Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Agent ...


  • This topic is locked This topic is locked
14 replies to this topic

#1 MeNeedsHelp

MeNeedsHelp

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 08 June 2012 - 09:09 AM

My svchost file is being infected by a trojan that is starting to close programs down and removing programs from the start menu.

Any advice?

For the GMer -- I was unable to check all of the boxes, and only was given the option for 3 being checked.

Serives, Registry, and Files. Not sure if that makes a difference.

Attached Files


Edited by MeNeedsHelp, 08 June 2012 - 10:38 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 08 June 2012 - 11:44 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Spyware Doctor with AntiVirus
AV: AVG Internet Security 2012
AV: Microsoft Security Essentials


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MeNeedsHelp

MeNeedsHelp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 09 June 2012 - 03:06 AM

Okay. Thank you.

Update:

- Can now see my program files in the start menu. However, the programs seem to be missing from the folders.
- Removed 2 of the virus programs.
- Things appear no longer hidden.

My ComboFix log:

ComboFix 12-06-08.02 - Trevor 06/09/2012 2:24:49.5.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1706 [GMT -5:00]
Running from: C:\Users\Trevor\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Windows\svchost.exe
C:\Windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
C:\Windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete

---- Previous Run -------

C:\Windows\svchost.exe


((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))


2012-06-09 07:39:39 . 2012-06-09 07:39:39 -------- d-----w- C:\Users\Mcx1-TREVOR-PC\AppData\Local\temp
2012-06-09 07:39:39 . 2012-06-09 07:39:39 -------- d-----w- C:\Users\Guest\AppData\Local\temp
2012-06-09 07:39:39 . 2012-06-09 07:39:39 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-06-09 05:25:36 . 2012-06-09 05:25:36 -------- d-----w- C:\Windows\system32\%LOCALAPPDATA%
2012-06-02 00:02:02 . 2012-06-02 00:02:02 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-28 19:01:09 . 2012-05-28 19:01:20 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2012-05-12 09:15:40 . 2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\system32\DWrite.dll
2012-05-12 09:15:39 . 2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 09:14:50 . 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\system32\drivers\partmgr.sys
2012-05-12 09:14:41 . 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-05-12 09:14:25 . 2012-03-31 05:42:06 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 09:14:25 . 2012-03-31 05:40:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 09:14:24 . 2012-03-31 04:29:48 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 09:14:23 . 2012-03-31 05:40:32 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 09:14:23 . 2012-03-31 05:40:31 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-05 01:42:28 . 2012-04-19 01:36:29 419488 ---ha-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 01:42:28 . 2011-06-22 15:25:32 70304 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 01:41:29 . 2012-04-19 01:43:07 8744608 ---ha-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 09:50:26 . 2012-04-19 09:50:26 28480 ----a-w- C:\Windows\system32\drivers\avgidsha.sys
2012-03-22 19:12:12 . 2012-03-22 19:12:12 4435968 ---ha-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-19 10:17:26 . 2012-03-19 10:17:26 383808 ----a-w- C:\Windows\system32\drivers\avgtdia.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 23:26:44 1685048]
"Xvid"="C:\Program Files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 19:41:43 8192]
"Akamai NetSession Interface"="C:\Users\Trevor\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 05:31:08 3331872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-07-10 17:28:19 202256]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 18:47:28 62768]
"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 22:50:04 54576]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 02:04:47 35760]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 17:04:58 36760]
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 17:04:58 2904984]
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 21:54:26 91520]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 20:37:14 517096]
"AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 11:57:06 406992]
"AVG_TRAY"="C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 10:12:34 2587008]
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2012-04-08 15:51:33 982880]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 19:06:06 254696]
"HTC Sync Loader"="C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 19:32:00 634880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 16:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21:42 548352 ---ha-w- C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2011-01-31 04:30:00 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2011-01-31 04:30:00 67656]
R2 AVGIDSAgent32;AVGIDSAgent ;C:\Windows\system32\CPFilters32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 20:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 21:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 00:39:14 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 23:10:28 86072]
R2 RasAuto32;Remote Access Auto Connection Manager ;C:\Windows\system32\WfHC32.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 01:42:31 257696]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 13:17:31 167264]
R3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 01:31:08 195336]
R3 EraserUtilDrv11010;EraserUtilDrv11010;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [x]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 00:39:14 136176]
R3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 12:49:20 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 16:15:00 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 14:39:26 129976]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 04:34:24 4925184]
R3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2011-01-31 04:30:00 12872]
R3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 20:37:14 517096]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys [x]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe [2009-07-14 01:39:46 27136]
S2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2010-09-09 02:39:52 43912]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 10:57:00 2321520]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 14:44:38 5106744]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 09:53:38 193288]
S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 23:33:20 249648]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 23:07:50 94264]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 08:47:10 191000]
S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 18:06:04 88576]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 05:11:09 918880]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys [x]
S3 pcouffin;VSO Software pcouffin;C:\Windows\system32\Drivers\pcouffin.sys [x]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

Contents of the 'Scheduled Tasks' folder

2012-06-09 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 01:36:29 . 2012-05-05 01:42:31]

2012-06-09 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 00:39:18 . 2010-04-30 00:39:14]

2012-06-09 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 00:39:18 . 2010-04-30 00:39:14]

2012-05-15 C:\Windows\Tasks\HPCeeScheduleForTrevor.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15:40 . 2010-09-14 04:15:40]

2012-06-01 C:\Windows\Tasks\PCDRScheduledMaintenance.job
- C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11:04 . 2009-09-18 07:11:04]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 00:17:08 610360]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-07-29 18:21:26 16333856]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 23:42:18 499608]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 21:40:58 1873256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1

------- Supplementary Scan -------

uStart Page = hxxp://www.nflblabber.com/
uLocal Page = C:\Windows\system32\blank.htm
mStart Page = hxxp://startsear.ch/?aff=1
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\gxvxs18m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111022154641659&tb_oid=22-10-2011&tb_mrud=22-10-2011
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf52de1a8-d7e8-42df-a5df-4104e075d2c1%7D&mid=275275aa9f9e5a5b8a99c9de60bc886f-fb2aa6b97dab2415849f63d851ab53eb8aa4a008&ds=AVG&v=10.2.0.3&lang=en&pr=pr&d=2012-04-08%2010%3A51%3A36&sap=ku&q=
FF - prefs.js: network.proxy.ftp - 129.15.78.31
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 129.15.78.31
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 129.15.78.31
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 129.15.78.31
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false

- - - - ORPHANS REMOVED - - - -

BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
Toolbar-10 - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
Wow6432Node-HKLM-Run-dplaysvr - %LOCALAPPDATA%\dplaysvr.exe
Wow6432Node-HKLM-Run-ROC_roc_dec12 - C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe
Wow6432Node-HKU-Default-Run-dplaysvr - %LOCALAPPDATA%\dplaysvr.exe
Toolbar-10 - (no file)

Attached Files


Edited by gringo_pr, 09 June 2012 - 03:19 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 09 June 2012 - 03:19 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 MeNeedsHelp

MeNeedsHelp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 09 June 2012 - 10:57 AM

Here you go:

