20:20:50.0906 0364 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:20:50.0919 0364 QWAVE - ok
20:20:50.0929 0364 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:20:50.0932 0364 QWAVEdrv - ok
20:20:50.0947 0364 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:20:50.0949 0364 RasAcd - ok
20:20:50.0996 0364 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:20:50.0999 0364 RasAgileVpn - ok
20:20:51.0011 0364 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:20:51.0014 0364 RasAuto - ok
20:20:51.0058 0364 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:20:51.0066 0364 Rasl2tp - ok
20:20:51.0118 0364 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:20:51.0120 0364 RasMan - ok
20:20:51.0154 0364 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:20:51.0156 0364 RasPppoe - ok
20:20:51.0171 0364 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:20:51.0173 0364 RasSstp - ok
20:20:51.0207 0364 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:20:51.0221 0364 rdbss - ok
20:20:51.0237 0364 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:20:51.0238 0364 rdpbus - ok
20:20:51.0265 0364 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:20:51.0265 0364 RDPCDD - ok
20:20:51.0275 0364 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:20:51.0275 0364 RDPENCDD - ok
20:20:51.0287 0364 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:20:51.0288 0364 RDPREFMP - ok
20:20:51.0338 0364 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:20:51.0349 0364 RDPWD - ok
20:20:51.0394 0364 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:20:51.0406 0364 rdyboost - ok
20:20:51.0439 0364 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:20:51.0442 0364 RemoteAccess - ok
20:20:51.0480 0364 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:20:51.0494 0364 RemoteRegistry - ok
20:20:51.0536 0364 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:20:51.0544 0364 RFCOMM - ok
20:20:51.0664 0364 RichVideo (8cfca7e2fd4b57c2bef929c1c1a4c56e) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
20:20:51.0665 0364 RichVideo - ok
20:20:51.0697 0364 rimmptsk (cb7c996f3878e936bfdd9cdfe6a3a987) C:\Windows\system32\DRIVERS\rimmpx64.sys
20:20:51.0699 0364 rimmptsk - ok
20:20:51.0728 0364 rimsptsk (2c543f0e04b5f6fd5c17509d0ece6d1d) C:\Windows\system32\DRIVERS\rimspx64.sys
20:20:51.0730 0364 rimsptsk - ok
20:20:51.0740 0364 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
20:20:51.0741 0364 rismxdp - ok
20:20:51.0753 0364 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:20:51.0754 0364 RpcEptMapper - ok
20:20:51.0779 0364 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:20:51.0781 0364 RpcLocator - ok
20:20:51.0850 0364 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:20:51.0853 0364 RpcSs - ok
20:20:51.0884 0364 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:20:51.0886 0364 rspndr - ok
20:20:51.0915 0364 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:20:51.0916 0364 SamSs - ok
20:20:51.0994 0364 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:20:51.0994 0364 SASDIFSV - ok
20:20:52.0017 0364 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:20:52.0017 0364 SASKUTIL - ok
20:20:52.0054 0364 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:20:52.0056 0364 sbp2port - ok
20:20:52.0263 0364 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:20:52.0268 0364 SBSDWSCService - ok
20:20:52.0308 0364 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:20:52.0323 0364 SCardSvr - ok
20:20:52.0389 0364 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:20:52.0392 0364 scfilter - ok
20:20:52.0488 0364 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:20:52.0494 0364 Schedule - ok
20:20:52.0529 0364 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:20:52.0530 0364 SCPolicySvc - ok
20:20:52.0574 0364 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:20:52.0577 0364 sdbus - ok
20:20:52.0609 0364 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:20:52.0624 0364 SDRSVC - ok
20:20:52.0662 0364 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:20:52.0663 0364 secdrv - ok
20:20:52.0699 0364 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:20:52.0700 0364 seclogon - ok
20:20:52.0716 0364 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:20:52.0718 0364 SENS - ok
20:20:52.0738 0364 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:20:52.0740 0364 SensrSvc - ok
20:20:52.0753 0364 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:20:52.0755 0364 Serenum - ok
20:20:52.0792 0364 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:20:52.0794 0364 Serial - ok
20:20:52.0807 0364 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:20:52.0809 0364 sermouse - ok
20:20:52.0851 0364 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:20:52.0854 0364 SessionEnv - ok
20:20:52.0876 0364 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:20:52.0878 0364 sffdisk - ok
20:20:52.0890 0364 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:20:52.0892 0364 sffp_mmc - ok
20:20:52.0899 0364 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:20:52.0900 0364 sffp_sd - ok
20:20:52.0915 0364 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:20:52.0917 0364 sfloppy - ok
20:20:53.0045 0364 SftService (7f475425582163602ef1589c0071e521) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:20:53.0048 0364 SftService - ok
20:20:53.0137 0364 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:20:53.0150 0364 SharedAccess - ok
20:20:53.0212 0364 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:20:53.0215 0364 ShellHWDetection - ok
20:20:53.0295 0364 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:20:53.0297 0364 SiSRaid2 - ok
20:20:53.0314 0364 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:20:53.0316 0364 SiSRaid4 - ok
20:20:53.0338 0364 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:20:53.0341 0364 Smb - ok
