Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Previously infected with 'PUP.BundleInstaller.OI' virus..


  • This topic is locked This topic is locked
14 replies to this topic

#1 SWIM_GOOD

SWIM_GOOD

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 24 May 2012 - 07:07 PM

Hello !

I've been directed here after initially posting in the 'Am I infected?' forum. Running a scan recently with Malwarebytes' Anti-Malware picked up a 'PUP.BundleInstaller.OI' virus on my laptop:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.16.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Dan :: DAN-PC [administrator]

21/05/2012 14:49:26
mbam-log-2012-05-21 (14-49-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 272665
Time elapsed: 31 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Dan\Downloads\AVGSecureSearchInstaller.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.

(end)



According to Malwarebytes, the infection was quarantined and deleted but I'm doubtful that I'm looking at a clean system THAT easily.. Subsequent scans with Malwarebytes and SUPERAntiSpyware Free Edition are coming back clean though. I'd like confirmation that my system is indeed safe again. Please find the DDS log below and the Attach.txt file and Arc.txt log attatched..



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by Dan at 21:44:40 on 2012-05-24
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.3000.1677 [GMT 1:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Kontiki\KService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Dan\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1008&m=aspire_7730
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1008&m=aspire_7730
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1008&m=aspire_7730
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [eRecoveryService]
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
StartupFolder: c:\users\dan\appdata\roaming\micros~1\windows\startm~1\programs\startup\BBCIPL~1.LNK -
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{42BB607C-2404-4E3A-8D9D-934090046114} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dan\appdata\roaming\mozilla\firefox\profiles\fd18cl6k.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd200bae3-f2ee-41a6-8a95-0d80d5b0c527%7D&mid=5707b6f446eaa431ba19f2c3599b2f1f-0d3e1b47427d0730047c4a6dcbba385ec7ecaafe&ds=AVG&v=10.2.0.3&lang=en&pr=pr&d=2012-05-13%2019%3A02%3A37&sap=ku&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\programdata\avg secure search\9.0.0.18\components\toolbarhomewmp.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dan\appdata\local\yahoo!\browserplus\2.5.1\plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\users\dan\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\dan\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-4-28 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-8-2 116608]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-10-5 61424]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-10-5 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-17 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-10-5 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-4-29 932736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-3 112128]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-17 81296]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-17 3658752]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
RUnknown pavboot;pavboot; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\drivers\AVerA310USB.sys [2008-4-17 25856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 253088]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2008-4-17 42880]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-13 129976]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-13 18:02:35 -------- d-----w- c:\program files\AVG Secure Search
2012-05-13 16:31:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-13 16:31:05 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-05-13 16:31:05 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-05-13 16:31:05 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-13 16:31:05 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-29 21:51:54 -------- d-----w- c:\users\dan\appdata\local\AVG Secure Search
.
==================== Find3M ====================
.
2012-05-16 14:28:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 14:28:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 21:46:26.68 ===============


Thanks in advance for any help that I get !

Dan

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 25 May 2012 - 01:04 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 27 May 2012 - 11:13 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 SWIM_GOOD

SWIM_GOOD
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 30 May 2012 - 01:26 PM

Sorry for the late response, I haven't been at home for a few days.. I'm just about to download Security Check and run Combofix. I'll post the results of these immediately after..

Dan

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 30 May 2012 - 02:47 PM

:thumbup2: no problem


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 SWIM_GOOD

SWIM_GOOD
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 30 May 2012 - 03:11 PM

Here are the logs for Security Check and Combofix:


Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````





ComboFix 12-05-30.04 - Dan 30/05/2012 20:08:13.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.3000.1612 [GMT 1:00]
Running from: c:\users\Dan\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1142.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc119F.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc121.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc132.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc152B.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc15CA.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1673.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc16B0.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc17A7.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc18A2.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1B5F.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F7E.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc20ED.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2104.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2159.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2223.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2754.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2800.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2A83.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2B08.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2B0C.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2BD3.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2D1D.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc309.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3575.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3586.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3AD1.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3B22.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3BE4.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3C57.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3CA5.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3CF.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4166.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc44A0.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc46A.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc46F4.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4887.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc48E8.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4942.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4B77.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5156.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc51BD.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc520E.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5276.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc534.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc53A0.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc53D4.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5505.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc560A.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc561.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc566C.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc567B.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5816.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc597B.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5D5E.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5EA6.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5EF4.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5F13.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc600C.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc60B3.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc64AE.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc65BF.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc66F.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc695E.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A31.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C6.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc70C6.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7293.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc73FA.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc749.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7754.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc77B1.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7852.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A31.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A65.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7ABE.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7AC4.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7ADC.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7C17.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7E66.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7E9D.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc801A.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc80EC.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8202.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8364.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc83C5.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8480.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc882F.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc892E.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8A0B.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8D9.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E8D.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8EBD.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8FB4.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8FC3.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc918D.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc938.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9411.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9530.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc95DB.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9743.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc97C4.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc982C.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc99B4.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9A10.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9B4E.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9BC8.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C7A.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA000.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA099.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA0D6.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA4AC.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA508.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA67E.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA6A5.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA77C.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA9C9.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAB27.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAC69.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAF73.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB17A.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB2CF.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB379.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB47A.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB50D.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB711.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB769.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB802.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBA43.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBAC3.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBD69.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBF5B.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC39A.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC4F6.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC63E.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC66E.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC7B6.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC9A7.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC9B7.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB6E.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCC6D.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCDCF.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCE02.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCE0B.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCE97.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCEF6.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD0D1.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD194.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD29D.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD33A.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD451.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD635.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD63A.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD752.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD7C2.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD8A7.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDBC1.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDC1E.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDCEF.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDF97.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDFB7.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDFC.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE25B.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE3DE.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE562.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE5B7.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE630.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE6CC.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE8EA.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEA47.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEE0D.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF03A.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF138.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF1A9.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF2D4.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF3B7.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF4.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF5C1.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF72D.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF81F.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFAAE.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFAF9.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFBE9.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFE50.tmp
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFF19.tmp
c:\users\Dan\Desktop\Malware Protection.lnk
c:\windows\system32\system
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-30 19:23 . 2012-05-30 19:48 -------- d-----w- c:\users\Dan\AppData\Local\temp
2012-05-30 19:23 . 2012-05-30 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-13 18:02 . 2012-05-14 18:29 -------- d-----w- c:\program files\AVG Secure Search
2012-05-13 16:31 . 2012-05-13 16:31 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-13 16:31 . 2012-05-13 16:31 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-05-13 16:31 . 2012-05-13 16:31 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-05-13 16:31 . 2012-05-13 16:31 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-13 16:31 . 2012-05-13 16:31 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 14:28 . 2012-04-10 11:57 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-16 14:28 . 2011-06-10 10:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2011-06-21 18:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 16:31 . 2012-01-12 17:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-14 18:29 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-05-14 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-24 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-28 3905920]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 145944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-13 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-13 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-13 167936]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2010-09-29 1584640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-14 982880]
.
c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2008-04-15 25856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-22 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:40]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 13:45]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 13:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1008&m=aspire_7730
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1008&m=aspire_7730
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\fd18cl6k.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd200bae3-f2ee-41a6-8a95-0d80d5b0c527%7D&mid=5707b6f446eaa431ba19f2c3599b2f1f-0d3e1b47427d0730047c4a6dcbba385ec7ecaafe&ds=AVG&v=10.2.0.3&lang=en&pr=pr&d=2012-05-13%2019%3A02%3A37&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-30 20:48
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-05-30 20:52:54
ComboFix-quarantined-files.txt 2012-05-30 19:52
.
Pre-Run: 2,611,208,192 bytes free
Post-Run: 4,286,595,072 bytes free
.
- - End Of File - - 993058AD9B77ACC8CCB7E18D611E8608

