Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Keeps Reporting that Antivirus is Turned Off, and cannot enable real-time shields on Avast! free version.


  • This topic is locked This topic is locked
15 replies to this topic

#1 pygmalionundone

pygmalionundone

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 29 May 2012 - 06:30 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Evan at 19:22:41 on 2012-05-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4257 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
E:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
E:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
E:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
E:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
E:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtByDzy0C0EtAtAzy0DyBzytAyCyD0EtN0D0TzutBtDtCtCtDzztCyE&cr=47646910
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtByDzy0C0EtAtAzy0DyBzytAyCyD0EtN0D0TzutBtDtCtCtDzztCyE&cr=47646910
uInternet Settings,ProxyOverride = *.local;<local>
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [AnyDVD] E:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun: [DataMigrationSoftwareMonitor.exe] C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\Evan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GMOTES~1.LNK - E:\Program Files (x86)\GmoteServer\GmoteServer.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: hitchcock.org\irunway
Trusted Zone: d-h.org\my
Trusted Zone: hitchcock.org\app-auth
Trusted Zone: hitchcock.org\dh907
Trusted Zone: hitchcock.org\dhirunway
Trusted Zone: hitchcock.org\irunway
DPF: {ABFDD6B9-B694-48C8-86D9-8BF8E05ACFFB} - hxxp://irunway.hitchcock.org/IntraLaunch.CAB
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{46644386-861D-467C-B4C7-CAAC27CA9B87} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{46644386-861D-467C-B4C7-CAAC27CA9B87}\14355535 : DhcpNameServer = 192.168.1.220
TCP: Interfaces\{46644386-861D-467C-B4C7-CAAC27CA9B87}\730235F657478602354727565647 : DhcpNameServer = 192.168.1.220
TCP: Interfaces\{6C3553A5-D44B-43A6-8774-97D30AB4E9E6} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{97F1E855-90EF-4FC5-92BD-C9F43DDDB9AD} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun-x64: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun-x64: [DataMigrationSoftwareMonitor.exe] C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\9lzeiiif.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=380920&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\9lzeiiif.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extentions.y2layers.installId - e3ecd72f-b424-44ef-80bf-0cfc22002b87
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 AtherosSvc;AtherosSvc;E:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-4-1 34392]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-5-22 44768]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-6-13 821592]
R2 IntSch2Svc;Intel Scheduler2 Service;C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe [2010-11-1 1164704]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-14 652360]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 UsbService;Eltima Usb to Ethernet Connector;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2010-8-28 326656]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vuhub;Virtual Usb Hub;C:\Windows\system32\DRIVERS\vuhub.sys --> C:\Windows\system32\DRIVERS\vuhub.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-22 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-23 257696]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-3-19 21384]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-22 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbmdm_000.sys --> C:\Windows\system32\DRIVERS\nwusbmdm_000.sys [?]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser_000.sys --> C:\Windows\system32\DRIVERS\nwusbser_000.sys [?]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser2_000.sys --> C:\Windows\system32\DRIVERS\nwusbser2_000.sys [?]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-3-19 33184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-3-19 21872]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-05-29 23:12:03 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60565FB0-2BB2-4780-A48B-1D796937C57C}\mpengine.dll
2012-05-28 03:51:08 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-24 23:31:13 -------- d-----w- C:\Program Files\Handbrake
2012-05-23 02:39:40 -------- d-----w- C:\Users\Evan\AppData\Local\Google
2012-05-23 02:39:38 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-05-23 02:39:38 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-05-23 02:39:38 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-05-23 02:39:16 41184 ----a-w- C:\Windows\avastSS.scr
2012-05-23 02:39:06 -------- d-----w- C:\Program Files\AVAST Software
2012-05-23 00:04:04 3703136 ----a-w- C:\Windows\System32\AutoPartNt.exe
2012-05-23 00:02:45 -------- d-----w- C:\Users\Evan\AppData\Roaming\Intel
2012-05-23 00:01:25 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys
2012-05-23 00:01:14 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-05-18 01:19:23 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-05-18 01:19:22 -------- d-----w- C:\ProgramData\Tarma Installer
2012-05-18 01:18:48 -------- d-----w- C:\Program Files (x86)\1ClickDownload
2012-05-15 23:13:50 65602 ----a-w- C:\Windows\SysWow64\cook3260.dll
2012-05-15 23:13:50 626688 ----a-w- C:\Windows\SysWow64\vp7vfw.dll
2012-05-15 23:13:50 217127 ----a-w- C:\Windows\SysWow64\drv43260.dll
2012-05-15 23:13:50 208935 ----a-w- C:\Windows\SysWow64\drv33260.dll
2012-05-15 23:13:50 176165 ----a-w- C:\Windows\SysWow64\drv23260.dll
2012-05-15 23:13:50 1184984 ----a-w- C:\Windows\SysWow64\wvc1dmod.dll
2012-05-15 23:13:50 102439 ----a-w- C:\Windows\SysWow64\sipr3260.dll
2012-05-15 01:32:17 -------- d-----w- C:\Users\Evan\AppData\Local\CrashDumps
2012-05-15 01:29:31 -------- d-----w- C:\Users\Evan\AppData\Roaming\Digiarty
2012-05-15 00:51:54 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-15 00:51:54 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-15 00:50:49 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-15 00:50:49 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-15 00:50:48 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-15 00:50:48 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-15 00:46:52 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-15 00:46:20 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-15 00:46:18 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-15 00:46:17 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-15 00:46:17 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-15 00:46:17 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-15 00:46:17 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
.
==================== Find3M ====================
.
2012-05-15 23:47:54 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 23:47:54 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-15 23:47:37 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 22:09:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-09 14:12:44 138360 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys
2012-03-09 14:12:44 138360 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
.
============= FINISH: 19:23:02.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:56 AM

Posted 29 May 2012 - 11:44 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 pygmalionundone

pygmalionundone
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 31 May 2012 - 08:21 PM

So far, no new issues have come up since running the programs yesterday, but I've not used it much. Avast free doesn't seem to be able to turn on any "real time shields" but Windows Defender turned on its real-time protection okay. Any information regarding what was/is going on would be great. Here are the logs:

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.60.1.1000
CCleaner
Adobe Flash Player 11.2.202.235
Mozilla Firefox (12.0)
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
IObit IObit Malware Fighter IMFsrv.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````




ComboFix 12-05-30.04 - Evan 05/30/2012 22:09:30.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4370 [GMT -4:00]
Running from: e:\users\Evan\Downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Evan\AppData\Roaming\a7f392kfbn12
c:\users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\9lzeiiif.default\searchplugins\bing-zugo.xml
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\mingwm10.dll
L:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2012-05-31 02:13 . 2012-05-31 02:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-31 02:13 . 2012-05-31 02:13 -------- d-----w- c:\users\Others\AppData\Local\temp
2012-05-31 02:13 . 2012-05-31 02:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-31 02:13 . 2012-05-31 02:13 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-31 01:57 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFAE57EF-DC6E-4D15-90FF-5F9890AFAE07}\mpengine.dll
2012-05-29 23:12 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-24 23:31 . 2012-05-24 23:31 -------- d-----w- c:\program files\Handbrake
2012-05-24 00:31 . 2012-03-06 23:02 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-05-23 02:39 . 2012-05-23 02:45 -------- d-----w- c:\users\Evan\AppData\Local\Google
2012-05-23 02:39 . 2012-05-23 02:43 -------- d-----w- c:\program files (x86)\Google
2012-05-23 02:39 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-23 02:39 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-23 02:39 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-23 02:39 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-23 02:39 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-23 02:39 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-23 02:39 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-05-23 02:39 . 2012-05-23 02:39 -------- d-----w- c:\program files\AVAST Software
2012-05-23 00:04 . 2012-05-23 00:04 3703136 ----a-w- c:\windows\system32\AutoPartNt.exe
2012-05-23 00:02 . 2012-05-23 00:02 -------- d-----w- c:\users\Evan\AppData\Roaming\Intel
2012-05-23 00:01 . 2012-05-23 00:04 -------- d-----w- c:\programdata\Intel
2012-05-23 00:01 . 2012-05-23 00:01 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-05-23 00:01 . 2012-05-23 00:01 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2012-05-23 00:01 . 2012-05-23 00:01 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-05-23 00:01 . 2012-05-23 00:01 -------- d-----w- c:\program files (x86)\Intel
2012-05-18 01:19 . 2012-05-18 01:19 -------- d-----w- c:\program files (x86)\Yontoo
2012-05-18 01:19 . 2012-05-18 01:19 -------- d-----w- c:\programdata\Tarma Installer
2012-05-18 01:18 . 2012-05-18 01:25 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-05-15 23:14 . 2012-05-29 01:45 -------- d-----w- c:\users\Evan\AppData\Roaming\VSO
2012-05-15 23:13 . 2012-02-21 14:25 626688 ----a-w- c:\windows\SysWow64\vp7vfw.dll
2012-05-15 23:13 . 2012-02-21 14:25 217127 ----a-w- c:\windows\SysWow64\drv43260.dll
2012-05-15 23:13 . 2012-02-21 14:25 65602 ----a-w- c:\windows\SysWow64\cook3260.dll
2012-05-15 23:13 . 2012-02-21 14:25 208935 ----a-w- c:\windows\SysWow64\drv33260.dll
2012-05-15 23:13 . 2012-02-21 14:25 176165 ----a-w- c:\windows\SysWow64\drv23260.dll
2012-05-15 23:13 . 2012-02-21 14:25 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll
2012-05-15 23:13 . 2012-02-21 14:25 102439 ----a-w- c:\windows\SysWow64\sipr3260.dll
2012-05-15 01:32 . 2012-05-24 23:32 -------- d-----w- c:\users\Evan\AppData\Local\CrashDumps
2012-05-15 01:29 . 2012-05-15 01:29 -------- d-----w- c:\users\Evan\AppData\Roaming\Digiarty
2012-05-15 00:51 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-15 00:51 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-15 00:50 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-15 00:50 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 00:50 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-15 00:50 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-15 00:46 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-15 00:46 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-15 00:46 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-15 00:46 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-15 00:46 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-15 00:46 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-15 00:46 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 23:47 . 2012-04-23 16:48 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-15 23:47 . 2011-05-18 03:29 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 23:47 . 2012-04-23 17:47 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 22:09 . 2012-03-30 22:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-21 00:44 . 2010-10-25 01:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2010-10-25 01:25 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-19 16:32 . 2012-03-19 16:32 388096 ----a-r- c:\users\Evan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-09 14:12 . 2012-03-09 14:12 138360 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
2012-03-09 14:12 . 2012-03-09 14:12 138360 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2012-03-06 23:15 . 2011-08-12 03:50 258520 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"AnyDVD"="e:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-03-09 5934712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-03-30 113296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-11-15 312376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-09-04 75048]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2009-04-16 87336]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2009-04-16 62760]
"DataMigrationSoftwareMonitor.exe"="c:\program files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe" [2010-11-01 2605224]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GmoteServer.lnk - e:\program files (x86)\GmoteServer\GmoteServer.exe [2012-4-5 451584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver; [x]
R2 CLBUDFR;CyberLink UDF Filesystem; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 136176]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 257696]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;e:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-04-01 34392]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 IntSch2Svc;Intel Scheduler2 Service;c:\program files (x86)\Common Files\Intel\Schedule2\schedul2.exe [2010-11-01 1164704]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 UsbService;Eltima Usb to Ethernet Connector;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [2009-05-05 326656]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-07-30 15:39 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 23:47]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 02:39]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 02:39]
.
2012-04-09 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- e:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 02:17]
.
2012-05-30 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- e:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 02:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"AtherosBtStack"="e:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-04-01 558168]
"AthBtTray"="e:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-04-01 349272]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"Intel Scheduler2 Service"="c:\program files (x86)\Common Files\Intel\Schedule2\schedhlp.exe" [2010-11-01 362296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtByDzy0C0EtAtAzy0DyBzytAyCyD0EtN0D0TzutBtDtCtCtDzztCyE&cr=47646910
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtByDzy0C0EtAtAzy0DyBzytAyCyD0EtN0D0TzutBtDtCtCtDzztCyE&cr=47646910
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: hitchcock.org\irunway
Trusted Zone: d-h.org\my
Trusted Zone: hitchcock.org\app-auth
Trusted Zone: hitchcock.org\dh907
Trusted Zone: hitchcock.org\dhirunway
Trusted Zone: hitchcock.org\irunway
TCP: DhcpNameServer = 192.168.1.1
DPF: {ABFDD6B9-B694-48C8-86D9-8BF8E05ACFFB} - hxxp://irunway.hitchcock.org/IntraLaunch.CAB
FF - ProfilePath - c:\users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\9lzeiiif.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=380920&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extentions.y2layers.installId - e3ecd72f-b424-44ef-80bf-0cfc22002b87
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,2c,a7,bb,46,db,ad,49,a7,b6,b1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,2c,a7,bb,46,db,ad,49,a7,b6,b1,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-30 22:15:22
ComboFix-quarantined-files.txt 2012-05-31 02:15
ComboFix2.txt 2011-05-08 04:56
.
Pre-Run: 143,996,407,808 bytes free
Post-Run: 143,918,411,776 bytes free
.
- - End Of File - - 505C4935B5C06E827CC333E718747AD6