20:20:53.0379 0364 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:20:53.0382 0364 SNMPTRAP - ok
20:20:53.0391 0364 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:20:53.0391 0364 spldr - ok
20:20:53.0438 0364 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:20:53.0441 0364 Spooler - ok
20:20:53.0710 0364 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:20:53.0727 0364 sppsvc - ok
20:20:53.0848 0364 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:20:53.0852 0364 sppuinotify - ok
20:20:53.0922 0364 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:20:53.0937 0364 srv - ok
20:20:53.0976 0364 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:20:53.0989 0364 srv2 - ok
20:20:54.0036 0364 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:20:54.0047 0364 srvnet - ok
20:20:54.0085 0364 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:20:54.0087 0364 SSDPSRV - ok
20:20:54.0100 0364 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:20:54.0102 0364 SstpSvc - ok
20:20:54.0221 0364 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f701f161b383d4ba\STacSV64.exe
20:20:54.0222 0364 STacSV - ok
20:20:54.0256 0364 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:20:54.0258 0364 stexstor - ok
20:20:54.0300 0364 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
20:20:54.0316 0364 STHDA - ok
20:20:54.0397 0364 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:20:54.0401 0364 stisvc - ok
20:20:54.0431 0364 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:20:54.0432 0364 swenum - ok
20:20:54.0493 0364 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:20:54.0515 0364 swprv - ok
20:20:54.0552 0364 SynTP (5fc807012e52cf66ca357795039b4e32) C:\Windows\system32\DRIVERS\SynTP.sys
20:20:54.0553 0364 SynTP - ok
20:20:54.0696 0364 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:20:54.0704 0364 SysMain - ok
20:20:54.0845 0364 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:20:54.0848 0364 TabletInputService - ok
20:20:54.0881 0364 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:20:54.0883 0364 TapiSrv - ok
20:20:54.0911 0364 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:20:54.0915 0364 TBS - ok
20:20:55.0098 0364 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:20:55.0144 0364 Tcpip - ok
20:20:55.0355 0364 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:20:55.0364 0364 TCPIP6 - ok
20:20:55.0477 0364 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:20:55.0479 0364 tcpipreg - ok
20:20:55.0504 0364 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:20:55.0506 0364 TDPIPE - ok
20:20:55.0532 0364 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:20:55.0533 0364 TDTCP - ok
20:20:55.0575 0364 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:20:55.0577 0364 tdx - ok
20:20:55.0625 0364 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:20:55.0625 0364 TermDD - ok
20:20:55.0683 0364 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:20:55.0701 0364 TermService - ok
20:20:55.0724 0364 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:20:55.0726 0364 Themes - ok
20:20:55.0766 0364 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:20:55.0767 0364 THREADORDER - ok
20:20:55.0783 0364 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:20:55.0785 0364 TrkWks - ok
20:20:55.0855 0364 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:20:55.0870 0364 TrustedInstaller - ok
20:20:55.0904 0364 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:20:55.0906 0364 tssecsrv - ok
20:20:55.0959 0364 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:20:55.0962 0364 TsUsbFlt - ok
20:20:56.0001 0364 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:20:56.0009 0364 tunnel - ok
20:20:56.0039 0364 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:20:56.0042 0364 uagp35 - ok
20:20:56.0073 0364 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:20:56.0089 0364 udfs - ok
20:20:56.0117 0364 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:20:56.0118 0364 UI0Detect - ok
20:20:56.0159 0364 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:20:56.0161 0364 uliagpkx - ok
20:20:56.0195 0364 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:20:56.0197 0364 umbus - ok
20:20:56.0209 0364 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:20:56.0211 0364 UmPass - ok
20:20:56.0250 0364 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:20:56.0253 0364 upnphost - ok
20:20:56.0285 0364 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:20:56.0287 0364 usbccgp - ok
20:20:56.0310 0364 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:20:56.0313 0364 usbcir - ok
20:20:56.0329 0364 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:20:56.0331 0364 usbehci - ok
20:20:56.0378 0364 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:20:56.0394 0364 usbhub - ok
20:20:56.0409 0364 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:20:56.0411 0364 usbohci - ok
20:20:56.0428 0364 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:20:56.0430 0364 usbprint - ok
20:20:56.0452 0364 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:20:56.0455 0364 USBSTOR - ok
20:20:56.0471 0364 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:20:56.0473 0364 usbuhci - ok
20:20:56.0513 0364 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:20:56.0528 0364 usbvideo - ok
20:20:56.0543 0364 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:20:56.0544 0364 UxSms - ok
20:20:56.0575 0364 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:20:56.0576 0364 VaultSvc - ok
20:20:56.0600 0364 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:20:56.0600 0364 vdrvroot - ok
20:20:56.0669 0364 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:20:56.0682 0364 vds - ok
20:20:56.0695 0364 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:20:56.0697 0364 vga - ok