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 30 May 2012 - 08:33 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 SWIM_GOOD

SWIM_GOOD
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 31 May 2012 - 02:50 PM

Here are the logs from TDSSKiller and aswMBR:


19:56:39.0908 5820 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:56:41.0914 5820 ============================================================
19:56:41.0914 5820 Current date / time: 2012/05/31 19:56:41.0914
19:56:41.0914 5820 SystemInfo:
19:56:41.0914 5820
19:56:41.0914 5820 OS Version: 6.0.6001 ServicePack: 1.0
19:56:41.0914 5820 Product type: Workstation
19:56:41.0915 5820 ComputerName: DAN-PC
19:56:41.0915 5820 UserName: Dan
19:56:41.0915 5820 Windows directory: C:\Windows
19:56:41.0915 5820 System windows directory: C:\Windows
19:56:41.0915 5820 Processor architecture: Intel x86
19:56:41.0915 5820 Number of processors: 2
19:56:41.0915 5820 Page size: 0x1000
19:56:41.0915 5820 Boot type: Normal boot
19:56:41.0915 5820 ============================================================
19:56:43.0125 5820 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:56:43.0130 5820 ============================================================
19:56:43.0130 5820 \Device\Harddisk0\DR0:
19:56:43.0130 5820 MBR partitions:
19:56:43.0130 5820 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x8B0C000
19:56:43.0130 5820 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9F0C800, BlocksNum 0x8B0C800
19:56:43.0130 5820 ============================================================
19:56:43.0194 5820 C: <-> \Device\Harddisk0\DR0\Partition0
19:56:43.0249 5820 D: <-> \Device\Harddisk0\DR0\Partition1
19:56:43.0250 5820 ============================================================
19:56:43.0250 5820 Initialize success
19:56:43.0250 5820 ============================================================
19:57:12.0932 3056 ============================================================
19:57:12.0932 3056 Scan started
19:57:12.0932 3056 Mode: Manual;
19:57:12.0932 3056 ============================================================
19:57:13.0401 3056 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:57:13.0405 3056 !SASCORE - ok
19:57:13.0681 3056 A310 (02e1c46c34f2d2843533c4f223867930) C:\Windows\system32\DRIVERS\AVerA310USB.sys
19:57:13.0683 3056 A310 - ok
19:57:13.0744 3056 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
19:57:13.0752 3056 ACPI - ok
19:57:13.0864 3056 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:57:13.0872 3056 AdobeFlashPlayerUpdateSvc - ok
19:57:13.0931 3056 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:57:13.0968 3056 adp94xx - ok
19:57:14.0057 3056 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:57:14.0078 3056 adpahci - ok
19:57:14.0141 3056 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:57:14.0177 3056 adpu160m - ok
19:57:14.0231 3056 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:57:14.0275 3056 adpu320 - ok
19:57:14.0319 3056 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:57:14.0321 3056 AeLookupSvc - ok
19:57:14.0388 3056 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
19:57:14.0411 3056 AFD - ok
19:57:14.0467 3056 AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe
19:57:14.0470 3056 AgereModemAudio - ok
19:57:14.0645 3056 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
19:57:14.0699 3056 AgereSoftModem - ok
19:57:14.0730 3056 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:57:14.0733 3056 agp440 - ok
19:57:14.0750 3056 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:57:14.0753 3056 aic78xx - ok
19:57:14.0776 3056 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:57:14.0779 3056 ALG - ok
19:57:14.0794 3056 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:57:14.0796 3056 aliide - ok
19:57:14.0826 3056 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:57:14.0829 3056 amdagp - ok
19:57:14.0852 3056 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:57:14.0854 3056 amdide - ok
19:57:14.0903 3056 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:57:14.0905 3056 AmdK7 - ok
19:57:14.0932 3056 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:57:14.0935 3056 AmdK8 - ok
19:57:14.0970 3056 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:57:14.0972 3056 Appinfo - ok
19:57:15.0131 3056 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:57:15.0135 3056 Apple Mobile Device - ok
19:57:15.0202 3056 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:57:15.0217 3056 arc - ok
19:57:15.0276 3056 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:57:15.0292 3056 arcsas - ok
19:57:15.0312 3056 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:57:15.0315 3056 AsyncMac - ok
19:57:15.0328 3056 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
19:57:15.0331 3056 atapi - ok
19:57:15.0397 3056 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
19:57:15.0405 3056 AudioEndpointBuilder - ok
19:57:15.0432 3056 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
19:57:15.0443 3056 Audiosrv - ok
19:57:15.0522 3056 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys
19:57:15.0525 3056 Avgfwfd - ok
19:57:15.0873 3056 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files\AVG\AVG2012\avgfws.exe
19:57:15.0911 3056 avgfws - ok
19:57:16.0456 3056 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
19:57:16.0531 3056 AVGIDSAgent - ok
19:57:16.0760 3056 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:57:16.0773 3056 AVGIDSDriver - ok
19:57:16.0820 3056 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:57:16.0824 3056 AVGIDSEH - ok
19:57:16.0845 3056 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:57:16.0848 3056 AVGIDSFilter - ok
19:57:16.0920 3056 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
19:57:16.0922 3056 AVGIDSShim - ok
19:57:16.0986 3056 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
19:57:16.0999 3056 Avgldx86 - ok
19:57:17.0033 3056 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
19:57:17.0035 3056 Avgmfx86 - ok
19:57:17.0089 3056 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
19:57:17.0092 3056 Avgrkx86 - ok
19:57:17.0162 3056 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
19:57:17.0209 3056 Avgtdix - ok
19:57:17.0342 3056 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:57:17.0345 3056 avgwd - ok
19:57:17.0444 3056 b57nd60x (7d0f2bfa273831124fa08526af48af18) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:57:17.0477 3056 b57nd60x - ok
19:57:17.0512 3056 BDASwCap (9347a2ddee501c242a8e21990279d688) C:\Windows\system32\drivers\AVerA310Cap.sys
19:57:17.0514 3056 BDASwCap - ok
19:57:17.0538 3056 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:57:17.0541 3056 Beep - ok
19:57:17.0604 3056 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
19:57:17.0624 3056 BFE - ok
19:57:17.0752 3056 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
19:57:17.0769 3056 BITS - ok
19:57:17.0790 3056 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:57:17.0792 3056 blbdrive - ok
19:57:17.0900 3056 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:57:17.0906 3056 Bonjour Service - ok
19:57:17.0976 3056 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
19:57:17.0980 3056 bowser - ok
19:57:18.0026 3056 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:57:18.0028 3056 BrFiltLo - ok
19:57:18.0046 3056 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:57:18.0048 3056 BrFiltUp - ok
19:57:18.0086 3056 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:57:18.0090 3056 Browser - ok
19:57:18.0116 3056 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:57:18.0120 3056 Brserid - ok
19:57:18.0142 3056 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:57:18.0145 3056 BrSerWdm - ok
19:57:18.0170 3056 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:57:18.0173 3056 BrUsbMdm - ok
19:57:18.0189 3056 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:57:18.0191 3056 BrUsbSer - ok
19:57:18.0210 3056 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
19:57:18.0212 3056 BthEnum - ok
19:57:18.0240 3056 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:57:18.0243 3056 BTHMODEM - ok
19:57:18.0291 3056 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
19:57:18.0295 3056 BthPan - ok
19:57:18.0344 3056 BTHPORT (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
19:57:18.0357 3056 BTHPORT - ok
19:57:18.0397 3056 BthServ (58ee7f5e68310bc8d4e7cebd8358c12e) C:\Windows\System32\bthserv.dll
19:57:18.0400 3056 BthServ - ok
19:57:18.0423 3056 BTHUSB (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
19:57:18.0426 3056 BTHUSB - ok
19:57:18.0504 3056 BUNAgentSvc (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
19:57:18.0506 3056 BUNAgentSvc - ok
19:57:18.0646 3056 catchme - ok
19:57:18.0694 3056 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:57:18.0698 3056 cdfs - ok
19:57:18.0765 3056 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
19:57:18.0768 3056 cdrom - ok
19:57:18.0810 3056 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
19:57:18.0813 3056 CertPropSvc - ok
19:57:18.0840 3056 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
19:57:18.0843 3056 circlass - ok
19:57:18.0883 3056 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
19:57:18.0899 3056 CLFS - ok