10:03:47.0761 5428 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
10:03:49.0789 5428 ============================================================
10:03:49.0804 5428 Current date / time: 2012/06/09 10:03:49.0789
10:03:49.0804 5428 SystemInfo:
10:03:49.0804 5428
10:03:49.0804 5428 OS Version: 6.1.7601 ServicePack: 1.0
10:03:49.0804 5428 Product type: Workstation
10:03:49.0804 5428 ComputerName: TREVOR-PC
10:03:49.0804 5428 UserName: Trevor
10:03:49.0804 5428 Windows directory: C:\Windows
10:03:49.0804 5428 System windows directory: C:\Windows
10:03:49.0804 5428 Running under WOW64
10:03:49.0804 5428 Processor architecture: Intel x64
10:03:49.0804 5428 Number of processors: 1
10:03:49.0804 5428 Page size: 0x1000
10:03:49.0804 5428 Boot type: Normal boot
10:03:49.0804 5428 ============================================================
10:03:53.0845 5428 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
10:03:53.0845 5428 ============================================================
10:03:53.0845 5428 \Device\Harddisk0\DR0:
10:03:53.0845 5428 MBR partitions:
10:03:53.0845 5428 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:03:53.0845 5428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23E55000
10:03:53.0845 5428 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23E87800, BlocksNum 0x15A6800
10:03:53.0845 5428 ============================================================
10:03:53.0876 5428 C: <-> \Device\Harddisk0\DR0\Partition1
10:03:53.0923 5428 D: <-> \Device\Harddisk0\DR0\Partition2
10:03:53.0923 5428 ============================================================
10:03:53.0923 5428 Initialize success
10:03:53.0923 5428 ============================================================
10:03:56.0840 5272 ============================================================
10:03:56.0840 5272 Scan started
10:03:56.0949 5272 Mode: Manual;
10:03:56.0949 5272 ============================================================
10:03:59.0133 5272 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:03:59.0788 5272 1394ohci - ok
10:03:59.0866 5272 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:04:00.0069 5272 ACPI - ok
10:04:00.0116 5272 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:04:00.0194 5272 AcpiPmi - ok
10:04:00.0397 5272 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:04:00.0397 5272 AdobeFlashPlayerUpdateSvc - ok
10:04:00.0475 5272 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:04:01.0286 5272 adp94xx - ok
10:04:01.0473 5272 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:04:02.0971 5272 adpahci - ok
10:04:03.0049 5272 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:04:04.0016 5272 adpu320 - ok
10:04:04.0063 5272 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:04:04.0063 5272 AeLookupSvc - ok
10:04:04.0515 5272 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:04:05.0545 5272 AFD - ok
10:04:06.0886 5272 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
10:04:08.0088 5272 AgereModemAudio - ok
10:04:08.0228 5272 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
10:04:08.0275 5272 AgereSoftModem - ok
10:04:08.0337 5272 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:04:09.0336 5272 agp440 - ok
10:04:09.0788 5272 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
10:04:09.0788 5272 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
10:04:10.0708 5272 Akamai ( HiddenFile.Multi.Generic ) - warning
10:04:10.0708 5272 Akamai - detected HiddenFile.Multi.Generic (1)
10:04:10.0974 5272 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:04:11.0691 5272 ALG - ok
10:04:11.0800 5272 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:04:12.0627 5272 aliide - ok
10:04:12.0690 5272 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:04:13.0438 5272 amdide - ok
10:04:13.0501 5272 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:04:14.0889 5272 AmdK8 - ok
10:04:14.0920 5272 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:04:15.0607 5272 AmdPPM - ok
10:04:15.0685 5272 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:04:16.0356 5272 amdsata - ok
10:04:16.0434 5272 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:04:17.0104 5272 amdsbs - ok
10:04:17.0151 5272 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:04:17.0822 5272 amdxata - ok
10:04:17.0900 5272 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:04:17.0947 5272 AppID - ok
10:04:17.0994 5272 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:04:18.0586 5272 AppIDSvc - ok
10:04:18.0649 5272 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:04:19.0491 5272 Appinfo - ok
10:04:19.0647 5272 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:04:20.0427 5272 arc - ok
10:04:20.0474 5272 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:04:21.0270 5272 arcsas - ok
10:04:21.0301 5272 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:04:22.0284 5272 AsyncMac - ok
10:04:22.0346 5272 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:04:23.0454 5272 atapi - ok
10:04:23.0641 5272 atashost (7810cbe7a9acd81393920b710b889b1f) C:\Windows\SysWOW64\atashost.exe
10:04:29.0694 5272 atashost - ok
10:04:35.0715 5272 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:04:35.0731 5272 AudioEndpointBuilder - ok
10:04:35.0746 5272 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:04:35.0746 5272 AudioSrv - ok
10:04:35.0902 5272 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
10:04:35.0918 5272 AVG Security Toolbar Service - ok
10:04:35.0980 5272 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
10:04:35.0980 5272 Avgfwfd - ok
10:04:36.0152 5272 avgfws (3f246752bc1309f71a737c6a90dd5295) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
10:04:36.0168 5272 avgfws - ok
10:04:42.0018 5272 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
10:04:47.0680 5272 AVGIDSAgent - ok
10:04:47.0790 5272 AVGIDSAgent32 - ok
10:04:47.0914 5272 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
10:04:47.0914 5272 AVGIDSDriver - ok
10:04:48.0102 5272 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
10:04:48.0102 5272 AVGIDSFilter - ok
10:04:48.0164 5272 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
10:04:48.0164 5272 AVGIDSHA - ok
10:04:48.0226 5272 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
10:04:48.0242 5272 Avgldx64 - ok
10:04:48.0273 5272 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
10:04:48.0289 5272 Avgmfx64 - ok
10:04:48.0414 5272 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
10:04:48.0414 5272 Avgrkx64 - ok
10:04:48.0632 5272 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
10:04:48.0632 5272 Avgtdia - ok
10:04:53.0296 5272 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
10:04:53.0296 5272 avgwd - ok
10:04:53.0359 5272 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:04:53.0374 5272 AxInstSV - ok
10:04:53.0468 5272 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:04:53.0484 5272 b06bdrv - ok
10:04:54.0264 5272 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:04:54.0279 5272 b57nd60a - ok
10:04:54.0420 5272 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:04:54.0435 5272 BBSvc - ok
10:04:54.0513 5272 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:04:54.0513 5272 BBUpdate - ok
10:04:54.0560 5272 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:04:54.0576 5272 BDESVC - ok
10:04:54.0607 5272 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:04:54.0622 5272 Beep - ok
10:04:54.0763 5272 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:04:54.0794 5272 BFE - ok
10:04:54.0856 5272 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:04:54.0872 5272 BITS - ok
10:04:54.0919 5272 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:04:54.0919 5272 blbdrive - ok
10:04:55.0012 5272 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:04:55.0028 5272 bowser - ok
10:04:55.0059 5272 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:04:55.0059 5272 BrFiltLo - ok
10:04:55.0106 5272 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:04:55.0106 5272 BrFiltUp - ok
10:04:55.0168 5272 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:04:55.0184 5272 BridgeMP - ok
10:04:55.0324 5272 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:04:55.0324 5272 Browser - ok
10:04:55.0387 5272 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:04:55.0387 5272 Brserid - ok
10:04:55.0418 5272 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:04:55.0418 5272 BrSerWdm - ok
10:04:55.0465 5272 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:04:55.0465 5272 BrUsbMdm - ok
10:04:55.0496 5272 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:04:55.0496 5272 BrUsbSer - ok
10:04:55.0512 5272 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:04:55.0512 5272 BTHMODEM - ok
10:04:55.0574 5272 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:04:55.0574 5272 bthserv - ok
10:04:55.0636 5272 catchme - ok
10:04:55.0683 5272 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:04:55.0683 5272 cdfs - ok
10:04:55.0746 5272 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:04:55.0761 5272 cdrom - ok
10:04:55.0824 5272 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:04:55.0824 5272 CertPropSvc - ok
10:04:55.0855 5272 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:04:55.0855 5272 circlass - ok
10:04:55.0933 5272 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:04:55.0980 5272 CLFS - ok
10:04:56.0042 5272 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:04:56.0058 5272 clr_optimization_v2.0.50727_32 - ok
10:04:56.0104 5272 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:04:56.0104 5272 clr_optimization_v2.0.50727_64 - ok
10:04:56.0385 5272 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:04:56.0385 5272 clr_optimization_v4.0.30319_32 - ok
10:04:56.0448 5272 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:04:56.0448 5272 clr_optimization_v4.0.30319_64 - ok
10:04:56.0479 5272 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:04:56.0479 5272 CmBatt - ok
10:04:56.0526 5272 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:04:56.0526 5272 cmdide - ok
10:04:56.0650 5272 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:04:56.0666 5272 CNG - ok
10:04:56.0697 5272 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:04:56.0697 5272 Compbatt - ok
10:04:56.0760 5272 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:04:56.0760 5272 CompositeBus - ok
10:04:56.0775 5272 COMSysApp - ok
10:04:56.0806 5272 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:04:56.0806 5272 crcdisk - ok
10:04:56.0900 5272 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:04:56.0900 5272 CryptSvc - ok
10:04:56.0978 5272 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:04:56.0978 5272 DcomLaunch - ok
10:04:57.0025 5272 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:04:57.0040 5272 defragsvc - ok
10:04:57.0103 5272 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:04:57.0103 5272 DfsC - ok
10:04:57.0274 5272 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:04:57.0274 5272 Dhcp - ok
10:04:57.0321 5272 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:04:57.0337 5272 discache - ok
10:04:57.0430 5272 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:04:57.0430 5272 Disk - ok
10:04:57.0586 5272 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:04:57.0586 5272 Dnscache - ok
10:04:57.0649 5272 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:04:57.0664 5272 dot3svc - ok
10:04:57.0680 5272 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:04:57.0696 5272 DPS - ok
10:04:57.0727 5272 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:04:57.0727 5272 drmkaud - ok
10:04:57.0867 5272 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:04:57.0883 5272 DXGKrnl - ok
10:04:57.0930 5272 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:04:57.0930 5272 EapHost - ok
10:04:58.0210 5272 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:04:58.0257 5272 ebdrv - ok
10:04:58.0398 5272 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:04:58.0398 5272 EFS - ok
10:04:58.0476 5272 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:04:58.0491 5272 ehRecvr - ok