20:20:56.0709 0364 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:20:56.0711 0364 VgaSave - ok
20:20:56.0744 0364 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:20:56.0756 0364 vhdmp - ok
20:20:56.0786 0364 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:20:56.0788 0364 viaide - ok
20:20:56.0805 0364 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:20:56.0807 0364 volmgr - ok
20:20:56.0867 0364 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:20:56.0880 0364 volmgrx - ok
20:20:56.0924 0364 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:20:56.0938 0364 volsnap - ok
20:20:56.0973 0364 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:20:56.0985 0364 vsmraid - ok
20:20:57.0118 0364 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:20:57.0169 0364 VSS - ok
20:20:57.0306 0364 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:20:57.0309 0364 vwifibus - ok
20:20:57.0369 0364 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:20:57.0381 0364 W32Time - ok
20:20:57.0398 0364 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:20:57.0400 0364 WacomPen - ok
20:20:57.0447 0364 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:20:57.0449 0364 WANARP - ok
20:20:57.0452 0364 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:20:57.0452 0364 Wanarpv6 - ok
20:20:57.0581 0364 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:20:57.0609 0364 WatAdminSvc - ok
20:20:57.0737 0364 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:20:57.0819 0364 wbengine - ok
20:20:57.0981 0364 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:20:57.0994 0364 WbioSrvc - ok
20:20:58.0054 0364 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:20:58.0067 0364 wcncsvc - ok
20:20:58.0087 0364 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:20:58.0089 0364 WcsPlugInService - ok
20:20:58.0123 0364 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:20:58.0124 0364 Wd - ok
20:20:58.0181 0364 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:20:58.0196 0364 Wdf01000 - ok
20:20:58.0214 0364 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:20:58.0216 0364 WdiServiceHost - ok
20:20:58.0218 0364 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:20:58.0219 0364 WdiSystemHost - ok
20:20:58.0252 0364 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:20:58.0267 0364 WebClient - ok
20:20:58.0292 0364 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:20:58.0304 0364 Wecsvc - ok
20:20:58.0326 0364 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:20:58.0329 0364 wercplsupport - ok
20:20:58.0358 0364 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:20:58.0359 0364 WerSvc - ok
20:20:58.0377 0364 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:20:58.0379 0364 WfpLwf - ok
20:20:58.0425 0364 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
20:20:58.0438 0364 WimFltr - ok
20:20:58.0447 0364 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:20:58.0449 0364 WIMMount - ok
20:20:58.0473 0364 WinDefend - ok
20:20:58.0477 0364 WinHttpAutoProxySvc - ok
20:20:58.0548 0364 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:20:58.0549 0364 Winmgmt - ok
20:20:58.0716 0364 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:20:58.0754 0364 WinRM - ok
20:20:58.0972 0364 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:20:58.0977 0364 Wlansvc - ok
20:20:59.0039 0364 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
20:20:59.0040 0364 WmBEnum - ok
20:20:59.0061 0364 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
20:20:59.0063 0364 WmFilter - ok
20:20:59.0107 0364 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:20:59.0109 0364 WmiAcpi - ok
20:20:59.0179 0364 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:20:59.0192 0364 wmiApSrv - ok
20:20:59.0220 0364 WMPNetworkSvc - ok
20:20:59.0230 0364 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
20:20:59.0231 0364 WmVirHid - ok
20:20:59.0244 0364 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
20:20:59.0245 0364 WmXlCore - ok
20:20:59.0273 0364 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:20:59.0276 0364 WPCSvc - ok
20:20:59.0310 0364 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:20:59.0312 0364 WPDBusEnum - ok
20:20:59.0339 0364 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:20:59.0339 0364 ws2ifsl - ok
20:20:59.0368 0364 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:20:59.0369 0364 wscsvc - ok
20:20:59.0372 0364 WSearch - ok
20:20:59.0553 0364 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:20:59.0565 0364 wuauserv - ok
20:20:59.0730 0364 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:20:59.0733 0364 WudfPf - ok
20:20:59.0769 0364 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:20:59.0782 0364 WUDFRd - ok
20:20:59.0822 0364 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:20:59.0824 0364 wudfsvc - ok
20:20:59.0852 0364 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:20:59.0863 0364 WwanSvc - ok
20:20:59.0987 0364 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
20:20:59.0988 0364 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
20:21:00.0002 0364 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:21:00.0318 0364 \Device\Harddisk0\DR0 - ok
20:21:00.0321 0364 Boot (0x1200) (e1b6d15ff28ceae6696643f1a4820daa) \Device\Harddisk0\DR0\Partition0
20:21:00.0326 0364 \Device\Harddisk0\DR0\Partition0 - ok
20:21:00.0358 0364 Boot (0x1200) (4e0b2ea9cb0277fc5508f0d880e221e6) \Device\Harddisk0\DR0\Partition1
20:21:00.0361 0364 \Device\Harddisk0\DR0\Partition1 - ok
20:21:00.0361 0364 ============================================================
20:21:00.0361 0364 Scan finished
20:21:00.0361 0364 ============================================================
20:21:00.0367 4060 Detected object count: 0
20:21:00.0367 4060 Actual detected object count: 0