19:57:19.0037 3056 CLHNService (5ca9b1062c0c3e3ae19c23ad9d8a5048) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
19:57:19.0041 3056 CLHNService - ok
19:57:19.0117 3056 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:57:19.0122 3056 clr_optimization_v2.0.50727_32 - ok
19:57:19.0181 3056 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:57:19.0186 3056 clr_optimization_v4.0.30319_32 - ok
19:57:19.0265 3056 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:57:19.0267 3056 CmBatt - ok
19:57:19.0287 3056 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:57:19.0290 3056 cmdide - ok
19:57:19.0299 3056 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:57:19.0306 3056 Compbatt - ok
19:57:19.0314 3056 COMSysApp - ok
19:57:19.0346 3056 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:57:19.0349 3056 crcdisk - ok
19:57:19.0372 3056 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:57:19.0375 3056 Crusoe - ok
19:57:19.0420 3056 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
19:57:19.0436 3056 CryptSvc - ok
19:57:19.0531 3056 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
19:57:19.0545 3056 DcomLaunch - ok
19:57:19.0590 3056 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
19:57:19.0594 3056 DfsC - ok
19:57:19.0817 3056 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
19:57:19.0885 3056 DFSR - ok
19:57:20.0104 3056 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
19:57:20.0117 3056 Dhcp - ok
19:57:20.0175 3056 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
19:57:20.0178 3056 disk - ok
19:57:20.0220 3056 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
19:57:20.0222 3056 DKbFltr - ok
19:57:20.0273 3056 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
19:57:20.0323 3056 Dnscache - ok
19:57:20.0365 3056 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
19:57:20.0376 3056 dot3svc - ok
19:57:20.0442 3056 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
19:57:20.0455 3056 Dot4 - ok
19:57:20.0496 3056 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:57:20.0500 3056 Dot4Print - ok
19:57:20.0542 3056 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
19:57:20.0549 3056 dot4usb - ok
19:57:20.0586 3056 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:57:20.0601 3056 DPS - ok
19:57:20.0634 3056 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:57:20.0636 3056 drmkaud - ok
19:57:20.0712 3056 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
19:57:20.0727 3056 DXGKrnl - ok
19:57:20.0756 3056 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:57:20.0761 3056 E1G60 - ok
19:57:20.0794 3056 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:57:20.0798 3056 EapHost - ok
19:57:20.0830 3056 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
19:57:20.0845 3056 Ecache - ok
19:57:21.0018 3056 eDataSecurity Service (b7dc2580425225c320ceda78de55a3d0) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
19:57:21.0027 3056 eDataSecurity Service - ok
19:57:21.0077 3056 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:57:21.0097 3056 elxstor - ok
19:57:21.0176 3056 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
19:57:21.0199 3056 EMDMgmt - ok
19:57:21.0234 3056 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:57:21.0236 3056 ErrDev - ok
19:57:21.0332 3056 ETService (a51fd9df23720485991f56741bbefcfb) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
19:57:21.0335 3056 ETService - ok
19:57:21.0406 3056 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
19:57:21.0415 3056 EventSystem - ok
19:57:21.0453 3056 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
19:57:21.0464 3056 exfat - ok
19:57:21.0497 3056 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
19:57:21.0503 3056 fastfat - ok
19:57:21.0538 3056 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:57:21.0540 3056 fdc - ok
19:57:21.0568 3056 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:57:21.0571 3056 fdPHost - ok
19:57:21.0585 3056 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:57:21.0589 3056 FDResPub - ok
19:57:21.0622 3056 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:57:21.0624 3056 FileInfo - ok
19:57:21.0640 3056 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:57:21.0642 3056 Filetrace - ok
19:57:21.0658 3056 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:57:21.0663 3056 flpydisk - ok
19:57:21.0687 3056 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
19:57:21.0697 3056 FltMgr - ok
19:57:21.0774 3056 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:57:21.0777 3056 FontCache3.0.0.0 - ok
19:57:21.0797 3056 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:57:21.0828 3056 Fs_Rec - ok
19:57:21.0875 3056 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:57:21.0878 3056 gagp30kx - ok
19:57:21.0904 3056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:57:21.0907 3056 GEARAspiWDM - ok
19:57:21.0984 3056 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
19:57:22.0005 3056 gpsvc - ok
19:57:22.0148 3056 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:57:22.0151 3056 gupdate - ok
19:57:22.0160 3056 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:57:22.0168 3056 gupdatem - ok
19:57:22.0272 3056 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:57:22.0277 3056 gusvc - ok
19:57:22.0372 3056 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:57:22.0397 3056 HdAudAddService - ok
19:57:22.0443 3056 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:57:22.0445 3056 HDAudBus - ok
19:57:22.0460 3056 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:57:22.0463 3056 HidBth - ok
19:57:22.0478 3056 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
19:57:22.0481 3056 HidIr - ok
19:57:22.0522 3056 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
19:57:22.0526 3056 hidserv - ok
19:57:22.0541 3056 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
19:57:22.0543 3056 HidUsb - ok
19:57:22.0573 3056 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:57:22.0578 3056 hkmsvc - ok
19:57:22.0624 3056 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:57:22.0627 3056 HpCISSs - ok
19:57:22.0744 3056 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:57:22.0750 3056 hpqcxs08 - ok
19:57:22.0782 3056 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:57:22.0787 3056 hpqddsvc - ok
19:57:22.0841 3056 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
19:57:22.0890 3056 HTTP - ok
19:57:22.0910 3056 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:57:22.0913 3056 i2omp - ok
19:57:22.0958 3056 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:57:22.0962 3056 i8042prt - ok
19:57:23.0057 3056 IAANTMON (3e42c4691aad4b1e8d0466f9cbf05cbe) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:57:23.0067 3056 IAANTMON - ok
19:57:23.0140 3056 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\DRIVERS\iaStor.sys
19:57:23.0146 3056 iaStor - ok
19:57:23.0184 3056 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:57:23.0197 3056 iaStorV - ok
19:57:23.0373 3056 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:57:23.0441 3056 idsvc - ok
19:57:23.0704 3056 igfx (0627fc0c422cd6e0f23e1b0d1d9f0899) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:57:23.0783 3056 igfx - ok
19:57:23.0979 3056 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:57:23.0982 3056 iirsp - ok
19:57:24.0056 3056 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
19:57:24.0081 3056 IKEEXT - ok
19:57:24.0130 3056 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
19:57:24.0132 3056 int15 - ok
19:57:24.0339 3056 IntcAzAudAddService (3cfa12fefea751dae7b8133a6ef3c0d9) C:\Windows\system32\drivers\RTKVHDA.sys
19:57:24.0400 3056 IntcAzAudAddService - ok
19:57:24.0625 3056 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
19:57:24.0629 3056 IntcHdmiAddService - ok
19:57:24.0682 3056 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:57:24.0684 3056 intelide - ok
19:57:24.0711 3056 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:57:24.0713 3056 intelppm - ok
19:57:24.0744 3056 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:57:24.0754 3056 IPBusEnum - ok
19:57:24.0772 3056 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:57:24.0775 3056 IpFilterDriver - ok
19:57:24.0822 3056 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
19:57:24.0835 3056 iphlpsvc - ok
19:57:24.0843 3056 IpInIp - ok
19:57:24.0894 3056 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:57:24.0897 3056 IPMIDRV - ok
19:57:24.0920 3056 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:57:24.0924 3056 IPNAT - ok
19:57:25.0065 3056 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
19:57:25.0079 3056 iPod Service - ok
19:57:25.0108 3056 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:57:25.0111 3056 IRENUM - ok
19:57:25.0140 3056 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:57:25.0143 3056 isapnp - ok
19:57:25.0176 3056 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
19:57:25.0181 3056 iScsiPrt - ok
19:57:25.0198 3056 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:57:25.0201 3056 iteatapi - ok
19:57:25.0231 3056 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:57:25.0235 3056 iteraid - ok
19:57:25.0258 3056 JMCR (858c550ebbd243826a2193262c1b54a3) C:\Windows\system32\DRIVERS\jmcr.sys
19:57:25.0261 3056 JMCR - ok