10:04:58.0522 5272 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:04:58.0522 5272 ehSched - ok
10:04:58.0616 5272 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:04:58.0632 5272 elxstor - ok
10:04:58.0678 5272 EraserUtilDrv11010 - ok
10:04:58.0710 5272 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:04:58.0710 5272 ErrDev - ok
10:04:58.0819 5272 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:04:58.0819 5272 EventSystem - ok
10:04:58.0866 5272 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:04:58.0866 5272 exfat - ok
10:04:58.0897 5272 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:04:58.0912 5272 fastfat - ok
10:04:59.0006 5272 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:04:59.0006 5272 Fax - ok
10:04:59.0037 5272 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:04:59.0068 5272 fdc - ok
10:04:59.0240 5272 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:04:59.0240 5272 fdPHost - ok
10:04:59.0271 5272 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:04:59.0271 5272 FDResPub - ok
10:04:59.0334 5272 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:04:59.0334 5272 FileInfo - ok
10:04:59.0365 5272 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:04:59.0365 5272 Filetrace - ok
10:04:59.0396 5272 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:04:59.0396 5272 flpydisk - ok
10:04:59.0521 5272 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:04:59.0521 5272 FltMgr - ok
10:04:59.0614 5272 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
10:04:59.0661 5272 FontCache - ok
10:04:59.0786 5272 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:04:59.0786 5272 FontCache3.0.0.0 - ok
10:04:59.0833 5272 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:04:59.0833 5272 FsDepends - ok
10:04:59.0880 5272 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:04:59.0880 5272 Fs_Rec - ok
10:04:59.0942 5272 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:04:59.0958 5272 fvevol - ok
10:05:00.0020 5272 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:05:00.0020 5272 gagp30kx - ok
10:05:00.0285 5272 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
10:05:00.0285 5272 GameConsoleService - ok
10:05:00.0410 5272 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:05:00.0441 5272 gpsvc - ok
10:05:00.0597 5272 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:05:00.0597 5272 gupdate - ok
10:05:00.0644 5272 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:05:00.0644 5272 gupdatem - ok
10:05:00.0706 5272 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:05:00.0722 5272 gusvc - ok
10:05:00.0784 5272 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:05:00.0800 5272 hcw85cir - ok
10:05:00.0909 5272 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:05:00.0909 5272 HDAudBus - ok
10:05:00.0940 5272 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:05:00.0940 5272 HidBatt - ok
10:05:00.0972 5272 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:05:00.0987 5272 HidBth - ok
10:05:01.0018 5272 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:05:01.0018 5272 HidIr - ok
10:05:01.0081 5272 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:05:01.0081 5272 hidserv - ok
10:05:01.0252 5272 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:05:01.0268 5272 HidUsb - ok
10:05:01.0330 5272 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:05:01.0330 5272 hkmsvc - ok
10:05:01.0393 5272 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:05:01.0408 5272 HomeGroupListener - ok
10:05:01.0455 5272 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:05:01.0471 5272 HomeGroupProvider - ok
10:05:01.0627 5272 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:05:01.0627 5272 HP Support Assistant Service - ok
10:05:01.0720 5272 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:05:01.0736 5272 HPDrvMntSvc.exe - ok
10:05:01.0892 5272 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:05:01.0923 5272 hpqwmiex - ok
10:05:02.0001 5272 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:05:02.0017 5272 HpSAMD - ok
10:05:02.0079 5272 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
10:05:02.0079 5272 HTCAND64 - ok
10:05:02.0173 5272 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
10:05:02.0173 5272 htcnprot - ok
10:05:02.0251 5272 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:05:02.0266 5272 HTTP - ok
10:05:02.0313 5272 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:05:02.0313 5272 hwpolicy - ok
10:05:02.0407 5272 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:05:02.0407 5272 i8042prt - ok
10:05:02.0469 5272 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:05:02.0485 5272 iaStorV - ok
10:05:02.0594 5272 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:05:02.0625 5272 idsvc - ok
10:05:02.0688 5272 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:05:02.0703 5272 iirsp - ok
10:05:02.0781 5272 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:05:02.0812 5272 IKEEXT - ok
10:05:03.0046 5272 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
10:05:03.0078 5272 IntcAzAudAddService - ok
10:05:03.0187 5272 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:05:03.0187 5272 intelide - ok
10:05:03.0296 5272 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:05:03.0312 5272 intelppm - ok
10:05:03.0327 5272 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:05:03.0358 5272 IPBusEnum - ok
10:05:03.0390 5272 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:05:03.0405 5272 IpFilterDriver - ok
10:05:03.0452 5272 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:05:03.0452 5272 iphlpsvc - ok
10:05:03.0499 5272 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:05:03.0499 5272 IPMIDRV - ok
10:05:03.0561 5272 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:05:03.0561 5272 IPNAT - ok
10:05:03.0592 5272 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:05:03.0608 5272 IRENUM - ok
10:05:03.0624 5272 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:05:03.0624 5272 isapnp - ok
10:05:03.0686 5272 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:05:03.0686 5272 iScsiPrt - ok
10:05:03.0717 5272 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:05:03.0717 5272 kbdclass - ok
10:05:03.0764 5272 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:05:03.0764 5272 kbdhid - ok
10:05:03.0826 5272 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:05:03.0826 5272 KeyIso - ok
10:05:03.0904 5272 kl1 (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
10:05:03.0920 5272 kl1 - ok
10:05:03.0967 5272 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:05:03.0967 5272 KSecDD - ok
10:05:04.0014 5272 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:05:04.0014 5272 KSecPkg - ok
10:05:04.0060 5272 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:05:04.0060 5272 ksthunk - ok
10:05:04.0107 5272 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:05:04.0123 5272 KtmRm - ok
10:05:04.0232 5272 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:05:04.0248 5272 LanmanServer - ok
10:05:04.0294 5272 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:05:04.0294 5272 LanmanWorkstation - ok
10:05:04.0404 5272 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:05:04.0450 5272 LightScribeService - ok
10:05:04.0513 5272 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:05:04.0513 5272 lltdio - ok
10:05:04.0591 5272 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:05:04.0622 5272 lltdsvc - ok
10:05:04.0653 5272 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:05:04.0653 5272 lmhosts - ok
10:05:04.0700 5272 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:05:04.0700 5272 LSI_FC - ok
10:05:04.0731 5272 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:05:04.0731 5272 LSI_SAS - ok
10:05:04.0762 5272 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:05:04.0778 5272 LSI_SAS2 - ok
10:05:04.0840 5272 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:05:04.0840 5272 LSI_SCSI - ok
10:05:04.0903 5272 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:05:04.0903 5272 luafv - ok
10:05:04.0950 5272 lvpepf64 (4a503882318bb2f59218d401614e6af6) C:\Windows\system32\DRIVERS\lv302a64.sys
10:05:04.0950 5272 lvpepf64 - ok
10:05:04.0996 5272 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:05:04.0996 5272 LVPr2M64 - ok
10:05:05.0028 5272 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:05:05.0028 5272 LVPr2Mon - ok
10:05:05.0340 5272 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
10:05:05.0355 5272 LVPrcS64 - ok
10:05:05.0433 5272 LVRS64 (125ae13c293889001b8456cf3eb04a40) C:\Windows\system32\DRIVERS\lvrs64.sys
10:05:05.0433 5272 LVRS64 - ok
10:05:05.0464 5272 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
10:05:05.0480 5272 LVUSBS64 - ok
10:05:05.0542 5272 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
10:05:05.0558 5272 McComponentHostService - ok
10:05:05.0636 5272 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:05:05.0636 5272 Mcx2Svc - ok
10:05:05.0667 5272 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:05:05.0667 5272 megasas - ok
10:05:05.0698 5272 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:05:05.0714 5272 MegaSR - ok
10:05:05.0808 5272 Microsoft SharePoint Workspace Audit Service - ok
10:05:05.0870 5272 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:05:05.0886 5272 MMCSS - ok
10:05:05.0901 5272 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:05:05.0917 5272 Modem - ok
10:05:05.0964 5272 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:05:05.0964 5272 monitor - ok
10:05:06.0026 5272 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:05:06.0026 5272 mouclass - ok
10:05:06.0057 5272 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:05:06.0057 5272 mouhid - ok
10:05:06.0104 5272 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:05:06.0104 5272 mountmgr - ok
10:05:06.0166 5272 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:05:06.0166 5272 MozillaMaintenance - ok
10:05:06.0213 5272 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:05:06.0213 5272 mpio - ok
10:05:06.0276 5272 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:05:06.0276 5272 mpsdrv - ok
10:05:06.0369 5272 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:05:06.0400 5272 MpsSvc - ok
10:05:06.0447 5272 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:05:06.0447 5272 MRxDAV - ok
10:05:06.0510 5272 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:05:06.0510 5272 mrxsmb - ok
10:05:06.0619 5272 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:05:06.0650 5272 mrxsmb10 - ok
10:05:06.0697 5272 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:05:06.0712 5272 mrxsmb20 - ok
10:05:06.0744 5272 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:05:06.0759 5272 msahci - ok
10:05:06.0806 5272 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:05:06.0822 5272 msdsm - ok
10:05:06.0884 5272 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:05:06.0900 5272 MSDTC - ok
10:05:06.0931 5272 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:05:06.0946 5272 Msfs - ok
10:05:06.0978 5272 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:05:06.0978 5272 mshidkmdf - ok
10:05:07.0009 5272 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:05:07.0009 5272 msisadrv - ok
10:05:07.0040 5272 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:05:07.0056 5272 MSiSCSI - ok
10:05:07.0071 5272 msiserver - ok
10:05:07.0102 5272 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:05:07.0118 5272 MSKSSRV - ok
10:05:07.0180 5272 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:05:07.0180 5272 MSPCLOCK - ok
10:05:07.0212 5272 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:05:07.0212 5272 MSPQM - ok
10:05:07.0274 5272 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:05:07.0274 5272 MsRPC - ok
10:05:07.0336 5272 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:05:07.0336 5272 mssmbios - ok
10:05:07.0352 5272 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:05:07.0368 5272 MSTEE - ok
10:05:07.0383 5272 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:05:07.0399 5272 MTConfig - ok