Thanks so much!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:56 AM

Posted 31 May 2012 - 08:35 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pygmalionundone

pygmalionundone
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 31 May 2012 - 09:06 PM

Here are the logs:

22:00:32.0375 5968 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:00:32.0891 5968 ============================================================
22:00:32.0891 5968 Current date / time: 2012/05/31 22:00:32.0891
22:00:32.0891 5968 SystemInfo:
22:00:32.0891 5968
22:00:32.0891 5968 OS Version: 6.1.7601 ServicePack: 1.0
22:00:32.0891 5968 Product type: Workstation
22:00:32.0891 5968 ComputerName: PYGMALION
22:00:32.0891 5968 UserName: Evan
22:00:32.0891 5968 Windows directory: C:\Windows
22:00:32.0891 5968 System windows directory: C:\Windows
22:00:32.0891 5968 Running under WOW64
22:00:32.0891 5968 Processor architecture: Intel x64
22:00:32.0891 5968 Number of processors: 8
22:00:32.0891 5968 Page size: 0x1000
22:00:32.0891 5968 Boot type: Normal boot
22:00:32.0891 5968 ============================================================
22:00:33.0083 5968 Drive \Device\Harddisk2\DR2 - Size: 0x29EB906000 (167.68 Gb), SectorSize: 0x200, Cylinders: 0x5581, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:00:33.0095 5968 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:00:33.0112 5968 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:00:37.0768 5968 Drive \Device\Harddisk7\DR7 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:00:37.0778 5968 ============================================================
22:00:37.0778 5968 \Device\Harddisk2\DR2:
22:00:37.0779 5968 MBR partitions:
22:00:37.0779 5968 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x14F5C000
22:00:37.0779 5968 \Device\Harddisk0\DR0:
22:00:37.0779 5968 MBR partitions:
22:00:37.0779 5968 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
22:00:37.0779 5968 \Device\Harddisk1\DR1:
22:00:37.0779 5968 MBR partitions:
22:00:37.0779 5968 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
22:00:37.0779 5968 \Device\Harddisk7\DR7:
22:00:37.0779 5968 MBR partitions:
22:00:37.0779 5968 \Device\Harddisk7\DR7\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x747061A1
22:00:37.0779 5968 ============================================================
22:00:37.0780 5968 C: <-> \Device\Harddisk2\DR2\Partition0
22:00:37.0864 5968 F: <-> \Device\Harddisk1\DR1\Partition0
22:00:37.0890 5968 E: <-> \Device\Harddisk0\DR0\Partition0
22:00:38.0026 5968 K: <-> \Device\Harddisk7\DR7\Partition0
22:00:38.0027 5968 ============================================================
22:00:38.0027 5968 Initialize success
22:00:38.0027 5968 ============================================================
22:00:40.0186 2752 ============================================================
22:00:40.0186 2752 Scan started
22:00:40.0186 2752 Mode: Manual;
22:00:40.0186 2752 ============================================================
22:00:40.0273 2752 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:00:40.0275 2752 1394ohci - ok
22:00:40.0285 2752 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:00:40.0288 2752 ACPI - ok
22:00:40.0290 2752 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:00:40.0291 2752 AcpiPmi - ok
22:00:40.0312 2752 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:00:40.0315 2752 AdobeFlashPlayerUpdateSvc - ok
22:00:40.0329 2752 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:00:40.0333 2752 adp94xx - ok
22:00:40.0342 2752 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:00:40.0345 2752 adpahci - ok
22:00:40.0351 2752 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:00:40.0353 2752 adpu320 - ok
22:00:40.0358 2752 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:00:40.0359 2752 AeLookupSvc - ok
22:00:40.0372 2752 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:00:40.0376 2752 AFD - ok
22:00:40.0379 2752 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:00:40.0380 2752 agp440 - ok
22:00:40.0384 2752 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:00:40.0385 2752 ALG - ok
22:00:40.0387 2752 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:00:40.0387 2752 aliide - ok
22:00:40.0394 2752 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
22:00:40.0396 2752 AMD External Events Utility - ok
22:00:40.0398 2752 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:00:40.0399 2752 amdide - ok
22:00:40.0403 2752 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:00:40.0404 2752 AmdK8 - ok
22:00:40.0617 2752 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
22:00:40.0694 2752 amdkmdag - ok
22:00:40.0722 2752 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
22:00:40.0723 2752 amdkmdap - ok
22:00:40.0727 2752 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:00:40.0727 2752 AmdPPM - ok
22:00:40.0732 2752 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:00:40.0733 2752 amdsata - ok
22:00:40.0740 2752 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:00:40.0742 2752 amdsbs - ok
22:00:40.0744 2752 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:00:40.0745 2752 amdxata - ok
22:00:40.0750 2752 AnyDVD (a98662af1f4fe95e0b1daf75b98cfae3) C:\Windows\system32\Drivers\AnyDVD.sys
22:00:40.0750 2752 AnyDVD - ok
22:00:40.0754 2752 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:00:40.0755 2752 AppID - ok
22:00:40.0757 2752 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:00:40.0758 2752 AppIDSvc - ok
22:00:40.0762 2752 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:00:40.0763 2752 Appinfo - ok
22:00:40.0769 2752 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:00:40.0770 2752 Apple Mobile Device - ok
22:00:40.0775 2752 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:00:40.0776 2752 arc - ok
22:00:40.0780 2752 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:00:40.0781 2752 arcsas - ok
22:00:40.0784 2752 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
22:00:40.0784 2752 aswFsBlk - ok
22:00:40.0788 2752 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
22:00:40.0789 2752 aswMonFlt - ok
22:00:40.0791 2752 aswRdr (ee1e8fea9d6dfe066aba3a8ea455a1f2) C:\Windows\system32\drivers\aswRdr.sys
22:00:40.0791 2752 aswRdr - ok
22:00:40.0811 2752 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
22:00:40.0815 2752 aswSnx - ok
22:00:40.0825 2752 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
22:00:40.0826 2752 aswSP - ok
22:00:40.0829 2752 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:00:40.0829 2752 AsyncMac - ok
22:00:40.0832 2752 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:00:40.0832 2752 atapi - ok
22:00:40.0834 2752 AthBTPort (58c9a215799b881aa26161e73dd530ad) C:\Windows\system32\DRIVERS\btath_flt.sys
22:00:40.0834 2752 AthBTPort - ok
22:00:40.0837 2752 ATHDFU (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
22:00:40.0838 2752 ATHDFU - ok
22:00:40.0915 2752 AtherosSvc (2062977723f9a5d7539bc39cad8bc018) E:\Program Files (x86)\Bluetooth Suite\adminservice.exe
22:00:40.0916 2752 AtherosSvc - ok
22:00:40.0932 2752 athr (8940d0c2e83e7cb0e76d3e81879390c9) C:\Windows\system32\DRIVERS\athrx.sys
22:00:40.0937 2752 athr - ok
22:00:40.0943 2752 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
22:00:40.0943 2752 AtiHDAudioService - ok
22:00:40.0948 2752 AtiHdmiService (04a5815df7e8b037df674d3ccacc0c31) C:\Windows\system32\drivers\AtiHdmi.sys
22:00:40.0949 2752 AtiHdmiService - ok
22:00:41.0187 2752 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
22:00:41.0224 2752 atikmdag - ok
22:00:41.0259 2752 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:00:41.0265 2752 AudioEndpointBuilder - ok
22:00:41.0269 2752 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:00:41.0272 2752 AudioSrv - ok
22:00:41.0276 2752 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:00:41.0277 2752 avast! Antivirus - ok
22:00:41.0282 2752 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:00:41.0283 2752 AxInstSV - ok
22:00:41.0297 2752 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:00:41.0302 2752 b06bdrv - ok
22:00:41.0310 2752 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:00:41.0313 2752 b57nd60a - ok
22:00:41.0386 2752 BCM43XX (5b5c36b2ec500462a715db6bcbaf5da7) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:00:41.0413 2752 BCM43XX - ok
22:00:41.0432 2752 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:00:41.0434 2752 BDESVC - ok
22:00:41.0439 2752 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:00:41.0439 2752 Beep - ok
22:00:41.0458 2752 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:00:41.0464 2752 BFE - ok
22:00:41.0485 2752 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:00:41.0495 2752 BITS - ok
22:00:41.0500 2752 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:00:41.0500 2752 blbdrive - ok
22:00:41.0513 2752 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:00:41.0517 2752 Bonjour Service - ok
22:00:41.0522 2752 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:00:41.0523 2752 bowser - ok
22:00:41.0525 2752 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:00:41.0526 2752 BrFiltLo - ok
22:00:41.0528 2752 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:00:41.0528 2752 BrFiltUp - ok
22:00:41.0532 2752 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:00:41.0533 2752 BridgeMP - ok
22:00:41.0538 2752 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:00:41.0540 2752 Browser - ok
22:00:41.0547 2752 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:00:41.0550 2752 Brserid - ok
22:00:41.0553 2752 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:00:41.0554 2752 BrSerWdm - ok
22:00:41.0556 2752 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:00:41.0556 2752 BrUsbMdm - ok
22:00:41.0558 2752 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:00:41.0559 2752 BrUsbSer - ok
22:00:41.0568 2752 BTATH_A2DP (3699b153c22cb99dbdafa1ec8f53acb6) C:\Windows\system32\drivers\btath_a2dp.sys
22:00:41.0569 2752 BTATH_A2DP - ok
22:00:41.0571 2752 BTATH_BUS (bc14a513c0120919a019e18061faca46) C:\Windows\system32\DRIVERS\btath_bus.sys
22:00:41.0572 2752 BTATH_BUS - ok
22:00:41.0579 2752 BTATH_HCRP (76e867c34242d16e3418aa9a9430d96a) C:\Windows\system32\DRIVERS\btath_hcrp.sys
22:00:41.0580 2752 BTATH_HCRP - ok
22:00:41.0583 2752 BTATH_LWFLT (ab9d1ac3c0db1c8d8fbe2894658a88d0) C:\Windows\system32\DRIVERS\btath_lwflt.sys
22:00:41.0583 2752 BTATH_LWFLT - ok
22:00:41.0589 2752 BTATH_RCP (738fea551f837f1391bf557d2383cd1b) C:\Windows\system32\DRIVERS\btath_rcp.sys
22:00:41.0589 2752 BTATH_RCP - ok
22:00:41.0599 2752 BtFilter (e54b02471630507c4aee9d2351391263) C:\Windows\system32\DRIVERS\btfilter.sys
22:00:41.0600 2752 BtFilter - ok
22:00:41.0604 2752 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