19:57:25.0286 3056 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:57:25.0289 3056 kbdclass - ok
19:57:25.0309 3056 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
19:57:25.0311 3056 kbdhid - ok
19:57:25.0335 3056 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
19:57:25.0339 3056 KeyIso - ok
19:57:25.0391 3056 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
19:57:25.0408 3056 KSecDD - ok
19:57:25.0743 3056 KService (62cef3ca80ff1e3af738dd11e3505db1) C:\Program Files\Kontiki\KService.exe
19:57:25.0793 3056 KService - ok
19:57:26.0026 3056 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:57:26.0052 3056 KtmRm - ok
19:57:26.0112 3056 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
19:57:26.0168 3056 LanmanServer - ok
19:57:26.0228 3056 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
19:57:26.0265 3056 LanmanWorkstation - ok
19:57:26.0377 3056 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:57:26.0380 3056 LightScribeService - ok
19:57:26.0464 3056 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:57:26.0467 3056 lltdio - ok
19:57:26.0516 3056 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:57:26.0553 3056 lltdsvc - ok
19:57:26.0576 3056 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:57:26.0581 3056 lmhosts - ok
19:57:26.0611 3056 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:57:26.0615 3056 LSI_FC - ok
19:57:26.0643 3056 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:57:26.0647 3056 LSI_SAS - ok
19:57:26.0699 3056 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:57:26.0703 3056 LSI_SCSI - ok
19:57:26.0724 3056 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:57:26.0728 3056 luafv - ok
19:57:26.0786 3056 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
19:57:26.0795 3056 McciCMService - ok
19:57:26.0823 3056 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:57:26.0826 3056 megasas - ok
19:57:26.0875 3056 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:57:26.0892 3056 MegaSR - ok
19:57:26.0921 3056 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:57:26.0927 3056 MMCSS - ok
19:57:26.0992 3056 MobilityService - ok
19:57:27.0010 3056 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:57:27.0013 3056 Modem - ok
19:57:27.0047 3056 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:57:27.0050 3056 monitor - ok
19:57:27.0072 3056 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:57:27.0075 3056 mouclass - ok
19:57:27.0100 3056 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:57:27.0102 3056 mouhid - ok
19:57:27.0125 3056 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:57:27.0128 3056 MountMgr - ok
19:57:27.0206 3056 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:57:27.0260 3056 MozillaMaintenance - ok
19:57:27.0293 3056 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:57:27.0310 3056 mpio - ok
19:57:27.0334 3056 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:57:27.0337 3056 mpsdrv - ok
19:57:27.0392 3056 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
19:57:27.0409 3056 MpsSvc - ok
19:57:27.0437 3056 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:57:27.0439 3056 Mraid35x - ok
19:57:27.0578 3056 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:57:27.0581 3056 MREMP50 - ok
19:57:27.0588 3056 MREMPR5 - ok
19:57:27.0602 3056 MRENDIS5 - ok
19:57:27.0632 3056 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:57:27.0634 3056 MRESP50 - ok
19:57:27.0663 3056 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
19:57:27.0667 3056 MRxDAV - ok
19:57:27.0700 3056 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:57:27.0739 3056 mrxsmb - ok
19:57:27.0805 3056 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:57:27.0811 3056 mrxsmb10 - ok
19:57:27.0829 3056 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:57:27.0833 3056 mrxsmb20 - ok
19:57:27.0855 3056 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
19:57:27.0858 3056 msahci - ok
19:57:27.0889 3056 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:57:27.0893 3056 msdsm - ok
19:57:27.0928 3056 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:57:27.0971 3056 MSDTC - ok
19:57:28.0009 3056 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:57:28.0012 3056 Msfs - ok
19:57:28.0032 3056 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:57:28.0035 3056 msisadrv - ok
19:57:28.0070 3056 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:57:28.0105 3056 MSiSCSI - ok
19:57:28.0114 3056 msiserver - ok
19:57:28.0133 3056 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:57:28.0136 3056 MSKSSRV - ok
19:57:28.0170 3056 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:57:28.0172 3056 MSPCLOCK - ok
19:57:28.0191 3056 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:57:28.0194 3056 MSPQM - ok
19:57:28.0250 3056 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
19:57:28.0265 3056 MsRPC - ok
19:57:28.0328 3056 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:57:28.0330 3056 mssmbios - ok
19:57:28.0340 3056 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:57:28.0343 3056 MSTEE - ok
19:57:28.0362 3056 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
19:57:28.0365 3056 Mup - ok
19:57:28.0429 3056 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
19:57:28.0450 3056 napagent - ok
19:57:28.0517 3056 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
19:57:28.0531 3056 NativeWifiP - ok
19:57:28.0613 3056 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
19:57:28.0623 3056 NDIS - ok
19:57:28.0636 3056 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:57:28.0639 3056 NdisTapi - ok
19:57:28.0658 3056 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:57:28.0660 3056 Ndisuio - ok
19:57:28.0697 3056 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
19:57:28.0701 3056 NdisWan - ok
19:57:28.0727 3056 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:57:28.0731 3056 NDProxy - ok
19:57:28.0759 3056 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
19:57:28.0764 3056 Net Driver HPZ12 - ok
19:57:28.0795 3056 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:57:28.0798 3056 NetBIOS - ok
19:57:28.0834 3056 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
19:57:28.0858 3056 netbt - ok
19:57:28.0881 3056 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
19:57:28.0885 3056 Netlogon - ok
19:57:28.0939 3056 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:57:28.0962 3056 Netman - ok
19:57:28.0995 3056 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:57:29.0005 3056 netprofm - ok
19:57:29.0096 3056 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:57:29.0110 3056 NetTcpPortSharing - ok
19:57:29.0488 3056 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
19:57:29.0598 3056 NETw5v32 - ok
19:57:29.0777 3056 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:57:29.0780 3056 nfrd960 - ok
19:57:29.0828 3056 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:57:29.0837 3056 NlaSvc - ok
19:57:29.0859 3056 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
19:57:29.0863 3056 Npfs - ok
19:57:29.0885 3056 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:57:29.0891 3056 nsi - ok
19:57:29.0910 3056 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:57:29.0913 3056 nsiproxy - ok
19:57:30.0021 3056 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
19:57:30.0057 3056 Ntfs - ok
19:57:30.0111 3056 NTIBackupSvc (cb76f68ba0d57c5d25b538981b1c611c) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
19:57:30.0113 3056 NTIBackupSvc - ok
19:57:30.0140 3056 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
19:57:30.0143 3056 NTIDrvr - ok
19:57:30.0278 3056 NTIPPKernel (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
19:57:30.0312 3056 NTIPPKernel - ok
19:57:30.0355 3056 NTISchedulerSvc (df1c10a75df7e50195fc417f88a33227) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
19:57:30.0359 3056 NTISchedulerSvc - ok
19:57:30.0391 3056 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:57:30.0394 3056 ntrigdigi - ok
19:57:30.0412 3056 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:57:30.0414 3056 Null - ok
19:57:30.0439 3056 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:57:30.0444 3056 nvraid - ok
19:57:30.0464 3056 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:57:30.0467 3056 nvstor - ok
19:57:30.0499 3056 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:57:30.0504 3056 nv_agp - ok
19:57:30.0512 3056 NwlnkFlt - ok
19:57:30.0529 3056 NwlnkFwd - ok
19:57:30.0657 3056 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:57:30.0806 3056 odserv - ok
19:57:30.0834 3056 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:57:30.0837 3056 ohci1394 - ok
19:57:30.0881 3056 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:57:30.0948 3056 ose - ok
19:57:31.0033 3056 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:57:31.0061 3056 p2pimsvc - ok
19:57:31.0084 3056 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:57:31.0100 3056 p2psvc - ok
19:57:31.0119 3056 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:57:31.0124 3056 Parport - ok
19:57:31.0144 3056 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
19:57:31.0147 3056 partmgr - ok
19:57:31.0189 3056 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:57:31.0191 3056 Parvdm - ok