10:05:07.0430 5272 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:05:07.0430 5272 Mup - ok
10:05:07.0539 5272 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:05:07.0539 5272 napagent - ok
10:05:07.0633 5272 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:05:07.0633 5272 NativeWifiP - ok
10:05:07.0726 5272 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:05:07.0742 5272 NDIS - ok
10:05:07.0773 5272 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:05:07.0773 5272 NdisCap - ok
10:05:07.0820 5272 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:05:07.0820 5272 NdisTapi - ok
10:05:07.0867 5272 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:05:07.0882 5272 Ndisuio - ok
10:05:07.0929 5272 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:05:07.0945 5272 NdisWan - ok
10:05:07.0976 5272 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:05:07.0976 5272 NDProxy - ok
10:05:08.0007 5272 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:05:08.0007 5272 NetBIOS - ok
10:05:08.0070 5272 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:05:08.0070 5272 NetBT - ok
10:05:08.0116 5272 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:05:08.0116 5272 Netlogon - ok
10:05:08.0194 5272 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:05:08.0194 5272 Netman - ok
10:05:08.0241 5272 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:05:08.0257 5272 netprofm - ok
10:05:08.0335 5272 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:05:08.0335 5272 NetTcpPortSharing - ok
10:05:08.0366 5272 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:05:08.0366 5272 nfrd960 - ok
10:05:08.0444 5272 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:05:08.0460 5272 NlaSvc - ok
10:05:08.0475 5272 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:05:08.0491 5272 Npfs - ok
10:05:08.0522 5272 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:05:08.0522 5272 nsi - ok
10:05:08.0538 5272 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:05:08.0538 5272 nsiproxy - ok
10:05:08.0709 5272 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:05:08.0725 5272 Ntfs - ok
10:05:08.0787 5272 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:05:08.0803 5272 Null - ok
10:05:09.0458 5272 nvlddmkm (181b6e6f49f9f3ad05589b48e29ba167) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:05:09.0692 5272 nvlddmkm - ok
10:05:09.0817 5272 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
10:05:09.0817 5272 NVNET - ok
10:05:09.0879 5272 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:05:09.0895 5272 nvraid - ok
10:05:09.0910 5272 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:05:09.0926 5272 nvstor - ok
10:05:10.0004 5272 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
10:05:10.0004 5272 nvstor64 - ok
10:05:10.0051 5272 nvsvc (b5b5da18380f625c34b88b93d09d7d40) C:\Windows\system32\nvvsvc.exe
10:05:10.0066 5272 nvsvc - ok
10:05:10.0129 5272 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:05:10.0144 5272 nv_agp - ok
10:05:10.0269 5272 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:05:10.0300 5272 odserv - ok
10:05:10.0347 5272 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:05:10.0347 5272 ohci1394 - ok
10:05:10.0425 5272 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:05:10.0425 5272 ose - ok
10:05:10.0768 5272 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:05:10.0831 5272 osppsvc - ok
10:05:10.0971 5272 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:05:10.0971 5272 p2pimsvc - ok
10:05:11.0018 5272 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:05:11.0034 5272 p2psvc - ok
10:05:11.0096 5272 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:05:11.0096 5272 Parport - ok
10:05:11.0236 5272 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:05:11.0236 5272 partmgr - ok
10:05:11.0377 5272 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
10:05:11.0408 5272 PassThru Service - ok
10:05:11.0439 5272 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:05:11.0455 5272 PcaSvc - ok
10:05:11.0502 5272 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:05:11.0502 5272 pci - ok
10:05:11.0533 5272 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:05:11.0533 5272 pciide - ok
10:05:11.0626 5272 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:05:11.0642 5272 pcmcia - ok
10:05:11.0689 5272 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
10:05:11.0689 5272 pcouffin - ok
10:05:11.0720 5272 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:05:11.0720 5272 pcw - ok
10:05:11.0782 5272 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:05:11.0782 5272 PEAUTH - ok
10:05:11.0876 5272 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:05:11.0892 5272 PerfHost - ok
10:05:12.0094 5272 PID_PEPI (ae0b94363da0f60d42b9d05b352f61ed) C:\Windows\system32\DRIVERS\LV302V64.SYS
10:05:12.0141 5272 PID_PEPI - ok
10:05:12.0344 5272 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:05:12.0360 5272 pla - ok
10:05:12.0438 5272 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:05:12.0453 5272 PlugPlay - ok
10:05:12.0500 5272 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:05:12.0500 5272 PNRPAutoReg - ok
10:05:12.0547 5272 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:05:12.0547 5272 PNRPsvc - ok
10:05:12.0609 5272 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:05:12.0625 5272 PolicyAgent - ok
10:05:12.0672 5272 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:05:12.0672 5272 Power - ok
10:05:12.0734 5272 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:05:12.0734 5272 PptpMiniport - ok
10:05:12.0781 5272 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:05:12.0796 5272 Processor - ok
10:05:12.0843 5272 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:05:12.0859 5272 ProfSvc - ok
10:05:12.0906 5272 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:05:12.0906 5272 ProtectedStorage - ok
10:05:12.0952 5272 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:05:12.0952 5272 Psched - ok
10:05:13.0108 5272 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:05:13.0171 5272 ql2300 - ok
10:05:13.0311 5272 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:05:13.0311 5272 ql40xx - ok
10:05:13.0405 5272 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:05:13.0420 5272 QWAVE - ok
10:05:13.0452 5272 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:05:13.0452 5272 QWAVEdrv - ok
10:05:13.0467 5272 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:05:13.0467 5272 RasAcd - ok
10:05:13.0530 5272 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:05:13.0530 5272 RasAgileVpn - ok
10:05:13.0576 5272 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:05:13.0592 5272 RasAuto - ok
10:05:13.0608 5272 RasAuto32 - ok
10:05:13.0670 5272 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:05:13.0670 5272 Rasl2tp - ok
10:05:13.0732 5272 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:05:13.0732 5272 RasMan - ok
10:05:13.0779 5272 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:05:13.0779 5272 RasPppoe - ok
10:05:13.0795 5272 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:05:13.0795 5272 RasSstp - ok
10:05:13.0826 5272 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:05:13.0842 5272 rdbss - ok
10:05:13.0873 5272 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:05:13.0888 5272 rdpbus - ok
10:05:13.0920 5272 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:05:13.0920 5272 RDPCDD - ok
10:05:13.0951 5272 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:05:13.0951 5272 RDPENCDD - ok
10:05:13.0982 5272 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:05:13.0982 5272 RDPREFMP - ok
10:05:14.0044 5272 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:05:14.0044 5272 RDPWD - ok
10:05:14.0091 5272 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:05:14.0091 5272 rdyboost - ok
10:05:14.0138 5272 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:05:14.0138 5272 RemoteAccess - ok
10:05:14.0169 5272 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:05:14.0185 5272 RemoteRegistry - ok
10:05:14.0216 5272 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:05:14.0216 5272 RpcEptMapper - ok
10:05:14.0247 5272 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:05:14.0247 5272 RpcLocator - ok
10:05:14.0341 5272 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:05:14.0356 5272 RpcSs - ok
10:05:14.0388 5272 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:05:14.0403 5272 rspndr - ok
10:05:14.0434 5272 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:05:14.0450 5272 SamSs - ok
10:05:14.0528 5272 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
10:05:14.0544 5272 SASDIFSV - ok
10:05:14.0606 5272 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
10:05:14.0606 5272 SASENUM - ok
10:05:14.0684 5272 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys
10:05:14.0700 5272 SASKUTIL - ok
10:05:14.0778 5272 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:05:14.0793 5272 sbp2port - ok
10:05:14.0856 5272 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:05:14.0871 5272 SCardSvr - ok
10:05:14.0934 5272 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:05:14.0934 5272 scfilter - ok
10:05:15.0043 5272 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:05:15.0074 5272 Schedule - ok
10:05:15.0168 5272 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:05:15.0168 5272 SCPolicySvc - ok
10:05:15.0230 5272 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:05:15.0230 5272 SDRSVC - ok
10:05:15.0292 5272 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:05:15.0292 5272 secdrv - ok
10:05:15.0339 5272 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:05:15.0339 5272 seclogon - ok
10:05:15.0386 5272 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:05:15.0386 5272 SENS - ok
10:05:15.0417 5272 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:05:15.0417 5272 SensrSvc - ok
10:05:15.0448 5272 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:05:15.0448 5272 Serenum - ok
10:05:15.0511 5272 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:05:15.0526 5272 Serial - ok
10:05:15.0573 5272 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:05:15.0573 5272 sermouse - ok
10:05:15.0636 5272 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:05:15.0636 5272 SessionEnv - ok
10:05:15.0682 5272 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:05:15.0682 5272 sffdisk - ok
10:05:15.0698 5272 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:05:15.0714 5272 sffp_mmc - ok
10:05:15.0729 5272 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:05:15.0729 5272 sffp_sd - ok
10:05:15.0776 5272 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:05:15.0776 5272 sfloppy - ok
10:05:15.0838 5272 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:05:15.0854 5272 SharedAccess - ok
10:05:15.0901 5272 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:05:15.0916 5272 ShellHWDetection - ok
10:05:15.0948 5272 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:05:15.0963 5272 SiSRaid2 - ok
10:05:15.0994 5272 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:05:16.0010 5272 SiSRaid4 - ok
10:05:16.0057 5272 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:05:16.0072 5272 Smb - ok
10:05:16.0135 5272 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:05:16.0135 5272 SNMPTRAP - ok
10:05:16.0150 5272 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:05:16.0150 5272 spldr - ok
10:05:16.0213 5272 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:05:16.0228 5272 Spooler - ok
10:05:16.0447 5272 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:05:16.0509 5272 sppsvc - ok
10:05:16.0634 5272 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:05:16.0634 5272 sppuinotify - ok
10:05:16.0696 5272 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:05:16.0712 5272 srv - ok
10:05:16.0774 5272 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:05:16.0774 5272 srv2 - ok
10:05:16.0806 5272 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:05:16.0806 5272 srvnet - ok