22:00:41.0605 2752 BthEnum - ok
22:00:41.0608 2752 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:00:41.0609 2752 BTHMODEM - ok
22:00:41.0614 2752 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:00:41.0615 2752 BthPan - ok
22:00:41.0628 2752 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
22:00:41.0634 2752 BTHPORT - ok
22:00:41.0637 2752 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:00:41.0639 2752 bthserv - ok
22:00:41.0642 2752 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
22:00:41.0644 2752 BTHUSB - ok
22:00:41.0645 2752 catchme - ok
22:00:41.0650 2752 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:00:41.0651 2752 cdfs - ok
22:00:41.0656 2752 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:00:41.0658 2752 cdrom - ok
22:00:41.0663 2752 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:00:41.0664 2752 CertPropSvc - ok
22:00:41.0666 2752 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:00:41.0667 2752 circlass - ok
22:00:41.0669 2752 CLBStor - ok
22:00:41.0671 2752 CLBUDFR - ok
22:00:41.0682 2752 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:00:41.0686 2752 CLFS - ok
22:00:41.0691 2752 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:00:41.0692 2752 clr_optimization_v2.0.50727_32 - ok
22:00:41.0697 2752 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:00:41.0698 2752 clr_optimization_v2.0.50727_64 - ok
22:00:41.0706 2752 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:00:41.0707 2752 clr_optimization_v4.0.30319_32 - ok
22:00:41.0713 2752 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:00:41.0715 2752 clr_optimization_v4.0.30319_64 - ok
22:00:41.0717 2752 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:00:41.0718 2752 CmBatt - ok
22:00:41.0720 2752 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:00:41.0721 2752 cmdide - ok
22:00:41.0733 2752 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:00:41.0737 2752 CNG - ok
22:00:41.0740 2752 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:00:41.0740 2752 Compbatt - ok
22:00:41.0743 2752 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:00:41.0744 2752 CompositeBus - ok
22:00:41.0745 2752 COMSysApp - ok
22:00:41.0748 2752 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:00:41.0749 2752 crcdisk - ok
22:00:41.0755 2752 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:00:41.0757 2752 CryptSvc - ok
22:00:41.0762 2752 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
22:00:41.0762 2752 ctxusbm - ok
22:00:41.0777 2752 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:00:41.0784 2752 DcomLaunch - ok
22:00:41.0792 2752 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:00:41.0795 2752 defragsvc - ok
22:00:41.0799 2752 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:00:41.0801 2752 DfsC - ok
22:00:41.0810 2752 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:00:41.0814 2752 Dhcp - ok
22:00:41.0817 2752 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:00:41.0817 2752 discache - ok
22:00:41.0822 2752 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:00:41.0822 2752 Disk - ok
22:00:41.0829 2752 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:00:41.0831 2752 Dnscache - ok
22:00:41.0838 2752 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:00:41.0842 2752 dot3svc - ok
22:00:41.0847 2752 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:00:41.0850 2752 DPS - ok
22:00:41.0852 2752 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:00:41.0852 2752 drmkaud - ok
22:00:41.0876 2752 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:00:41.0881 2752 DXGKrnl - ok
22:00:41.0886 2752 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:00:41.0888 2752 EapHost - ok
22:00:41.0961 2752 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:00:41.0989 2752 ebdrv - ok
22:00:42.0007 2752 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:00:42.0009 2752 EFS - ok
22:00:42.0027 2752 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:00:42.0033 2752 ehRecvr - ok
22:00:42.0038 2752 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:00:42.0039 2752 ehSched - ok
22:00:42.0044 2752 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:00:42.0045 2752 ElbyCDIO - ok
22:00:42.0059 2752 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:00:42.0066 2752 elxstor - ok
22:00:42.0070 2752 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:00:42.0070 2752 ErrDev - ok
22:00:42.0083 2752 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:00:42.0087 2752 EventSystem - ok
22:00:42.0093 2752 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:00:42.0095 2752 exfat - ok
22:00:42.0102 2752 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:00:42.0104 2752 fastfat - ok
22:00:42.0122 2752 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:00:42.0128 2752 Fax - ok
22:00:42.0131 2752 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:00:42.0131 2752 fdc - ok
22:00:42.0134 2752 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:00:42.0135 2752 fdPHost - ok
22:00:42.0137 2752 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:00:42.0139 2752 FDResPub - ok
22:00:42.0142 2752 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:00:42.0143 2752 FileInfo - ok
22:00:42.0148 2752 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
22:00:42.0149 2752 FileMonitor - ok
22:00:42.0151 2752 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:00:42.0152 2752 Filetrace - ok
22:00:42.0168 2752 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:00:42.0175 2752 FLEXnet Licensing Service - ok
22:00:42.0177 2752 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:00:42.0178 2752 flpydisk - ok
22:00:42.0187 2752 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:00:42.0189 2752 FltMgr - ok
22:00:42.0216 2752 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:00:42.0227 2752 FontCache - ok
22:00:42.0231 2752 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:00:42.0232 2752 FontCache3.0.0.0 - ok
22:00:42.0237 2752 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:00:42.0238 2752 FsDepends - ok
22:00:42.0240 2752 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:00:42.0241 2752 Fs_Rec - ok
22:00:42.0248 2752 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:00:42.0250 2752 fvevol - ok
22:00:42.0253 2752 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:00:42.0254 2752 gagp30kx - ok
22:00:42.0257 2752 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:00:42.0257 2752 GEARAspiWDM - ok
22:00:42.0276 2752 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:00:42.0284 2752 gpsvc - ok
22:00:42.0290 2752 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:00:42.0291 2752 gupdate - ok
22:00:42.0293 2752 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:00:42.0294 2752 gupdatem - ok
22:00:42.0296 2752 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:00:42.0297 2752 hcw85cir - ok
22:00:42.0307 2752 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:00:42.0311 2752 HdAudAddService - ok
22:00:42.0318 2752 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:00:42.0319 2752 HDAudBus - ok
22:00:42.0322 2752 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:00:42.0323 2752 HidBatt - ok
22:00:42.0327 2752 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:00:42.0328 2752 HidBth - ok
22:00:42.0331 2752 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:00:42.0332 2752 HidIr - ok
22:00:42.0334 2752 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:00:42.0335 2752 hidserv - ok
22:00:42.0338 2752 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:00:42.0339 2752 HidUsb - ok
22:00:42.0345 2752 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:00:42.0348 2752 hkmsvc - ok
22:00:42.0355 2752 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:00:42.0358 2752 HomeGroupListener - ok
22:00:42.0365 2752 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:00:42.0368 2752 HomeGroupProvider - ok
22:00:42.0373 2752 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:00:42.0374 2752 HpSAMD - ok
22:00:42.0392 2752 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:00:42.0398 2752 HTTP - ok
22:00:42.0401 2752 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:00:42.0401 2752 hwpolicy - ok
22:00:42.0406 2752 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:00:42.0407 2752 i8042prt - ok
22:00:42.0418 2752 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:00:42.0422 2752 iaStorV - ok
22:00:42.0444 2752 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:00:42.0452 2752 idsvc - ok
22:00:42.0455 2752 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:00:42.0456 2752 iirsp - ok
22:00:42.0477 2752 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:00:42.0485 2752 IKEEXT - ok
22:00:42.0507 2752 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
22:00:42.0511 2752 IMFservice - ok
22:00:42.0583 2752 IntcAzAudAddService (c1e2d46eb6e533dd087c684d33411f4a) C:\Windows\system32\drivers\RTKVHD64.sys
22:00:42.0591 2752 IntcAzAudAddService - ok
22:00:42.0612 2752 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:00:42.0612 2752 intelide - ok
22:00:42.0616 2752 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:00:42.0616 2752 intelppm - ok
22:00:42.0645 2752 IntSch2Svc (24cf4ceb61b931998b6e9583f82329e9) C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe
22:00:42.0655 2752 IntSch2Svc - ok
22:00:42.0660 2752 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:00:42.0663 2752 IPBusEnum - ok
22:00:42.0668 2752 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:00:42.0669 2752 IpFilterDriver - ok
22:00:42.0683 2752 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:00:42.0689 2752 iphlpsvc - ok
22:00:42.0693 2752 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:00:42.0694 2752 IPMIDRV - ok
22:00:42.0699 2752 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:00:42.0700 2752 IPNAT - ok
22:00:42.0723 2752 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:00:42.0731 2752 iPod Service - ok
22:00:42.0734 2752 iPodDrv - ok
22:00:42.0737 2752 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:00:42.0738 2752 IRENUM - ok
22:00:42.0740 2752 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:00:42.0741 2752 isapnp - ok
22:00:42.0749 2752 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:00:42.0751 2752 iScsiPrt - ok
22:00:42.0754 2752 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:00:42.0755 2752 kbdclass - ok
22:00:42.0758 2752 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:00:42.0758 2752 kbdhid - ok
22:00:42.0761 2752 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:00:42.0763 2752 KeyIso - ok
22:00:42.0767 2752 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:00:42.0768 2752 KSecDD - ok