19:57:31.0212 3056 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:57:31.0219 3056 PcaSvc - ok
19:57:31.0262 3056 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
19:57:31.0277 3056 pci - ok
19:57:31.0301 3056 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:57:31.0304 3056 pciide - ok
19:57:31.0340 3056 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:57:31.0355 3056 pcmcia - ok
19:57:31.0476 3056 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:57:31.0511 3056 PEAUTH - ok
19:57:31.0713 3056 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:57:31.0763 3056 pla - ok
19:57:31.0959 3056 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
19:57:31.0982 3056 PlugPlay - ok
19:57:32.0025 3056 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
19:57:32.0030 3056 Pml Driver HPZ12 - ok
19:57:32.0129 3056 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:57:32.0145 3056 PNRPAutoReg - ok
19:57:32.0164 3056 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:57:32.0181 3056 PNRPsvc - ok
19:57:32.0235 3056 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
19:57:32.0267 3056 PolicyAgent - ok
19:57:32.0332 3056 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:57:32.0337 3056 PptpMiniport - ok
19:57:32.0374 3056 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:57:32.0377 3056 Processor - ok
19:57:32.0409 3056 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
19:57:32.0418 3056 ProfSvc - ok
19:57:32.0450 3056 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
19:57:32.0454 3056 ProtectedStorage - ok
19:57:32.0488 3056 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
19:57:32.0491 3056 PSched - ok
19:57:32.0505 3056 PSDFilter (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
19:57:32.0508 3056 PSDFilter - ok
19:57:32.0528 3056 PSDNServ (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
19:57:32.0530 3056 PSDNServ - ok
19:57:32.0549 3056 psdvdisk (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
19:57:32.0552 3056 psdvdisk - ok
19:57:32.0706 3056 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:57:32.0748 3056 ql2300 - ok
19:57:32.0775 3056 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:57:32.0780 3056 ql40xx - ok
19:57:32.0824 3056 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:57:32.0845 3056 QWAVE - ok
19:57:32.0867 3056 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:57:32.0870 3056 QWAVEdrv - ok
19:57:32.0905 3056 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:57:32.0908 3056 RasAcd - ok
19:57:32.0962 3056 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:57:32.0981 3056 RasAuto - ok
19:57:33.0005 3056 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:57:33.0008 3056 Rasl2tp - ok
19:57:33.0043 3056 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
19:57:33.0066 3056 RasMan - ok
19:57:33.0093 3056 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
19:57:33.0096 3056 RasPppoe - ok
19:57:33.0122 3056 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
19:57:33.0126 3056 RasSstp - ok
19:57:33.0159 3056 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
19:57:33.0165 3056 rdbss - ok
19:57:33.0192 3056 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:57:33.0194 3056 RDPCDD - ok
19:57:33.0247 3056 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:57:33.0254 3056 rdpdr - ok
19:57:33.0264 3056 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:57:33.0267 3056 RDPENCDD - ok
19:57:33.0314 3056 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
19:57:33.0328 3056 RDPWD - ok
19:57:33.0379 3056 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:57:33.0399 3056 RemoteAccess - ok
19:57:33.0428 3056 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
19:57:33.0446 3056 RemoteRegistry - ok
19:57:33.0506 3056 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
19:57:33.0509 3056 RFCOMM - ok
19:57:33.0660 3056 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\Cyberlink\Shared files\RichVideo.exe
19:57:33.0667 3056 RichVideo - ok
19:57:33.0713 3056 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:57:33.0718 3056 RpcLocator - ok
19:57:33.0784 3056 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
19:57:33.0799 3056 RpcSs - ok
19:57:33.0832 3056 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:57:33.0836 3056 rspndr - ok
19:57:33.0856 3056 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
19:57:33.0861 3056 SamSs - ok
19:57:33.0912 3056 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:57:33.0914 3056 SASDIFSV - ok
19:57:33.0951 3056 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
19:57:33.0954 3056 SASENUM - ok
19:57:34.0022 3056 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
19:57:34.0026 3056 SASKUTIL - ok
19:57:34.0058 3056 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:57:34.0075 3056 sbp2port - ok
19:57:34.0114 3056 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
19:57:34.0130 3056 SCardSvr - ok
19:57:34.0243 3056 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
19:57:34.0308 3056 Schedule - ok
19:57:34.0340 3056 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
19:57:34.0342 3056 SCPolicySvc - ok
19:57:34.0373 3056 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
19:57:34.0377 3056 sdbus - ok
19:57:34.0401 3056 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:57:34.0420 3056 SDRSVC - ok
19:57:34.0434 3056 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:57:34.0442 3056 secdrv - ok
19:57:34.0494 3056 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:57:34.0501 3056 seclogon - ok
19:57:34.0521 3056 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
19:57:34.0528 3056 SENS - ok
19:57:34.0551 3056 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:57:34.0554 3056 Serenum - ok
19:57:34.0587 3056 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:57:34.0592 3056 Serial - ok
19:57:34.0610 3056 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:57:34.0613 3056 sermouse - ok
19:57:34.0664 3056 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:57:34.0672 3056 SessionEnv - ok
19:57:34.0698 3056 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:57:34.0700 3056 sffdisk - ok
19:57:34.0747 3056 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:57:34.0749 3056 sffp_mmc - ok
19:57:34.0767 3056 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:57:34.0770 3056 sffp_sd - ok
19:57:34.0787 3056 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:57:34.0794 3056 sfloppy - ok
19:57:34.0854 3056 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:57:34.0874 3056 SharedAccess - ok
19:57:34.0948 3056 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
19:57:34.0978 3056 ShellHWDetection - ok
19:57:35.0033 3056 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:57:35.0037 3056 sisagp - ok
19:57:35.0057 3056 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:57:35.0060 3056 SiSRaid2 - ok
19:57:35.0084 3056 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:57:35.0088 3056 SiSRaid4 - ok
19:57:35.0351 3056 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
19:57:35.0437 3056 slsvc - ok
19:57:35.0613 3056 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
19:57:35.0632 3056 SLUINotify - ok
19:57:35.0697 3056 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
19:57:35.0701 3056 Smb - ok
19:57:35.0754 3056 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:57:35.0761 3056 SNMPTRAP - ok
19:57:35.0779 3056 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:57:35.0782 3056 spldr - ok
19:57:35.0828 3056 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
19:57:35.0836 3056 Spooler - ok
19:57:35.0889 3056 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
19:57:35.0910 3056 srv - ok
19:57:35.0952 3056 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
19:57:35.0967 3056 srv2 - ok
19:57:36.0013 3056 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
19:57:36.0017 3056 srvnet - ok
19:57:36.0076 3056 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:57:36.0090 3056 SSDPSRV - ok
19:57:36.0117 3056 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:57:36.0133 3056 SstpSvc - ok
19:57:36.0196 3056 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
19:57:36.0220 3056 stisvc - ok
19:57:36.0260 3056 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:57:36.0263 3056 swenum - ok
19:57:36.0330 3056 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
19:57:36.0350 3056 swprv - ok
19:57:36.0370 3056 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:57:36.0373 3056 Symc8xx - ok
19:57:36.0397 3056 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:57:36.0399 3056 Sym_hi - ok
19:57:36.0423 3056 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:57:36.0427 3056 Sym_u3 - ok
19:57:36.0477 3056 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
19:57:36.0491 3056 SynTP - ok
19:57:36.0547 3056 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
19:57:36.0578 3056 SysMain - ok
19:57:36.0614 3056 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:57:36.0634 3056 TabletInputService - ok
19:57:36.0664 3056 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
19:57:36.0676 3056 TapiSrv - ok
19:57:36.0719 3056 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:57:36.0727 3056 TBS - ok
19:57:36.0834 3056 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