10:05:16.0915 5272 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:05:16.0915 5272 SSDPSRV - ok
10:05:16.0977 5272 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:05:16.0977 5272 SstpSvc - ok
10:05:17.0008 5272 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:05:17.0024 5272 stexstor - ok
10:05:17.0102 5272 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:05:17.0133 5272 stisvc - ok
10:05:17.0180 5272 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:05:17.0180 5272 swenum - ok
10:05:17.0398 5272 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:05:17.0430 5272 SwitchBoard - ok
10:05:17.0476 5272 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:05:17.0492 5272 swprv - ok
10:05:17.0695 5272 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:05:17.0742 5272 SysMain - ok
10:05:17.0882 5272 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:05:17.0898 5272 TabletInputService - ok
10:05:17.0944 5272 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:05:17.0960 5272 TapiSrv - ok
10:05:17.0991 5272 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:05:17.0991 5272 TBS - ok
10:05:18.0178 5272 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:05:18.0210 5272 Tcpip - ok
10:05:18.0459 5272 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:05:18.0490 5272 TCPIP6 - ok
10:05:18.0631 5272 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:05:18.0631 5272 tcpipreg - ok
10:05:18.0662 5272 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:05:18.0662 5272 TDPIPE - ok
10:05:18.0724 5272 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:05:18.0724 5272 TDTCP - ok
10:05:18.0771 5272 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:05:18.0771 5272 tdx - ok
10:05:18.0818 5272 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:05:18.0818 5272 TermDD - ok
10:05:18.0880 5272 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:05:18.0880 5272 TermService - ok
10:05:18.0912 5272 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:05:18.0912 5272 Themes - ok
10:05:18.0974 5272 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:05:18.0974 5272 THREADORDER - ok
10:05:19.0036 5272 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:05:19.0036 5272 TrkWks - ok
10:05:19.0099 5272 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:05:19.0099 5272 TrustedInstaller - ok
10:05:19.0161 5272 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:05:19.0161 5272 tssecsrv - ok
10:05:19.0224 5272 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:05:19.0224 5272 TsUsbFlt - ok
10:05:19.0411 5272 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:05:19.0426 5272 tunnel - ok
10:05:19.0458 5272 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:05:19.0458 5272 uagp35 - ok
10:05:19.0489 5272 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:05:19.0504 5272 udfs - ok
10:05:19.0551 5272 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:05:19.0551 5272 UI0Detect - ok
10:05:19.0598 5272 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:05:19.0598 5272 uliagpkx - ok
10:05:19.0692 5272 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:05:19.0692 5272 umbus - ok
10:05:19.0738 5272 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:05:19.0754 5272 UmPass - ok
10:05:19.0785 5272 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:05:19.0801 5272 upnphost - ok
10:05:19.0832 5272 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:05:19.0848 5272 usbaudio - ok
10:05:19.0879 5272 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:05:19.0894 5272 usbccgp - ok
10:05:19.0926 5272 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:05:19.0941 5272 usbcir - ok
10:05:20.0004 5272 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:05:20.0004 5272 usbehci - ok
10:05:20.0066 5272 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:05:20.0066 5272 usbhub - ok
10:05:20.0082 5272 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:05:20.0082 5272 usbohci - ok
10:05:20.0128 5272 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:05:20.0128 5272 usbprint - ok
10:05:20.0160 5272 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:05:20.0160 5272 USBSTOR - ok
10:05:20.0175 5272 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:05:20.0175 5272 usbuhci - ok
10:05:20.0238 5272 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
10:05:20.0238 5272 usb_rndisx - ok
10:05:20.0284 5272 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:05:20.0284 5272 UxSms - ok
10:05:20.0347 5272 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:05:20.0347 5272 VaultSvc - ok
10:05:20.0394 5272 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:05:20.0394 5272 vdrvroot - ok
10:05:20.0472 5272 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:05:20.0472 5272 vds - ok
10:05:20.0518 5272 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:05:20.0518 5272 vga - ok
10:05:20.0550 5272 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:05:20.0550 5272 VgaSave - ok
10:05:20.0659 5272 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:05:20.0674 5272 vhdmp - ok
10:05:20.0706 5272 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:05:20.0706 5272 viaide - ok
10:05:20.0737 5272 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:05:20.0737 5272 volmgr - ok
10:05:20.0784 5272 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:05:20.0799 5272 volmgrx - ok
10:05:20.0846 5272 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:05:20.0862 5272 volsnap - ok
10:05:20.0955 5272 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:05:20.0986 5272 vsmraid - ok
10:05:21.0111 5272 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:05:21.0127 5272 VSS - ok
10:05:21.0454 5272 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
10:05:21.0470 5272 vToolbarUpdater10.2.0 - ok
10:05:21.0626 5272 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:05:21.0642 5272 vwifibus - ok
10:05:21.0704 5272 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:05:21.0704 5272 W32Time - ok
10:05:21.0735 5272 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:05:21.0751 5272 WacomPen - ok
10:05:21.0829 5272 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:05:21.0829 5272 WANARP - ok
10:05:21.0860 5272 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:05:21.0860 5272 Wanarpv6 - ok
10:05:21.0985 5272 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:05:22.0000 5272 WatAdminSvc - ok
10:05:22.0172 5272 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:05:22.0219 5272 wbengine - ok
10:05:22.0390 5272 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:05:22.0406 5272 WbioSrvc - ok
10:05:22.0484 5272 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:05:22.0484 5272 wcncsvc - ok
10:05:22.0515 5272 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:05:22.0515 5272 WcsPlugInService - ok
10:05:22.0546 5272 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:05:22.0546 5272 Wd - ok
10:05:22.0640 5272 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:05:22.0656 5272 Wdf01000 - ok
10:05:22.0671 5272 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:05:22.0687 5272 WdiServiceHost - ok
10:05:22.0702 5272 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:05:22.0702 5272 WdiSystemHost - ok
10:05:22.0827 5272 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:05:22.0827 5272 WebClient - ok
10:05:22.0874 5272 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:05:22.0874 5272 Wecsvc - ok
10:05:22.0890 5272 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:05:22.0905 5272 wercplsupport - ok
10:05:22.0983 5272 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:05:22.0983 5272 WerSvc - ok
10:05:23.0061 5272 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:05:23.0061 5272 WfpLwf - ok
10:05:23.0092 5272 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:05:23.0092 5272 WIMMount - ok
10:05:23.0170 5272 WinDefend - ok
10:05:23.0186 5272 WinHttpAutoProxySvc - ok
10:05:23.0389 5272 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:05:23.0404 5272 Winmgmt - ok
10:05:23.0529 5272 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:05:23.0560 5272 WinRM - ok
10:05:23.0732 5272 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:05:23.0732 5272 WinUsb - ok
10:05:23.0919 5272 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:05:23.0950 5272 Wlansvc - ok
10:05:24.0309 5272 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:05:24.0356 5272 wlidsvc - ok
10:05:24.0496 5272 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:05:24.0543 5272 WmiAcpi - ok
10:05:24.0621 5272 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:05:24.0621 5272 wmiApSrv - ok
10:05:24.0668 5272 WMPNetworkSvc - ok
10:05:24.0715 5272 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:05:24.0746 5272 WPCSvc - ok
10:05:24.0793 5272 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:05:24.0808 5272 WPDBusEnum - ok
10:05:24.0824 5272 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:05:24.0824 5272 ws2ifsl - ok
10:05:24.0855 5272 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:05:24.0855 5272 wscsvc - ok
10:05:24.0871 5272 WSearch - ok
10:05:25.0074 5272 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:05:25.0105 5272 wuauserv - ok
10:05:25.0323 5272 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:05:25.0323 5272 WudfPf - ok
10:05:25.0386 5272 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:05:25.0386 5272 WUDFRd - ok
10:05:25.0432 5272 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:05:25.0448 5272 wudfsvc - ok
10:05:25.0588 5272 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:05:25.0620 5272 WwanSvc - ok
10:05:25.0838 5272 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:05:25.0854 5272 YahooAUService - ok
10:05:25.0900 5272 MBR (0x1B8) (ec17f77d22078948ae0800f846c0b469) \Device\Harddisk0\DR0
10:05:25.0916 5272 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected
10:05:25.0916 5272 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
10:05:25.0963 5272 Boot (0x1200) (0870d11566054402676b73127e026997) \Device\Harddisk0\DR0\Partition0
10:05:25.0963 5272 \Device\Harddisk0\DR0\Partition0 - ok
10:05:25.0978 5272 Boot (0x1200) (4d86b32abc583bd323b17c73d4d19bb7) \Device\Harddisk0\DR0\Partition1
10:05:25.0978 5272 \Device\Harddisk0\DR0\Partition1 - ok
10:05:26.0010 5272 Boot (0x1200) (6e00ea397d677e38bd4857404f8c3d03) \Device\Harddisk0\DR0\Partition2
10:05:26.0025 5272 \Device\Harddisk0\DR0\Partition2 - ok
10:05:26.0025 5272 ============================================================
10:05:26.0025 5272 Scan finished
10:05:26.0025 5272 ============================================================
10:05:26.0041 6052 Detected object count: 2
10:05:26.0041 6052 Actual detected object count: 2
10:05:52.0108 6052 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
10:05:52.0108 6052 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
10:05:53.0107 6052 \Device\Harddisk0\DR0\# - copied to quarantine
10:05:53.0122 6052 \Device\Harddisk0\DR0 - copied to quarantine
10:05:53.0138 6052 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
10:05:53.0138 6052 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
10:05:53.0138 6052 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
10:05:53.0154 6052 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
10:05:53.0154 6052 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
10:05:53.0169 6052 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
10:05:53.0169 6052 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
10:05:53.0185 6052 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:05:53.0216 6052 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
10:05:53.0216 6052 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
10:05:53.0232 6052 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
10:05:53.0232 6052 \Device\Harddisk0\DR0\TDLFS\spr.dll - copied to quarantine
10:05:53.0419 6052 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - will be cured on reboot
10:05:53.0419 6052 \Device\Harddisk0\DR0 - ok
10:05:54.0199 6052 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action: Cure
10:06:10.0189 6024 Deinitialize success







aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-09 10:11:04
-----------------------------
10:11:04.542 OS Version: Windows x64 6.1.7601 Service Pack 1
10:11:04.542 Number of processors: 1 586 0x7F02
10:11:04.542 ComputerName: TREVOR-PC UserName: Trevor
10:11:05.946 Initialize success
10:12:23.158 AVAST engine defs: 12060900
10:13:13.221 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
10:13:13.234 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
10:13:13.255 Disk 0 MBR read successfully
10:13:13.259 Disk 0 MBR scan
10:13:13.265 Disk 0 unknown MBR code
10:13:13.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:13:13.293 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294058 MB offset 206848
10:13:13.323 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11085 MB offset 602437632
10:13:13.404 Disk 0 scanning C:\Windows\system32\drivers
10:13:35.969 Service scanning
10:14:14.613 Modules scanning
10:14:14.626 Disk 0 trace - called modules:
10:14:14.663 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
10:14:15.032 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003426060]
10:14:15.042 3 CLASSPNP.SYS[fffff8800196d43f] -> nt!IofCallDriver -> [0xfffffa8002e1d7a0]
10:14:15.052 5 ACPI.sys[fffff88000f4a7a1] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa8002e1d060]
10:14:16.594 AVAST engine scan C:\Windows
10:14:24.421 AVAST engine scan C:\Windows\system32
10:23:49.947 AVAST engine scan C:\Windows\system32\drivers
10:24:21.443 AVAST engine scan C:\Users\Trevor
10:42:59.086 AVAST engine scan C:\ProgramData
10:51:47.748 Scan finished successfully
10:55:51.505 Disk 0 MBR has been saved successfully to "C:\Users\Trevor\Desktop\MBR.dat"
10:55:51.513 The log file has been saved successfully to "C:\Users\Trevor\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 09 June 2012 - 02:38 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 MeNeedsHelp