22:00:42.0773 2752 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:00:42.0775 2752 KSecPkg - ok
22:00:42.0777 2752 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:00:42.0778 2752 ksthunk - ok
22:00:42.0788 2752 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:00:42.0792 2752 KtmRm - ok
22:00:42.0799 2752 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:00:42.0804 2752 LanmanServer - ok
22:00:42.0809 2752 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:00:42.0813 2752 LanmanWorkstation - ok
22:00:42.0819 2752 LightScribeService (4af65f3a2253df7d0b8d80812eae7a7c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:00:42.0820 2752 LightScribeService - ok
22:00:42.0824 2752 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:00:42.0825 2752 lltdio - ok
22:00:42.0833 2752 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:00:42.0837 2752 lltdsvc - ok
22:00:42.0840 2752 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:00:42.0842 2752 lmhosts - ok
22:00:42.0847 2752 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:00:42.0849 2752 LSI_FC - ok
22:00:42.0853 2752 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:00:42.0855 2752 LSI_SAS - ok
22:00:42.0858 2752 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:00:42.0859 2752 LSI_SAS2 - ok
22:00:42.0864 2752 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:00:42.0865 2752 LSI_SCSI - ok
22:00:42.0870 2752 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:00:42.0871 2752 luafv - ok
22:00:42.0875 2752 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
22:00:42.0875 2752 MBAMProtector - ok
22:00:42.0891 2752 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:00:42.0894 2752 MBAMService - ok
22:00:42.0898 2752 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:00:42.0901 2752 Mcx2Svc - ok
22:00:42.0903 2752 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:00:42.0904 2752 megasas - ok
22:00:42.0912 2752 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:00:42.0915 2752 MegaSR - ok
22:00:42.0920 2752 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:00:42.0921 2752 Microsoft Office Groove Audit Service - ok
22:00:42.0925 2752 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:00:42.0927 2752 MMCSS - ok
22:00:42.0930 2752 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:00:42.0931 2752 Modem - ok
22:00:42.0933 2752 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:00:42.0934 2752 monitor - ok
22:00:42.0937 2752 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:00:42.0937 2752 mouclass - ok
22:00:42.0940 2752 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:00:42.0941 2752 mouhid - ok
22:00:42.0945 2752 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:00:42.0946 2752 mountmgr - ok
22:00:42.0951 2752 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:00:42.0953 2752 MozillaMaintenance - ok
22:00:42.0960 2752 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
22:00:42.0961 2752 MpFilter - ok
22:00:42.0967 2752 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:00:42.0969 2752 mpio - ok
22:00:42.0973 2752 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:00:42.0974 2752 mpsdrv - ok
22:00:42.0995 2752 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:00:43.0002 2752 MpsSvc - ok
22:00:43.0008 2752 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:00:43.0010 2752 MRxDAV - ok
22:00:43.0016 2752 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:00:43.0017 2752 mrxsmb - ok
22:00:43.0026 2752 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:00:43.0029 2752 mrxsmb10 - ok
22:00:43.0034 2752 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:00:43.0036 2752 mrxsmb20 - ok
22:00:43.0038 2752 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:00:43.0039 2752 msahci - ok
22:00:43.0043 2752 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:00:43.0045 2752 msdsm - ok
22:00:43.0050 2752 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:00:43.0053 2752 MSDTC - ok
22:00:43.0058 2752 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:00:43.0059 2752 Msfs - ok
22:00:43.0060 2752 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:00:43.0061 2752 mshidkmdf - ok
22:00:43.0071 2752 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:00:43.0071 2752 msisadrv - ok
22:00:43.0077 2752 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:00:43.0080 2752 MSiSCSI - ok
22:00:43.0082 2752 msiserver - ok
22:00:43.0084 2752 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:00:43.0085 2752 MSKSSRV - ok
22:00:43.0090 2752 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
22:00:43.0090 2752 MsMpSvc - ok
22:00:43.0113 2752 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:00:43.0114 2752 MSPCLOCK - ok
22:00:43.0116 2752 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:00:43.0116 2752 MSPQM - ok
22:00:43.0126 2752 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:00:43.0130 2752 MsRPC - ok
22:00:43.0134 2752 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:00:43.0134 2752 mssmbios - ok
22:00:43.0137 2752 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:00:43.0137 2752 MSTEE - ok
22:00:43.0140 2752 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:00:43.0140 2752 MTConfig - ok
22:00:43.0144 2752 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:00:43.0144 2752 Mup - ok
22:00:43.0157 2752 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:00:43.0164 2752 napagent - ok
22:00:43.0172 2752 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:00:43.0176 2752 NativeWifiP - ok
22:00:43.0200 2752 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:00:43.0208 2752 NDIS - ok
22:00:43.0211 2752 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:00:43.0212 2752 NdisCap - ok
22:00:43.0214 2752 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:00:43.0215 2752 NdisTapi - ok
22:00:43.0219 2752 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:00:43.0219 2752 Ndisuio - ok
22:00:43.0225 2752 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:00:43.0227 2752 NdisWan - ok
22:00:43.0231 2752 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:00:43.0232 2752 NDProxy - ok
22:00:43.0235 2752 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:00:43.0236 2752 NetBIOS - ok
22:00:43.0244 2752 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:00:43.0246 2752 NetBT - ok
22:00:43.0249 2752 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:00:43.0250 2752 Netlogon - ok
22:00:43.0260 2752 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:00:43.0265 2752 Netman - ok
22:00:43.0278 2752 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:00:43.0283 2752 netprofm - ok
22:00:43.0301 2752 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys
22:00:43.0307 2752 netr28x - ok
22:00:43.0313 2752 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:00:43.0315 2752 NetTcpPortSharing - ok
22:00:43.0320 2752 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:00:43.0321 2752 nfrd960 - ok
22:00:43.0326 2752 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:00:43.0327 2752 NisDrv - ok
22:00:43.0336 2752 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
22:00:43.0339 2752 NisSrv - ok
22:00:43.0349 2752 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:00:43.0353 2752 NlaSvc - ok
22:00:43.0356 2752 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:00:43.0357 2752 Npfs - ok
22:00:43.0360 2752 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:00:43.0362 2752 nsi - ok
22:00:43.0364 2752 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:00:43.0365 2752 nsiproxy - ok
22:00:43.0406 2752 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:00:43.0419 2752 Ntfs - ok
22:00:43.0439 2752 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:00:43.0440 2752 Null - ok
22:00:43.0444 2752 nusb3hub (088cd71003f21f96f01c63955150a1fb) C:\Windows\system32\DRIVERS\nusb3hub.sys
22:00:43.0446 2752 nusb3hub - ok
22:00:43.0452 2752 nusb3xhc (d90a2d44e93daea47aea946d9e87000f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:00:43.0454 2752 nusb3xhc - ok
22:00:43.0459 2752 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:00:43.0461 2752 nvraid - ok
22:00:43.0466 2752 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:00:43.0468 2752 nvstor - ok
22:00:43.0473 2752 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:00:43.0475 2752 nv_agp - ok
22:00:43.0483 2752 NWADI (6eeb54e34603dd417ece187c8402320a) C:\Windows\system32\DRIVERS\NWADIenum.sys
22:00:43.0486 2752 NWADI - ok
22:00:43.0488 2752 NWUSBCDFIL64 (d944d4341429093f55cb7f0ec87c86b3) C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys
22:00:43.0489 2752 NWUSBCDFIL64 - ok
22:00:43.0497 2752 NWUSBModem_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbmdm_000.sys
22:00:43.0499 2752 NWUSBModem_000 - ok
22:00:43.0505 2752 NWUSBPort2_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbser2_000.sys
22:00:43.0508 2752 NWUSBPort2_000 - ok
22:00:43.0515 2752 NWUSBPort_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbser_000.sys
22:00:43.0517 2752 NWUSBPort_000 - ok
22:00:43.0528 2752 NWVZHelper (6f67805ebe1c879de008ed21bfcf2f02) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
22:00:43.0529 2752 NWVZHelper - ok
22:00:43.0542 2752 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:00:43.0546 2752 odserv - ok
22:00:43.0550 2752 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:00:43.0551 2752 ohci1394 - ok
22:00:43.0557 2752 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:00:43.0558 2752 ose - ok
22:00:43.0570 2752 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:00:43.0574 2752 p2pimsvc - ok
22:00:43.0586 2752 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:00:43.0592 2752 p2psvc - ok
22:00:43.0596 2752 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:00:43.0598 2752 Parport - ok
22:00:43.0602 2752 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:00:43.0602 2752 partmgr - ok
22:00:43.0609 2752 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:00:43.0612 2752 PcaSvc - ok
22:00:43.0619 2752 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:00:43.0621 2752 pci - ok
22:00:43.0623 2752 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:00:43.0623 2752 pciide - ok
22:00:43.0630 2752 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:00:43.0632 2752 pcmcia - ok
22:00:43.0635 2752 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:00:43.0636 2752 pcw - ok
22:00:43.0653 2752 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:00:43.0659 2752 PEAUTH - ok
22:00:43.0676 2752 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:00:43.0678 2752 PerfHost - ok
22:00:43.0728 2752 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:00:43.0742 2752 pla - ok