19:57:36.0849 3056 Tcpip - ok
19:57:36.0879 3056 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
19:57:36.0895 3056 Tcpip6 - ok
19:57:36.0932 3056 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
19:57:36.0934 3056 tcpipreg - ok
19:57:36.0951 3056 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:57:36.0956 3056 TDPIPE - ok
19:57:36.0983 3056 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:57:36.0986 3056 TDTCP - ok
19:57:37.0011 3056 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
19:57:37.0014 3056 tdx - ok
19:57:37.0036 3056 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
19:57:37.0040 3056 TermDD - ok
19:57:37.0121 3056 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
19:57:37.0149 3056 TermService - ok
19:57:37.0219 3056 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
19:57:37.0229 3056 Themes - ok
19:57:37.0269 3056 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:57:37.0273 3056 THREADORDER - ok
19:57:37.0298 3056 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:57:37.0307 3056 TrkWks - ok
19:57:37.0349 3056 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
19:57:37.0351 3056 TrustedInstaller - ok
19:57:37.0370 3056 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:57:37.0373 3056 tssecsrv - ok
19:57:37.0397 3056 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:57:37.0400 3056 tunmp - ok
19:57:37.0443 3056 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
19:57:37.0446 3056 tunnel - ok
19:57:37.0478 3056 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:57:37.0481 3056 uagp35 - ok
19:57:37.0510 3056 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
19:57:37.0513 3056 UBHelper - ok
19:57:37.0565 3056 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
19:57:37.0578 3056 udfs - ok
19:57:37.0621 3056 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:57:37.0629 3056 UI0Detect - ok
19:57:37.0655 3056 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:57:37.0658 3056 uliagpkx - ok
19:57:37.0709 3056 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:57:37.0721 3056 uliahci - ok
19:57:37.0759 3056 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:57:37.0764 3056 UlSata - ok
19:57:37.0788 3056 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:57:37.0803 3056 ulsata2 - ok
19:57:37.0828 3056 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:57:37.0831 3056 umbus - ok
19:57:37.0868 3056 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:57:37.0890 3056 upnphost - ok
19:57:37.0931 3056 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
19:57:37.0934 3056 USBAAPL - ok
19:57:38.0001 3056 usbccgp (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys
19:57:38.0004 3056 usbccgp - ok
19:57:38.0031 3056 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:57:38.0035 3056 usbcir - ok
19:57:38.0074 3056 usbehci (686d4188ae36254c3008b71fedacadf3) C:\Windows\system32\DRIVERS\usbehci.sys
19:57:38.0077 3056 usbehci - ok
19:57:38.0128 3056 usbhub (4e42f665a658f08d153f7fffe7c83806) C:\Windows\system32\DRIVERS\usbhub.sys
19:57:38.0141 3056 usbhub - ok
19:57:38.0157 3056 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:57:38.0160 3056 usbohci - ok
19:57:38.0193 3056 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:57:38.0196 3056 usbprint - ok
19:57:38.0256 3056 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:57:38.0259 3056 usbscan - ok
19:57:38.0297 3056 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:57:38.0301 3056 USBSTOR - ok
19:57:38.0363 3056 usbuhci (40f95a3d6d50d82f947f1d167c2ec39d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:57:38.0366 3056 usbuhci - ok
19:57:38.0419 3056 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:57:38.0433 3056 usbvideo - ok
19:57:38.0463 3056 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
19:57:38.0471 3056 UxSms - ok
19:57:38.0537 3056 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
19:57:38.0566 3056 vds - ok
19:57:38.0602 3056 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:57:38.0605 3056 vga - ok
19:57:38.0618 3056 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:57:38.0625 3056 VgaSave - ok
19:57:38.0652 3056 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:57:38.0656 3056 viaagp - ok
19:57:38.0676 3056 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:57:38.0679 3056 ViaC7 - ok
19:57:38.0703 3056 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:57:38.0706 3056 viaide - ok
19:57:38.0754 3056 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:57:38.0758 3056 volmgr - ok
19:57:38.0792 3056 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
19:57:38.0801 3056 volmgrx - ok
19:57:38.0839 3056 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
19:57:38.0851 3056 volsnap - ok
19:57:38.0876 3056 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:57:38.0881 3056 vsmraid - ok
19:57:39.0004 3056 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
19:57:39.0062 3056 VSS - ok
19:57:39.0310 3056 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
19:57:39.0326 3056 vToolbarUpdater11.0.2 - ok
19:57:39.0515 3056 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
19:57:39.0548 3056 W32Time - ok
19:57:39.0617 3056 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:57:39.0620 3056 WacomPen - ok
19:57:39.0639 3056 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:57:39.0643 3056 Wanarp - ok
19:57:39.0651 3056 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:57:39.0654 3056 Wanarpv6 - ok
19:57:39.0716 3056 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
19:57:39.0733 3056 wcncsvc - ok
19:57:39.0759 3056 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:57:39.0768 3056 WcsPlugInService - ok
19:57:39.0792 3056 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:57:39.0795 3056 Wd - ok
19:57:39.0848 3056 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:57:39.0864 3056 Wdf01000 - ok
19:57:39.0887 3056 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:57:39.0896 3056 WdiServiceHost - ok
19:57:39.0907 3056 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:57:39.0917 3056 WdiSystemHost - ok
19:57:39.0946 3056 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
19:57:39.0958 3056 WebClient - ok
19:57:40.0042 3056 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:57:40.0057 3056 Wecsvc - ok
19:57:40.0075 3056 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:57:40.0095 3056 wercplsupport - ok
19:57:40.0144 3056 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
19:57:40.0154 3056 WerSvc - ok
19:57:40.0193 3056 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
19:57:40.0196 3056 winbondcir - ok
19:57:40.0288 3056 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:57:40.0321 3056 WinDefend - ok
19:57:40.0338 3056 WinHttpAutoProxySvc - ok
19:57:40.0410 3056 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
19:57:40.0425 3056 Winmgmt - ok
19:57:40.0613 3056 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:57:40.0677 3056 WinRM - ok
19:57:40.0763 3056 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
19:57:40.0796 3056 Wlansvc - ok
19:57:40.0841 3056 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:57:40.0844 3056 WmiAcpi - ok
19:57:40.0924 3056 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
19:57:40.0940 3056 wmiApSrv - ok
19:57:41.0108 3056 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:57:41.0142 3056 WMPNetworkSvc - ok
19:57:41.0186 3056 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
19:57:41.0200 3056 WPCSvc - ok
19:57:41.0228 3056 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
19:57:41.0269 3056 WPDBusEnum - ok
19:57:41.0328 3056 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
19:57:41.0332 3056 WpdUsb - ok
19:57:41.0539 3056 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:57:41.0563 3056 WPFFontCache_v0400 - ok
19:57:41.0604 3056 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:57:41.0607 3056 ws2ifsl - ok
19:57:41.0647 3056 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
19:57:41.0666 3056 wscsvc - ok
19:57:41.0681 3056 WSearch - ok
19:57:41.0866 3056 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:57:41.0931 3056 wuauserv - ok
19:57:42.0110 3056 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:57:42.0126 3056 WUDFRd - ok
19:57:42.0169 3056 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:57:42.0188 3056 wudfsvc - ok
19:57:42.0353 3056 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
19:57:42.0355 3056 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
19:57:42.0394 3056 MBR (0x1B8) (7ba4c7ea1ef33a92f5f01be63edacb6a) \Device\Harddisk0\DR0
19:57:48.0838 3056 \Device\Harddisk0\DR0 - ok
19:57:48.0877 3056 Boot (0x1200) (ab643bc3d6fbad57e89989d44ac70e86) \Device\Harddisk0\DR0\Partition0
19:57:48.0880 3056 \Device\Harddisk0\DR0\Partition0 - ok
19:57:48.0905 3056 Boot (0x1200) (707ec944a0b0e0d6fd2ed3f1a414fcb1) \Device\Harddisk0\DR0\Partition1
19:57:48.0907 3056 \Device\Harddisk0\DR0\Partition1 - ok
19:57:48.0908 3056 ============================================================
19:57:48.0908 3056 Scan finished
19:57:48.0908 3056 ============================================================
19:57:48.0933 4772 Detected object count: 0
19:57:48.0933 4772 Actual detected object count: 0