#8 TomasPescod

TomasPescod
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 26 May 2012 - 10:49 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-26 20:25:24
-----------------------------
20:25:24.647 OS Version: Windows x64 6.1.7601 Service Pack 1
20:25:24.648 Number of processors: 8 586 0x1E05
20:25:24.649 ComputerName: TOMASPESCOD-PC UserName: Tomas Pescod
20:25:27.647 Initialize success
20:35:03.878 AVAST engine defs: 12052601
20:39:45.526 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:39:45.526 Disk 0 Vendor: ST925041 0004 Size: 238475MB BusType: 3
20:39:45.557 Disk 0 MBR read successfully
20:39:45.557 Disk 0 MBR scan
20:39:45.557 Disk 0 Windows VISTA default MBR code
20:39:45.557 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:39:45.572 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
20:39:45.588 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
20:39:45.619 Disk 0 scanning C:\Windows\system32\drivers
20:39:56.555 Service scanning
20:40:14.542 Modules scanning
20:40:14.542 Disk 0 trace - called modules:
20:40:14.588 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:40:14.588 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006393790]
20:40:14.588 3 CLASSPNP.SYS[fffff88001bb443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800615c050]
20:40:16.570 AVAST engine scan C:\Windows
20:40:18.972 AVAST engine scan C:\Windows\system32
20:42:38.311 AVAST engine scan C:\Windows\system32\drivers
20:42:51.727 AVAST engine scan C:\Users\Tomas Pescod
20:43:21.102 Disk 0 MBR has been saved successfully to "C:\Users\Tomas Pescod\Desktop\MBR.dat"
20:43:21.102 The log file has been saved successfully to "C:\Users\Tomas Pescod\Desktop\aswMBR.txt"
20:45:14.997 AVAST engine scan C:\ProgramData
20:46:28.332 Scan finished successfully
20:46:54.665 Disk 0 MBR has been saved successfully to "C:\Users\Tomas Pescod\Desktop\MBR.dat"
20:46:54.665 The log file has been saved successfully to "C:\Users\Tomas Pescod\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 27 May 2012 - 07:46 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1.2 - Español
BitComet 1.20
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 TomasPescod