22:00:43.0754 2752 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:00:43.0760 2752 PlugPlay - ok
22:00:43.0763 2752 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:00:43.0765 2752 PNRPAutoReg - ok
22:00:43.0775 2752 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:00:43.0778 2752 PNRPsvc - ok
22:00:43.0785 2752 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
22:00:43.0786 2752 Point64 - ok
22:00:43.0798 2752 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:00:43.0804 2752 PolicyAgent - ok
22:00:43.0812 2752 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:00:43.0815 2752 Power - ok
22:00:43.0820 2752 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:00:43.0822 2752 PptpMiniport - ok
22:00:43.0825 2752 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:00:43.0826 2752 Processor - ok
22:00:43.0833 2752 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:00:43.0837 2752 ProfSvc - ok
22:00:43.0840 2752 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:00:43.0841 2752 ProtectedStorage - ok
22:00:43.0847 2752 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:00:43.0848 2752 Psched - ok
22:00:43.0884 2752 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:00:43.0897 2752 ql2300 - ok
22:00:43.0920 2752 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:00:43.0921 2752 ql40xx - ok
22:00:43.0929 2752 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:00:43.0933 2752 QWAVE - ok
22:00:43.0937 2752 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:00:43.0937 2752 QWAVEdrv - ok
22:00:43.0940 2752 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:00:43.0940 2752 RasAcd - ok
22:00:43.0944 2752 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:00:43.0945 2752 RasAgileVpn - ok
22:00:43.0950 2752 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:00:43.0953 2752 RasAuto - ok
22:00:43.0958 2752 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:00:43.0958 2752 Rasl2tp - ok
22:00:43.0969 2752 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:00:43.0974 2752 RasMan - ok
22:00:43.0978 2752 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:00:43.0980 2752 RasPppoe - ok
22:00:43.0984 2752 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:00:43.0985 2752 RasSstp - ok
22:00:43.0995 2752 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:00:43.0998 2752 rdbss - ok
22:00:44.0000 2752 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:00:44.0000 2752 rdpbus - ok
22:00:44.0002 2752 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:00:44.0003 2752 RDPCDD - ok
22:00:44.0007 2752 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:00:44.0007 2752 RDPENCDD - ok
22:00:44.0010 2752 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:00:44.0011 2752 RDPREFMP - ok
22:00:44.0019 2752 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:00:44.0021 2752 RDPWD - ok
22:00:44.0029 2752 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:00:44.0031 2752 rdyboost - ok
22:00:44.0037 2752 RegFilter (c7de6f41b1a734ea70bd2dc67235becc) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
22:00:44.0037 2752 RegFilter - ok
22:00:44.0041 2752 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:00:44.0043 2752 RemoteAccess - ok
22:00:44.0049 2752 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:00:44.0053 2752 RemoteRegistry - ok
22:00:44.0059 2752 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:00:44.0061 2752 RFCOMM - ok
22:00:44.0071 2752 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:00:44.0074 2752 RpcEptMapper - ok
22:00:44.0077 2752 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:00:44.0079 2752 RpcLocator - ok
22:00:44.0092 2752 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:00:44.0096 2752 RpcSs - ok
22:00:44.0100 2752 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:00:44.0102 2752 rspndr - ok
22:00:44.0103 2752 RT2500 - ok
22:00:44.0119 2752 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:00:44.0121 2752 RTL8167 - ok
22:00:44.0124 2752 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:00:44.0125 2752 SamSs - ok
22:00:44.0129 2752 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:00:44.0131 2752 sbp2port - ok
22:00:44.0137 2752 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:00:44.0141 2752 SCardSvr - ok
22:00:44.0147 2752 SCDEmu (3ac948640421e3891a49aa83c6b77b7a) C:\Windows\system32\drivers\SCDEmu.sys
22:00:44.0148 2752 SCDEmu - ok
22:00:44.0151 2752 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:00:44.0152 2752 scfilter - ok
22:00:44.0178 2752 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:00:44.0190 2752 Schedule - ok
22:00:44.0194 2752 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:00:44.0195 2752 SCPolicySvc - ok
22:00:44.0202 2752 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:00:44.0205 2752 SDRSVC - ok
22:00:44.0209 2752 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
22:00:44.0209 2752 SeagateDashboardService - ok
22:00:44.0214 2752 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:00:44.0215 2752 secdrv - ok
22:00:44.0218 2752 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:00:44.0221 2752 seclogon - ok
22:00:44.0224 2752 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:00:44.0227 2752 SENS - ok
22:00:44.0230 2752 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:00:44.0233 2752 SensrSvc - ok
22:00:44.0235 2752 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:00:44.0236 2752 Serenum - ok
22:00:44.0240 2752 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:00:44.0242 2752 Serial - ok
22:00:44.0244 2752 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:00:44.0245 2752 sermouse - ok
22:00:44.0252 2752 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:00:44.0256 2752 SessionEnv - ok
22:00:44.0258 2752 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:00:44.0259 2752 sffdisk - ok
22:00:44.0262 2752 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:00:44.0262 2752 sffp_mmc - ok
22:00:44.0265 2752 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:00:44.0265 2752 sffp_sd - ok
22:00:44.0268 2752 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:00:44.0269 2752 sfloppy - ok
22:00:44.0279 2752 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:00:44.0284 2752 SharedAccess - ok
22:00:44.0294 2752 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:00:44.0299 2752 ShellHWDetection - ok
22:00:44.0303 2752 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:00:44.0304 2752 SiSRaid2 - ok
22:00:44.0307 2752 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:00:44.0309 2752 SiSRaid4 - ok
22:00:44.0313 2752 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:00:44.0315 2752 Smb - ok
22:00:44.0328 2752 snapman (6be4695abdd71dfeea433eedc1ee2c62) C:\Windows\system32\DRIVERS\snapman.sys
22:00:44.0331 2752 snapman - ok
22:00:44.0333 2752 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:00:44.0335 2752 SNMPTRAP - ok
22:00:44.0338 2752 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:00:44.0339 2752 spldr - ok
22:00:44.0354 2752 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:00:44.0361 2752 Spooler - ok
22:00:44.0446 2752 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:00:44.0477 2752 sppsvc - ok
22:00:44.0497 2752 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:00:44.0500 2752 sppuinotify - ok
22:00:44.0514 2752 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:00:44.0519 2752 srv - ok
22:00:44.0531 2752 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:00:44.0535 2752 srv2 - ok
22:00:44.0541 2752 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:00:44.0542 2752 srvnet - ok
22:00:44.0549 2752 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:00:44.0553 2752 SSDPSRV - ok
22:00:44.0557 2752 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:00:44.0560 2752 SstpSvc - ok
22:00:44.0563 2752 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:00:44.0564 2752 stexstor - ok
22:00:44.0579 2752 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:00:44.0586 2752 stisvc - ok
22:00:44.0589 2752 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:00:44.0589 2752 swenum - ok
22:00:44.0603 2752 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:00:44.0610 2752 swprv - ok
22:00:44.0652 2752 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:00:44.0668 2752 SysMain - ok
22:00:44.0689 2752 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:00:44.0692 2752 TabletInputService - ok
22:00:44.0702 2752 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:00:44.0707 2752 TapiSrv - ok
22:00:44.0710 2752 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:00:44.0713 2752 TBS - ok
22:00:44.0761 2752 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:00:44.0778 2752 Tcpip - ok
22:00:44.0840 2752 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:00:44.0848 2752 TCPIP6 - ok
22:00:44.0870 2752 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:00:44.0871 2752 tcpipreg - ok
22:00:44.0875 2752 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:00:44.0875 2752 TDPIPE - ok
22:00:44.0878 2752 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:00:44.0879 2752 TDTCP - ok
22:00:44.0884 2752 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:00:44.0885 2752 tdx - ok
22:00:44.0889 2752 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:00:44.0890 2752 TermDD - ok
22:00:44.0907 2752 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:00:44.0916 2752 TermService - ok
22:00:44.0918 2752 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:00:44.0921 2752 Themes - ok
22:00:44.0925 2752 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:00:44.0927 2752 THREADORDER - ok
22:00:44.0932 2752 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:00:44.0935 2752 TrkWks - ok
22:00:44.0942 2752 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:00:44.0944 2752 TrustedInstaller - ok
22:00:44.0948 2752 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:00:44.0949 2752 tssecsrv - ok
22:00:44.0953 2752 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:00:44.0954 2752 TsUsbFlt - ok
22:00:44.0959 2752 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:00:44.0960 2752 tunnel - ok
22:00:44.0964 2752 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:00:44.0965 2752 uagp35 - ok
22:00:44.0975 2752 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:00:44.0978 2752 udfs - ok
22:00:44.0984 2752 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:00:44.0987 2752 UI0Detect - ok
22:00:44.0991 2752 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:00:44.0992 2752 uliagpkx - ok
22:00:44.0995 2752 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:00:44.0996 2752 umbus - ok
22:00:44.0999 2752 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:00:44.0999 2752 UmPass - ok