MeNeedsHelp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 09 June 2012 - 04:02 PM

Seems to be fine, so far. Just the programs missing from the folders in the start menu. Not sure if that means I will just have to reinstall them.

ComboFix 12-06-09.02 - Trevor 06/09/2012 15:33:54.6.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1667 [GMT -5:00]
Running from: C:\Users\Trevor\Downloads\ComboFix.exe
Command switches used :: C:\Users\Trevor\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Windows\svchost.exe
C:\Windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
C:\Windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete


((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))


2012-06-09 20:46:47 . 2012-06-09 20:46:47 -------- d-----w- C:\Users\Mcx1-TREVOR-PC\AppData\Local\temp
2012-06-09 20:46:47 . 2012-06-09 20:46:47 -------- d-----w- C:\Users\Guest\AppData\Local\temp
2012-06-09 20:46:47 . 2012-06-09 20:46:47 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-06-09 15:05:52 . 2012-06-09 15:05:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-09 09:56:06 . 2012-05-15 06:41:40 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5064E528-CACF-49D9-BD1D-C927B1FC05A1}\mpengine.dll
2012-06-09 05:25:36 . 2012-06-09 05:25:36 -------- d-----w- C:\Windows\system32\%LOCALAPPDATA%
2012-06-02 00:02:02 . 2012-06-02 00:02:02 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-28 19:01:09 . 2012-05-28 19:01:20 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2012-05-12 09:15:40 . 2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\system32\DWrite.dll
2012-05-12 09:15:39 . 2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 09:14:50 . 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\system32\drivers\partmgr.sys
2012-05-12 09:14:41 . 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-05-12 09:14:25 . 2012-03-31 05:42:06 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 09:14:25 . 2012-03-31 05:40:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 09:14:24 . 2012-03-31 04:29:48 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 09:14:23 . 2012-03-31 05:40:32 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 09:14:23 . 2012-03-31 05:40:31 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-05 01:42:28 . 2012-04-19 01:36:29 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 01:42:28 . 2011-06-22 15:25:32 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 01:41:29 . 2012-04-19 01:43:07 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 09:50:26 . 2012-04-19 09:50:26 28480 ----a-w- C:\Windows\system32\drivers\avgidsha.sys
2012-03-22 19:12:12 . 2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-19 10:17:26 . 2012-03-19 10:17:26 383808 ----a-w- C:\Windows\system32\drivers\avgtdia.sys


((((((((((((((((((((((((((((( SnapShot@2012-06-09_07.44.00 )))))))))))))))))))))))))))))))))))))))))