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-31 20:02:07
-----------------------------
20:02:07.414 OS Version: Windows 6.0.6001 Service Pack 1
20:02:07.414 Number of processors: 2 586 0xF0D
20:02:07.417 ComputerName: DAN-PC UserName: Dan
20:02:49.365 Initialize success
20:04:41.288 AVAST engine defs: 12053100
20:05:26.169 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:05:26.174 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
20:05:26.191 Disk 0 MBR read successfully
20:05:26.196 Disk 0 MBR scan
20:05:26.206 Disk 0 unknown MBR code
20:05:26.216 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
20:05:26.236 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71192 MB offset 20973568
20:05:26.264 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71193 MB offset 166774784
20:05:26.278 Disk 0 scanning sectors +312578048
20:05:26.361 Disk 0 scanning C:\Windows\system32\drivers
20:05:41.720 Service scanning
20:06:16.472 Modules scanning
20:06:23.288 Disk 0 trace - called modules:
20:06:23.323 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
20:06:23.334 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8615aac8]
20:06:23.346 3 CLASSPNP.SYS[8a5a3745] -> nt!IofCallDriver -> [0x85679b18]
20:06:23.357 5 acpi.sys[8069a6a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8567c028]
20:06:26.535 AVAST engine scan C:\Windows
20:06:32.681 AVAST engine scan C:\Windows\system32
20:12:18.597 AVAST engine scan C:\Windows\system32\drivers
20:12:39.323 AVAST engine scan C:\Users\Dan
20:25:45.073 AVAST engine scan C:\ProgramData
20:34:29.320 Scan finished successfully
20:47:05.770 Disk 0 MBR has been saved successfully to "C:\Users\Dan\Desktop\MBR.dat"
20:47:05.784 The log file has been saved successfully to "C:\Users\Dan\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 31 May 2012 - 09:50 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8.1.0 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 SWIM_GOOD