22:00:45.0009 2752 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:00:45.0014 2752 upnphost - ok
22:00:45.0020 2752 UrlFilter (82520fe7a49765e76281dcc7d90c09f6) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
22:00:45.0020 2752 UrlFilter - ok
22:00:45.0024 2752 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:00:45.0025 2752 USBAAPL64 - ok
22:00:45.0030 2752 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:00:45.0032 2752 usbaudio - ok
22:00:45.0036 2752 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:00:45.0038 2752 usbccgp - ok
22:00:45.0042 2752 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:00:45.0043 2752 usbcir - ok
22:00:45.0046 2752 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:00:45.0047 2752 usbehci - ok
22:00:45.0060 2752 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:00:45.0063 2752 usbhub - ok
22:00:45.0070 2752 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:00:45.0071 2752 usbohci - ok
22:00:45.0074 2752 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:00:45.0075 2752 usbprint - ok
22:00:45.0084 2752 UsbService (068d8fb5be679cc214bbf91971f692d0) C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
22:00:45.0086 2752 UsbService - ok
22:00:45.0090 2752 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:00:45.0091 2752 USBSTOR - ok
22:00:45.0094 2752 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
22:00:45.0095 2752 usbuhci - ok
22:00:45.0099 2752 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:00:45.0102 2752 UxSms - ok
22:00:45.0104 2752 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:00:45.0106 2752 VaultSvc - ok
22:00:45.0109 2752 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:00:45.0110 2752 vdrvroot - ok
22:00:45.0144 2752 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:00:45.0151 2752 vds - ok
22:00:45.0155 2752 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:00:45.0155 2752 vga - ok
22:00:45.0158 2752 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:00:45.0159 2752 VgaSave - ok
22:00:45.0166 2752 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:00:45.0168 2752 vhdmp - ok
22:00:45.0171 2752 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:00:45.0171 2752 viaide - ok
22:00:45.0175 2752 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:00:45.0176 2752 volmgr - ok
22:00:45.0187 2752 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:00:45.0191 2752 volmgrx - ok
22:00:45.0200 2752 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:00:45.0203 2752 volsnap - ok
22:00:45.0209 2752 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:00:45.0211 2752 vsmraid - ok
22:00:45.0249 2752 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:00:45.0265 2752 VSS - ok
22:00:45.0287 2752 vuhub (e07d31ee76ee18bfca49ad9a89782d43) C:\Windows\system32\DRIVERS\vuhub.sys
22:00:45.0287 2752 vuhub - ok
22:00:45.0290 2752 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:00:45.0291 2752 vwifibus - ok
22:00:45.0293 2752 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:00:45.0295 2752 vwififlt - ok
22:00:45.0297 2752 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:00:45.0298 2752 vwifimp - ok
22:00:45.0309 2752 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:00:45.0315 2752 W32Time - ok
22:00:45.0319 2752 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:00:45.0320 2752 WacomPen - ok
22:00:45.0325 2752 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:00:45.0326 2752 WANARP - ok
22:00:45.0328 2752 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:00:45.0329 2752 Wanarpv6 - ok
22:00:45.0362 2752 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:00:45.0373 2752 WatAdminSvc - ok
22:00:45.0410 2752 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:00:45.0424 2752 wbengine - ok
22:00:45.0447 2752 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:00:45.0452 2752 WbioSrvc - ok
22:00:45.0462 2752 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:00:45.0467 2752 wcncsvc - ok
22:00:45.0471 2752 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:00:45.0474 2752 WcsPlugInService - ok
22:00:45.0479 2752 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:00:45.0480 2752 Wd - ok
22:00:45.0497 2752 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:00:45.0502 2752 Wdf01000 - ok
22:00:45.0506 2752 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:00:45.0510 2752 WdiServiceHost - ok
22:00:45.0512 2752 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:00:45.0515 2752 WdiSystemHost - ok
22:00:45.0523 2752 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:00:45.0528 2752 WebClient - ok
22:00:45.0536 2752 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:00:45.0540 2752 Wecsvc - ok
22:00:45.0544 2752 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:00:45.0547 2752 wercplsupport - ok
22:00:45.0551 2752 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:00:45.0555 2752 WerSvc - ok
22:00:45.0560 2752 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:00:45.0560 2752 WfpLwf - ok
22:00:45.0563 2752 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:00:45.0564 2752 WIMMount - ok
22:00:45.0567 2752 WinDefend - ok
22:00:45.0570 2752 WinHttpAutoProxySvc - ok
22:00:45.0581 2752 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:00:45.0583 2752 Winmgmt - ok
22:00:45.0630 2752 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:00:45.0650 2752 WinRM - ok
22:00:45.0673 2752 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:00:45.0674 2752 WinUsb - ok
22:00:45.0697 2752 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:00:45.0708 2752 Wlansvc - ok
22:00:45.0710 2752 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
22:00:45.0711 2752 WmBEnum - ok
22:00:45.0715 2752 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
22:00:45.0716 2752 WmFilter - ok
22:00:45.0719 2752 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:00:45.0719 2752 WmiAcpi - ok
22:00:45.0729 2752 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:00:45.0732 2752 wmiApSrv - ok
22:00:45.0735 2752 WMPNetworkSvc - ok
22:00:45.0739 2752 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
22:00:45.0739 2752 WmVirHid - ok
22:00:45.0743 2752 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
22:00:45.0744 2752 WmXlCore - ok
22:00:45.0747 2752 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:00:45.0750 2752 WPCSvc - ok
22:00:45.0754 2752 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:00:45.0758 2752 WPDBusEnum - ok
22:00:45.0761 2752 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:00:45.0761 2752 ws2ifsl - ok
22:00:45.0766 2752 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:00:45.0770 2752 wscsvc - ok
22:00:45.0773 2752 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:00:45.0774 2752 WSDPrintDevice - ok
22:00:45.0776 2752 WSearch - ok
22:00:45.0833 2752 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:00:45.0857 2752 wuauserv - ok
22:00:45.0879 2752 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:00:45.0881 2752 WudfPf - ok
22:00:45.0888 2752 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:00:45.0890 2752 WUDFRd - ok
22:00:45.0894 2752 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:00:45.0898 2752 wudfsvc - ok
22:00:45.0906 2752 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:00:45.0911 2752 WwanSvc - ok
22:00:45.0935 2752 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl
22:00:45.0936 2752 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
22:00:45.0939 2752 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
22:00:46.0000 2752 \Device\Harddisk2\DR2 - ok
22:00:46.0001 2752 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:00:46.0003 2752 \Device\Harddisk0\DR0 - ok
22:00:46.0004 2752 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
22:00:47.0723 2752 \Device\Harddisk1\DR1 - ok
22:00:47.0725 2752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk7\DR7
22:00:47.0726 2752 \Device\Harddisk7\DR7 - ok
22:00:47.0728 2752 Boot (0x1200) (5281481eba410e005c5ae1914d08afd3) \Device\Harddisk2\DR2\Partition0
22:00:47.0729 2752 \Device\Harddisk2\DR2\Partition0 - ok
22:00:47.0731 2752 Boot (0x1200) (1a26d6bfe6741895af132ce69a893071) \Device\Harddisk0\DR0\Partition0
22:00:47.0731 2752 \Device\Harddisk0\DR0\Partition0 - ok
22:00:47.0733 2752 Boot (0x1200) (c4694c0198de72432359bceb4e598ebf) \Device\Harddisk1\DR1\Partition0
22:00:47.0736 2752 \Device\Harddisk1\DR1\Partition0 - ok
22:00:47.0738 2752 Boot (0x1200) (965458fc126dd2778950c2001965740a) \Device\Harddisk7\DR7\Partition0
22:00:47.0739 2752 \Device\Harddisk7\DR7\Partition0 - ok
22:00:47.0739 2752 ============================================================
22:00:47.0739 2752 Scan finished
22:00:47.0739 2752 ============================================================
22:00:47.0744 2448 Detected object count: 0
22:00:47.0744 2448 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-31 22:03:07
-----------------------------
22:03:07.866 OS Version: Windows x64 6.1.7601 Service Pack 1
22:03:07.866 Number of processors: 8 586 0x1A05
22:03:07.866 ComputerName: PYGMALION UserName: Evan
22:03:08.137 Initialize success
22:03:08.180 AVAST engine defs: 12053101
22:03:15.181 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
22:03:15.183 Disk 0 Vendor: WDC_WD6400AAKS-00A7B0 01.03B01 Size: 610480MB BusType: 3
22:03:15.192 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-3
22:03:15.194 Disk 1 Vendor: SAMSUNG_HD753LJ 1AA01107 Size: 715404MB BusType: 3
22:03:15.206 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
22:03:15.208 Disk 2 Vendor: INTEL_SSDSC2CT180A3 300i Size: 171705MB BusType: 3
22:03:15.216 Disk 2 MBR read successfully
22:03:15.218 Disk 2 MBR scan
22:03:15.222 Disk 2 Windows 7 default MBR code
22:03:15.225 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 171704 MB offset 2048
22:03:15.231 Disk 2 scanning C:\Windows\system32\drivers
22:03:16.583 Service scanning
22:03:19.893 Modules scanning
22:03:19.901 Disk 2 trace - called modules:
22:03:19.906 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:03:19.910 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa8006c1f060]
22:03:19.915 3 CLASSPNP.SYS[fffff880019ca43f] -> nt!IofCallDriver -> [0xfffffa800693f580]
22:03:19.919 5 ACPI.sys[fffff88000f2a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006929060]
22:03:20.093 AVAST engine scan C:\Windows
22:03:20.905 AVAST engine scan C:\Windows\system32
22:03:52.930 AVAST engine scan C:\Windows\system32\drivers
22:03:55.201 AVAST engine scan C:\Users\Evan
22:04:26.893 Disk 2 MBR has been saved successfully to "E:\Users\Evan\Desktop\MBR.dat"
22:04:26.945 The log file has been saved successfully to "E:\Users\Evan\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:56 AM