+ 2012-06-07 13:20:11 . 2012-06-09 07:41:00 81920 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-12 02:10:56 . 2012-06-09 20:50:43 66264 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10:35 . 2012-06-09 20:50:44 53386 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10:35 . 2012-06-09 07:43:28 53386 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-10 19:49:51 . 2012-06-09 20:50:44 27714 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3444603181-2407673103-1584387001-1001_UserData.bin
+ 2010-02-10 20:45:58 . 2012-06-09 09:25:19 16384 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-10 20:45:58 . 2012-06-04 22:07:48 16384 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-10 20:45:58 . 2012-06-09 09:25:19 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-10 20:45:58 . 2012-06-04 22:07:48 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54:19 . 2012-06-04 22:07:48 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54:19 . 2012-06-09 09:25:19 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-09 07:41:01 . 2012-06-09 07:41:01 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-09 20:48:32 . 2012-06-09 20:48:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-09 07:41:01 . 2012-06-09 07:41:01 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-09 20:48:32 . 2012-06-09 20:48:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-09 15:07:35 . 2009-10-07 08:46:36 131608 C:\Windows\Temp\logishrd\LVPrcInj02.dll
- 2012-06-09 07:41:09 . 2009-10-07 08:46:36 131608 C:\Windows\Temp\logishrd\LVPrcInj02.dll
+ 2012-06-09 15:07:35 . 2009-10-07 08:47:22 109080 C:\Windows\Temp\logishrd\LVPrcInj01.dll
- 2012-06-09 07:41:09 . 2009-10-07 08:47:22 109080 C:\Windows\Temp\logishrd\LVPrcInj01.dll
+ 2012-06-07 13:20:11 . 2012-06-09 07:41:00 491520 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-18 13:39:39 . 2012-06-09 07:41:00 262144 C:\Windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-09-18 13:39:39 . 2012-06-09 07:54:55 262144 C:\Windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2010-06-01 21:03:09 . 2012-01-31 12:44:20 279656 C:\Windows\system32\MpSigStub.exe
+ 2010-06-01 21:03:09 . 2012-02-23 15:18:36 279656 C:\Windows\system32\MpSigStub.exe
- 2012-01-20 11:57:39 . 2012-06-09 07:40:03 992848 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-20 11:57:39 . 2012-06-09 20:47:33 992848 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01:48 . 2012-06-09 20:47:28 487988 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-25 13:36:49 . 2012-06-09 15:06:30 2112756 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-06-09 14:38:31 . 2012-06-09 14:38:31 8449024 C:\Windows\Installer\17ec945.msi
+ 2010-04-18 05:40:31 . 2012-06-09 20:47:29 10539612 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3444603181-2407673103-1584387001-1001-12288.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll" [BU]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 23:26:44 1685048]
"Xvid"="C:\Program Files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 19:41:43 8192]
"Akamai NetSession Interface"="C:\Users\Trevor\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 05:31:08 3331872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-07-10 17:28:19 202256]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 18:47:28 62768]
"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 22:50:04 54576]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 02:04:47 35760]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 17:04:58 36760]
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 17:04:58 2904984]
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 21:54:26 91520]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 20:37:14 517096]
"AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 11:57:06 406992]
"AVG_TRAY"="C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 10:12:34 2587008]
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2012-04-08 15:51:33 982880]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 19:06:06 254696]
"HTC Sync Loader"="C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 19:32:00 634880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 16:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21:42 548352 ----a-w- C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2011-01-31 04:30:00 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2011-01-31 04:30:00 67656]
R2 AVGIDSAgent32;AVGIDSAgent ;C:\Windows\system32\CPFilters32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 20:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 21:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 00:39:14 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 23:10:28 86072]
R2 RasAuto32;Remote Access Auto Connection Manager ;C:\Windows\system32\WfHC32.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 01:42:31 257696]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 13:17:31 167264]
R3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 01:31:08 195336]
R3 EraserUtilDrv11010;EraserUtilDrv11010;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [x]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 00:39:14 136176]
R3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 12:49:20 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 16:15:00 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 14:39:26 129976]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 04:34:24 4925184]
R3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2011-01-31 04:30:00 12872]
R3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 20:37:14 517096]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys [x]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe [2009-07-14 01:39:46 27136]
S2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2010-09-09 02:39:52 43912]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 10:57:00 2321520]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 14:44:38 5106744]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 09:53:38 193288]
S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 23:33:20 249648]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 23:07:50 94264]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 08:47:10 191000]
S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 18:06:04 88576]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 05:11:09 918880]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys [x]
S3 pcouffin;VSO Software pcouffin;C:\Windows\system32\Drivers\pcouffin.sys [x]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

Contents of the 'Scheduled Tasks' folder

2012-06-09 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 01:36:29 . 2012-05-05 01:42:31]

2012-06-09 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 00:39:18 . 2010-04-30 00:39:14]

2012-06-09 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 00:39:18 . 2010-04-30 00:39:14]

2012-05-15 C:\Windows\Tasks\HPCeeScheduleForTrevor.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15:40 . 2010-09-14 04:15:40]

2012-06-01 C:\Windows\Tasks\PCDRScheduledMaintenance.job
- C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11:04 . 2009-09-18 07:11:04]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 00:17:08 610360]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-07-29 18:21:26 16333856]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 23:42:18 499608]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 21:40:58 1873256]

------- Supplementary Scan -------

uStart Page = hxxp://www.nflblabber.com/
uLocal Page = C:\Windows\system32\blank.htm
mStart Page = hxxp://startsear.ch/?aff=1
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\gxvxs18m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111022154641659&tb_oid=22-10-2011&tb_mrud=22-10-2011
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf52de1a8-d7e8-42df-a5df-4104e075d2c1%7D&mid=275275aa9f9e5a5b8a99c9de60bc886f-fb2aa6b97dab2415849f63d851ab53eb8aa4a008&ds=AVG&v=10.2.0.3&lang=en&pr=pr&d=2012-04-08%2010%3A51%3A36&sap=ku&q=
FF - prefs.js: network.proxy.ftp - 129.15.78.31
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 129.15.78.31
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 129.15.78.31
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 129.15.78.31
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false

- - - - ORPHANS REMOVED - - - -

Toolbar-10 - (no file)

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 09 June 2012 - 05:21 PM

Hello


I would like you to run this first to see if they are hidden - http://download.bleepingcomputer.com/grinler/unhide.exe



Now I would like you to run this next to replace the defualt folders in the start menu

http://download.bleepingcomputer.com/grinler/fakehdd/win7-x64-sm-reset.exe - win 7 64


If running unhide did not work then the shortcuts are going to have to be remade

Using Avast as an example it can be done this way

Posted Image

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":

Posted Image

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.

Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\Program Data\Start Menu\Programs\Avast
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 MeNeedsHelp

MeNeedsHelp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 10 June 2012 - 11:10 AM

Thank you. I went ahead and followed the last step, as unhide was unsuccessful.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 10 June 2012 - 12:00 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.3.4
Bing Bar
Java 2 Runtime Environment Standard Edition v1.3.1_20
Java™ 6 Update 30
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 MeNeedsHelp

MeNeedsHelp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 10 June 2012 - 05:52 PM

Thank you for your time. Everything is running a lot better than what it was about 3 to 4 days ago. Here are the logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:51:54 PM, on 6/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Trevor\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\Trevor\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nflblabber.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Trevor\AppData\Local\Akamai\netsession_win.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\SysWOW64\atashost.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVGIDSAgent (AVGIDSAgent32) - Unknown owner - C:\Windows\system32\CPFilters32.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto32) - Unknown owner - C:\Windows\system32\WfHC32.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16087 bytes






Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.10.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Trevor :: TREVOR-PC [administrator]

Protection: Enabled

6/10/2012 4:35:10 PM
mbam-log-2012-06-10 (16-35-10).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 460418
Time elapsed: 1 hour(s), 14 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 10 June 2012 - 06:11 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
      O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
      O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Trevor\AppData\Local\Akamai\netsession_win.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 MeNeedsHelp

MeNeedsHelp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 10 June 2012 - 11:06 PM

C:\ProgramData\iComment\iComment-002.001.005.exe probably a variant of Win32/InstallIQ application
C:\TDSSKiller_Quarantine\09.06.2012_10.03.49\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\09.06.2012_10.03.49\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\09.06.2012_10.03.49\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.EB trojan
C:\TDSSKiller_Quarantine\09.06.2012_10.03.49\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\09.06.2012_10.03.49\mbr0000\tdlfs0000\tsk0007.dta a variant of Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\09.06.2012_10.03.49\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan
C:\TDSSKiller_Quarantine\09.06.2012_10.03.49\mbr0000\tdlfs0000\tsk0010.dta a variant of Win32/Olmarik.AYG trojan
C:\Users\All Users\iComment\iComment-002.001.005.exe probably a variant of Win32/InstallIQ application
C:\Users\Trevor\Downloads\movie_player_1280.exe a variant of Win32/InstallIQ application
C:\Users\Trevor\Downloads\rb.www.Underground.MN.rar Win32/RegistryBooster application

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 11 June 2012 - 12:22 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\ProgramData\iComment\iComment-002.001.005.exe"
    rd /s /q "C:\TDSSKiller_Quarantine\"
    del /f /s /q "C:\Users\All Users\iComment\iComment-002.001.005.exe"
    del /f /s /q "C:\Users\Trevor\Downloads\movie_player_1280.exe"
    del /f /s /q "C:\Users\Trevor\Downloads\rb.www.Underground.MN.rar"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 14 June 2012 - 01:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users