SWIM_GOOD
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 01 June 2012 - 11:31 AM

Ok, here is the log for the lastest scan with MBAM and below that the report from Hijack this:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.01.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Dan :: DAN-PC [administrator]

01/06/2012 15:41:25
mbam-log-2012-06-01 (15-41-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210029
Time elapsed: 8 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:22:23, on 01/06/2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Dan\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1008&m=aspire_7730
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1008&m=aspire_7730
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: BBC iPlayer Desktop.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

--
End of file - 13481 bytes


How are things looking now ? I noticed within MBAM that the logs file list only contained the above log and that the quarantine no longer listed the 'previously found and removed' threats.. Is this merely a result of CCleaner and normal ? Also, referring back to the Security Check report should I act upon any of the other suggestions in red type; the 'out of date service pack' and defragmentation of my hard drive for example ? Thanks for your help up until this point..

Dan

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 03 June 2012 - 08:09 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
      O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
      O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
      O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
      O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
      O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
      O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
      O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Startup: BBC iPlayer Desktop.lnk = ?
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 05 June 2012 - 11:52 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 SWIM_GOOD

SWIM_GOOD
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 06 June 2012 - 03:24 PM

Sorry again for the delayed reply..

As suggested I've removed the unneeded start-up entries through HijackThis. There's no log to show you from the ESET scanner as no threats were found. Hoorah. This is looking good.. :)

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 06 June 2012 - 09:31 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 08 June 2012 - 11:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users