Posted 01 June 2012 - 02:04 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

FireFox::
FF - ProfilePath - c:\users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\9lzeiiif.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: extentions.y2layers.installId - e3ecd72f-b424-44ef-80bf-0cfc22002b87
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pygmalionundone

pygmalionundone
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 01 June 2012 - 02:52 PM

No changes in computer. I was able to turn on Real Time Shields for Microsoft Security Essentials, but still can't get real time shields to turn on for Avast! antivirus. Could it be the User Account Control Settings? I may have installed Avast! after this problem began, though. I cannot recall.

-Thanks



ComboFix 12-06-01.03 - Evan 06/01/2012 15:37:32.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4050 [GMT -4:00]
Running from: e:\users\Evan\Desktop\ComboFix.exe
Command switches used :: e:\users\Evan\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-06-01 19:41 . 2012-06-01 19:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-01 19:41 . 2012-06-01 19:41 -------- d-----w- c:\users\Others\AppData\Local\temp
2012-06-01 19:41 . 2012-06-01 19:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-01 19:41 . 2012-06-01 19:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-01 19:35 . 2012-06-01 19:35 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDF7F0AB-C1EB-42B4-BBBD-A7A6A1DD2740}\offreg.dll
2012-05-31 02:21 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDF7F0AB-C1EB-42B4-BBBD-A7A6A1DD2740}\mpengine.dll
2012-05-29 23:12 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-24 23:31 . 2012-05-24 23:31 -------- d-----w- c:\program files\Handbrake
2012-05-24 00:31 . 2012-03-06 23:02 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-05-23 02:39 . 2012-05-23 02:45 -------- d-----w- c:\users\Evan\AppData\Local\Google
2012-05-23 02:39 . 2012-05-23 02:43 -------- d-----w- c:\program files (x86)\Google
2012-05-23 02:39 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-23 02:39 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-23 02:39 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-23 02:39 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-23 02:39 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-23 02:39 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-23 02:39 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-05-23 02:39 . 2012-05-23 02:39 -------- d-----w- c:\program files\AVAST Software
2012-05-23 00:04 . 2012-05-23 00:04 3703136 ----a-w- c:\windows\system32\AutoPartNt.exe
2012-05-23 00:02 . 2012-05-23 00:02 -------- d-----w- c:\users\Evan\AppData\Roaming\Intel
2012-05-23 00:01 . 2012-05-23 00:04 -------- d-----w- c:\programdata\Intel
2012-05-23 00:01 . 2012-05-23 00:01 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-05-23 00:01 . 2012-05-23 00:01 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2012-05-23 00:01 . 2012-05-23 00:01 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-05-23 00:01 . 2012-05-23 00:01 -------- d-----w- c:\program files (x86)\Intel
2012-05-18 01:19 . 2012-05-18 01:19 -------- d-----w- c:\program files (x86)\Yontoo
2012-05-18 01:19 . 2012-05-18 01:19 -------- d-----w- c:\programdata\Tarma Installer
2012-05-18 01:18 . 2012-05-18 01:25 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-05-15 23:14 . 2012-05-29 01:45 -------- d-----w- c:\users\Evan\AppData\Roaming\VSO
2012-05-15 23:13 . 2012-02-21 14:25 626688 ----a-w- c:\windows\SysWow64\vp7vfw.dll
2012-05-15 23:13 . 2012-02-21 14:25 217127 ----a-w- c:\windows\SysWow64\drv43260.dll
2012-05-15 23:13 . 2012-02-21 14:25 65602 ----a-w- c:\windows\SysWow64\cook3260.dll
2012-05-15 23:13 . 2012-02-21 14:25 208935 ----a-w- c:\windows\SysWow64\drv33260.dll
2012-05-15 23:13 . 2012-02-21 14:25 176165 ----a-w- c:\windows\SysWow64\drv23260.dll
2012-05-15 23:13 . 2012-02-21 14:25 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll
2012-05-15 23:13 . 2012-02-21 14:25 102439 ----a-w- c:\windows\SysWow64\sipr3260.dll
2012-05-15 01:32 . 2012-05-24 23:32 -------- d-----w- c:\users\Evan\AppData\Local\CrashDumps
2012-05-15 01:29 . 2012-05-15 01:29 -------- d-----w- c:\users\Evan\AppData\Roaming\Digiarty
2012-05-15 00:51 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-15 00:51 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-15 00:50 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-15 00:50 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 00:50 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-15 00:50 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-15 00:46 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-15 00:46 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-15 00:46 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-15 00:46 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-15 00:46 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-15 00:46 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-15 00:46 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 23:47 . 2012-04-23 16:48 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-15 23:47 . 2011-05-18 03:29 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 23:47 . 2012-04-23 17:47 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 22:09 . 2012-03-30 22:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-21 00:44 . 2010-10-25 01:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2010-10-25 01:25 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-19 16:32 . 2012-03-19 16:32 388096 ----a-r- c:\users\Evan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-09 14:12 . 2012-03-09 14:12 138360 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
2012-03-09 14:12 . 2012-03-09 14:12 138360 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2012-03-06 23:15 . 2011-08-12 03:50 258520 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-31_02.13.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-31 01:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-01 19:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-31 01:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-01 19:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-31 01:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-01 19:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-16 03:09 . 2012-06-01 19:32 75384 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-01 19:32 44518 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-22 16:34 . 2012-06-01 19:32 19370 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-953519508-3478446537-2142104518-1006_UserData.bin
- 2010-01-16 18:15 . 2012-05-16 00:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-16 18:15 . 2012-05-31 03:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-20 04:32 . 2012-05-16 00:54 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-20 04:32 . 2012-05-31 03:05 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-31 03:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-16 00:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-16 02:49 . 2012-05-30 11:25 4785 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-01-16 02:49 . 2012-06-01 02:21 4785 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-06-01 19:30 . 2012-06-01 19:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-31 01:47 . 2012-05-31 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-01 19:30 . 2012-06-01 19:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-31 01:47 . 2012-05-31 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-13 07:18 . 2012-05-31 01:47 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-13 07:18 . 2012-06-01 01:17 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 02:36 . 2012-05-31 01:53 629194 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-01 19:36 629194 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-01 19:36 108410 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-31 01:53 108410 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:12 . 2012-05-31 03:05 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-05-16 00:54 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-06-01 02:21 461952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-30 11:25 461952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-04 23:06 . 2012-06-01 02:21 1545120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-09-04 23:06 . 2012-05-30 11:25 1545120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-07 19:29 . 2012-06-01 02:21 63440675 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-953519508-3478446537-2142104518-1006-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"AnyDVD"="e:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-03-09 5934712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-03-30 113296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-11-15 312376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-09-04 75048]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2009-04-16 87336]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2009-04-16 62760]
"DataMigrationSoftwareMonitor.exe"="c:\program files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe" [2010-11-01 2605224]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GmoteServer.lnk - e:\program files (x86)\GmoteServer\GmoteServer.exe [2012-4-5 451584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver; [x]
R2 CLBUDFR;CyberLink UDF Filesystem; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 136176]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 257696]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;e:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-04-01 34392]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 IntSch2Svc;Intel Scheduler2 Service;c:\program files (x86)\Common Files\Intel\Schedule2\schedul2.exe [2010-11-01 1164704]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 UsbService;Eltima Usb to Ethernet Connector;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [2009-05-05 326656]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-07-30 15:39 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 23:47]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 02:39]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 02:39]
.
2012-04-09 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- e:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 02:17]
.
2012-05-31 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- e:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 02:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"AtherosBtStack"="e:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-04-01 558168]
"AthBtTray"="e:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-04-01 349272]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"Intel Scheduler2 Service"="c:\program files (x86)\Common Files\Intel\Schedule2\schedhlp.exe" [2010-11-01 362296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtByDzy0C0EtAtAzy0DyBzytAyCyD0EtN0D0TzutBtDtCtCtDzztCyE&cr=47646910
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtByDzy0C0EtAtAzy0DyBzytAyCyD0EtN0D0TzutBtDtCtCtDzztCyE&cr=47646910
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: hitchcock.org\irunway
Trusted Zone: d-h.org\my
Trusted Zone: hitchcock.org\app-auth
Trusted Zone: hitchcock.org\dh907
Trusted Zone: hitchcock.org\dhirunway
Trusted Zone: hitchcock.org\irunway
TCP: DhcpNameServer = 192.168.1.1
DPF: {ABFDD6B9-B694-48C8-86D9-8BF8E05ACFFB} - hxxp://irunway.hitchcock.org/IntraLaunch.CAB
FF - ProfilePath - c:\users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\9lzeiiif.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=380920&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,2c,a7,bb,46,db,ad,49,a7,b6,b1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,2c,a7,bb,46,db,ad,49,a7,b6,b1,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-01 15:43:34
ComboFix-quarantined-files.txt 2012-06-01 19:43
ComboFix2.txt 2012-05-31 02:15
ComboFix3.txt 2011-05-08 04:56
.
Pre-Run: 143,761,825,792 bytes free
Post-Run: 143,455,555,584 bytes free
.
- - End Of File - - 394F2380094C6BED4A2A540F88B3A553

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:56 AM

Posted 03 June 2012 - 08:50 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:56 AM

Posted 05 June 2012 - 11:52 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 pygmalionundone

pygmalionundone
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 06 June 2012 - 03:03 PM

Sorry for the delay. I'm also in the process of moving and have been very busy lately. I should be able to get the next step completed within a day. Thanks again for all the help!