TomasPescod
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 28 May 2012 - 01:56 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Versión de la Base de Datos: v2012.05.28.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tomas Pescod :: TOMASPESCOD-PC [administrador]

05/28/2012 11:31:29 a.m.
mbam-log-2012-05-28 (11-31-29).txt

Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 204516
Tiempo transcurrido: 51 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 0
(No se han detectado elementos maliciosos)

fin)

Is not letting me save the HiJack This log. It comes up as a blank txt.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 28 May 2012 - 02:18 PM

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 TomasPescod

TomasPescod
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 28 May 2012 - 02:52 PM

Here it is, thanks again:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:50:14 p.m., on 05/28/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\OSD\Launch_CC.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Windows\SysWOW64\MAFWTray.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [OSD] c:\Program Files\OSD\Launch.exe
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
O4 - HKLM\..\Run: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe
O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Enviar a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f701f161b383d4ba\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FAService - Sensible Vision - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Servicio de actualización de Google (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f701f161b383d4ba\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 22900 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 28 May 2012 - 04:31 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
      O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
      O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
      O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe
      O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 TomasPescod

TomasPescod
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 28 May 2012 - 08:11 PM

Here´s the ESET log:

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM140.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM142.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM156.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM45.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM47.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM71.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\Users\Tomas Pescod\AppData\Local\{6809f6e4-adf2-3725-2301-aa58cf49a544}\n.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}\n.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}\U\80000000.@.vir Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{6809f6e4-adf2-3725-2301-aa58cf49a544}\U\80000032.@.vir probably a variant of Win32/Sirefef.EU trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM140.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM142.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM156.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM45.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM47.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM71.zip Win32/Bagle.gen.zip worm
C:\Users\Tomas Pescod\AppData\Local\Downloaded Installations\{44EDBDE5-587A-4FB1-803F-43CDA250D6CD}\Command Center.msi a variant of Win32/PSWTool.IEPasswordsRevealer.A application
C:\Users\Tomas Pescod\Desktop\F0R$AKEN\USB\FL Studio XXL 9 [FULL]\flstudio_9.0.exe Win32/OpenCandy application
C:\Users\Tomas Pescod\Desktop\F0R$AKEN\USB\Fruity_Loops_Studio_9_&_Crack\flstudio_9.0_final.exe Win32/OpenCandy application
C:\Users\Tomas Pescod\Desktop\F0R$AKEN\USB\hypersonic 2\FL Studio XXL 9 [FULL].part1.rar Win32/OpenCandy application
C:\Windows\Installer\1399257.msi a variant of Win32/PSWTool.IEPasswordsRevealer.A application

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 28 May 2012 - 09:19 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Tomas Pescod\AppData\Local\Downloaded Installations\{44EDBDE5-587A-4FB1-80F-43CDA250D6CD}\Command Center.msi"
    del /f /s /q "C:\Users\Tomas Pescod\Desktop\F0R$AKEN\USB\FL Studio XXL 9 [FULL]\flstudio_9.0.exe"
    del /f /s /q "C:\Users\Tomas Pescod\Desktop\F0R$AKEN\USB\Fruity_Loops_Studio_9_&_Crack\flstudio_9.0_final.exe"
    del /f /s /q "C:\Users\Tomas Pescod\Desktop\F0R$AKEN\USB\hypersonic 2\FL Studio XXL 9 [FULL].part1.rar"
    del /f /s /q "C:\Windows\Installer\1399257.msi"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users