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:56 AM

Posted 06 June 2012 - 09:44 PM

No Problem and I will check on you in a couple of days if I have not heard from you


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 pygmalionundone

pygmalionundone
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 07 June 2012 - 09:22 PM

Thanks. Here are the results:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Evan :: PYGMALION [administrator]

Protection: Disabled

6/7/2012 10:16:54 PM
mbam-log-2012-06-07 (22-16-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 231546
Time elapsed: 1 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:22:01 PM, on 6/7/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
E:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
E:\Program Files (x86)\GmoteServer\GmoteServer.exe
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
E:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtByDzy0C0EtAtAzy0DyBzytAyCyD0EtN0D0TzutBtDtCtCtDzztCyE&cr=47646910
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtByDzy0C0EtAtAzy0DyBzytAyCyD0EtN0D0TzutBtDtCtCtDzztCyE&cr=47646910
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [DataMigrationSoftwareMonitor.exe] C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [AnyDVD] E:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - Startup: GmoteServer.lnk = E:\Program Files (x86)\GmoteServer\GmoteServer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://my.d-h.org (HKLM)
O15 - Trusted Zone: http://app-auth.hitchcock.org (HKLM)
O15 - Trusted Zone: http://dh907.hitchcock.org (HKLM)
O15 - Trusted Zone: http://dhirunway.hitchcock.org (HKLM)
O15 - Trusted Zone: http://irunway.hitchcock.org (HKLM)
O16 - DPF: {ABFDD6B9-B694-48C8-86D9-8BF8E05ACFFB} (IntraLaunch.MainControl) - http://irunway.hitchcock.org/IntraLaunch.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Communications - E:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Intel Scheduler2 Service (IntSch2Svc) - Intel - C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Novatel Wireless Verizon Device Helper (NWVZHelper) - Novatel Wireless Inc. - C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Eltima Usb to Ethernet Connector (UsbService) - ASUSTek COMPUTER INC. - C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11093 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:56 AM

Posted 07 June 2012 - 09:39 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
      O4 - HKCU\..\Run: [AnyDVD] E:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 pygmalionundone

pygmalionundone
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 08 June 2012 - 05:03 AM

C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
E:\Users\Evan\Downloads\AnyDVD_&amp;_AnyDVD_HD_7.0.2.exe Win32/Adware.1ClickDownload application
E:\Users\Evan\Downloads\DownloadSetup.exe Win32/InstallMate application
F:\Downloads\Nero.7.10.1.0.Ultra.Edition.Enhanced.Dark.Exodus\Nero 7.10.1.0.exe Win32/Toolbar.AskSBar application
F:\Ebooks\Lonely Planet\Baja & Los Cabos7th Edition August 2007.rar JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely Planet\Guatemala3rd Edition September 2007.rar JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely Planet\Honduras & the Bay Islands1st Edition January 2007.rar JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely Planet\Mexican Spanish1st Edition October 2003.rar JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely Planet\Nicaragua & El Salvador1st Edition October 2006.rar JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely Planet\Panama4th Edition November 2007.rar JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely Planet\Puerto Vallarta & Pacific Mexico2nd Edition August 2006.rar JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely Planet\Yucatan3rd Edition November 2006.rar JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition August 2007\baja--southern-baja_v1_m56577569830496005.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition August 2007\baja-directory-transport_v1_m56577569830496000.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition August 2007\baja-health_v1_m56577569830496001.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition August 2007\baja-language_v1_m56577569830496002.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition August 2007\baja-los-cabos-planning-information.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition August 2007\baja-los-cabos_v1_m56577569830496003.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Guatemala3rd_Edition_September_2007\Guatemala3rd Edition September 2007\guatemala-language_v1_m56577569830495601.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Honduras_the_Bay_Islands1st_Edition_January_2007\Honduras & the Bay Islands1st Edition January 2007\central-honduras_v1_m56577569830489916.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Honduras_the_Bay_Islands1st_Edition_January_2007\Honduras & the Bay Islands1st Edition January 2007\honduras-language_v1_m56577569830489923.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Honduras_the_Bay_Islands1st_Edition_January_2007\Honduras & the Bay Islands1st Edition January 2007\honduras-the-bay-islands-health_v1_m56577569830489922.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition October 2003\mexican-spanish-english-mexican-spanish_v1_m56577569830491275.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition October 2003\mexican-spanish-food_v1_m56577569830491278.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition October 2003\mexican-spanish-introduction-tools.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition October 2003\mexican-spanish-practical_v1_m56577569830491276.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition October 2003\mexican-spanish-safe-travel_v1_m56577569830491279.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition October 2003\mexican-spanish-social_v1_m56577569830491277.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition October 2003\mexican-spanish-tools-chapter_v1_m56577569830496009.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Nicaragua_El_Salvador1st_Edition_October_2006\Nicaragua & El Salvador1st Edition October 2006\nic-el-directory_v1_m56577569830489993.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Nicaragua_El_Salvador1st_Edition_October_2006\Nicaragua & El Salvador1st Edition October 2006\nic-el-health_v1_m56577569830489994.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Nicaragua_El_Salvador1st_Edition_October_2006\Nicaragua & El Salvador1st Edition October 2006\nicaragua-el-salvador-language_v1_m56577569830489995.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Panama4th_Edition_November_2007\Panama4th Edition November 2007\panama-language_v1_m56577569830490020.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\Ixtapa-Zihuatanejo_v1_m56577569830490069.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-acapulco_v1_m56577569830490072.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-directory_v1_m56577569830490075.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-health_v1_m56577569830490076.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-language_v1_m56577569830490078.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-mazatlan_v1_m56577569830490062.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-nayarit_v1_m56577569830490064.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Yucatan3rd_Edition_November_2006\Yucatan3rd Edition November 2006\yucatan-background-information_v1_m56577569830490126.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Yucatan3rd_Edition_November_2006\Yucatan3rd Edition November 2006\yucatan-campeche-state_v1_m56577569830490130.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Yucatan3rd_Edition_November_2006\Yucatan3rd Edition November 2006\yucatan-health_v1_m56577569830490135.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Yucatan3rd_Edition_November_2006\Yucatan3rd Edition November 2006\yucatan-language_v1_m56577569830490136.pdf JS/Trackware.ReadNotify.A application
F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Yucatan3rd_Edition_November_2006\Yucatan3rd Edition November 2006\yucatan-planning-information.pdf JS/Trackware.ReadNotify.A application
K:\Evan_Backup\2011-04-09_14-52-56\Memeo\2011-04-09_14-52-56\C_\Users\Evan\Documents\is360setup.exe a variant of Win32/Toolbar.Widgi application

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:56 AM

Posted 08 June 2012 - 07:41 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application"
    del /f /s /q "C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application"
    del /f /s /q "E:\Users\Evan\Downloads\AnyDVD_&amp;_AnyDVD_HD_7.0.2.exe"
    del /f /s /q "E:\Users\Evan\Downloads\DownloadSetup.exe"
    del /f /s /q "F:\Downloads\Nero.7.10.1.0.Ultra.Edition.Enhanced.Dark.Exodus\Nero 7.10.1.0.exe"
    del /f /s /q "F:\Ebooks\Lonely Planet\Baja & Los Cabos7th Edition August 2007.rar"
    del /f /s /q "F:\Ebooks\Lonely Planet\Guatemala3rd Edition September 2007.rar"
    del /f /s /q "F:\Ebooks\Lonely Planet\Honduras & the Bay Islands1st Edition January 2007.rar"
    del /f /s /q "F:\Ebooks\Lonely Planet\Mexican Spanish1st Edition October 2003.rar"
    del /f /s /q "F:\Ebooks\Lonely Planet\Nicaragua & El Salvador1st Edition October 2006.rar"
    del /f /s /q "F:\Ebooks\Lonely Planet\Panama4th Edition November 2007.rar"
    del /f /s /q "F:\Ebooks\Lonely Planet\Puerto Vallarta & Pacific Mexico2nd Edition August 2006.rar"
    del /f /s /q "F:\Ebooks\Lonely Planet\Yucatan3rd Edition November 2006.rar"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition August 2007\baja--southern-baja_v1_m56577569830496005.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition August 2007\baja-directory-transport_v1_m56577569830496000.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition August 2007\baja-health_v1_m56577569830496001.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition August 2007\baja-language_v1_m56577569830496002.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition August 2007\baja-los-cabos-planning-information.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition August 2007\baja-los-cabos_v1_m56577569830496003.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Guatemala3rd_Edition_September_2007\Guatemala3rd Edition September 2007\guatemala-language_v1_m56577569830495601.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Honduras_the_Bay_Islands1st_Edition_January_2007\Honduras & the Bay Islands1st Edition January 2007\central-honduras_v1_m56577569830489916.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Honduras_the_Bay_Islands1st_Edition_January_2007\Honduras & the Bay Islands1st Edition January 2007\honduras-language_v1_m56577569830489923.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Honduras_the_Bay_Islands1st_Edition_January_2007\Honduras & the Bay Islands1st Edition January 2007\honduras-the-bay-islands-health_v1_m56577569830489922.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition October 2003\mexican-spanish-english-mexican-spanish_v1_m56577569830491275.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition October 2003\mexican-spanish-food_v1_m56577569830491278.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition October 2003\mexican-spanish-introduction-tools.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition October 2003\mexican-spanish-practical_v1_m56577569830491276.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition October 2003\mexican-spanish-safe-travel_v1_m56577569830491279.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition October 2003\mexican-spanish-social_v1_m56577569830491277.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition October 2003\mexican-spanish-tools-chapter_v1_m56577569830496009.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Nicaragua_El_Salvador1st_Edition_October_2006\Nicaragua & El Salvador1st Edition October 2006\nic-el-directory_v1_m56577569830489993.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Nicaragua_El_Salvador1st_Edition_October_2006\Nicaragua & El Salvador1st Edition October 2006\nic-el-health_v1_m56577569830489994.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Nicaragua_El_Salvador1st_Edition_October_2006\Nicaragua & El Salvador1st Edition October 2006\nicaragua-el-salvador-language_v1_m56577569830489995.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Panama4th_Edition_November_2007\Panama4th Edition November 2007\panama-language_v1_m56577569830490020.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\Ixtapa-Zihuatanejo_v1_m56577569830490069.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-acapulco_v1_m56577569830490072.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-directory_v1_m56577569830490075.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-health_v1_m56577569830490076.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-language_v1_m56577569830490078.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-mazatlan_v1_m56577569830490062.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-nayarit_v1_m56577569830490064.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Yucatan3rd_Edition_November_2006\Yucatan3rd Edition November 2006\yucatan-background-information_v1_m56577569830490126.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Yucatan3rd_Edition_November_2006\Yucatan3rd Edition November 2006\yucatan-campeche-state_v1_m56577569830490130.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Yucatan3rd_Edition_November_2006\Yucatan3rd Edition November 2006\yucatan-health_v1_m56577569830490135.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Yucatan3rd_Edition_November_2006\Yucatan3rd Edition November 2006\yucatan-language_v1_m56577569830490136.pdf"
    del /f /s /q "F:\Ebooks\Lonely-planet 2005-2009 (Vasia Zozulia)\Yucatan3rd_Edition_November_2006\Yucatan3rd Edition November 2006\yucatan-planning-information.pdf"
    del /f /s /q "K:\Evan_Backup\2011-04-09_14-52-56\Memeo\2011-04-09_14-52-56\C_\Users\Evan\Documents\is360setup.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users