Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects on IE & FF


  • This topic is locked This topic is locked
12 replies to this topic

#1 sanjoo9211

sanjoo9211

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 01 July 2012 - 12:02 AM

Hello everybody,

It appears that I'm infected with the Google redirect virus. It redirects searches to:
109.206.160.225
173.214.255.51
206.51.231.116
217.159.171.218
63.209.69.107
64.15.72.104
64.21.9.244
65.97.58.10
66.246.72.42
67.196.0.168
68.232.188.245
8.26.70.252

I ran MalwareBytes, but it did not fix the issue.

Any assistance in removing this would be greatly appreciated.

I created a topic here: http://www.bleepingcomputer.com/forums/topic457365.html but Broni suggested that this needs a deeper look and I start this new topic.

Information from DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by RJ at 0:52:59 on 2012-07-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3959.1729 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Adblock Pro: {f385c231-605b-4d8f-aca9-dbff765bbe17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [cdloader] "C:\Users\RJ\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "C:\Users\RJ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Adobe] rundll32.exe "C:\Users\RJ\AppData\Local\Diagnostics\Adobe\fhrpqqt.dll",CreateInstance
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe -update activex
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [<NO NAME>]
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Block This Image (ABP) - C:\Program Files (x86)\Adblock Pro\blockimg.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/68.15/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 10.0.2.1
TCP: Interfaces\{1DA84757-33BC-43E4-8769-C366D0C033F2} : DhcpNameServer = 10.0.2.1
TCP: Interfaces\{1DA84757-33BC-43E4-8769-C366D0C033F2}\038364850383030363031363 : DhcpNameServer = 192.168.200.1
TCP: Interfaces\{1DA84757-33BC-43E4-8769-C366D0C033F2}\758696475644F676D27657563747 : DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{1DA84757-33BC-43E4-8769-C366D0C033F2}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{845D1029-A77B-4E86-89F9-18818D55E491} : DhcpNameServer = 192.168.200.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Adblock Pro: {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
BHO-X64: Adblock Pro - No File
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [(Default)]
mRun-x64: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\lrzu37oo.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
FF - plugin: C:\Users\RJ\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\RJ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\RJ\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-3 40384]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-15 13336]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-10-10 2358656]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-15 2320920]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-9-21 539184]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-3 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-3 40384]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-06-15 04:26:43 -------- d-----w- C:\Program Files (x86)\WinPcap
2012-06-15 04:25:03 -------- d-----w- C:\Program Files (x86)\WMR11
2012-06-15 04:23:10 -------- d-----w- C:\Program Files (x86)\WM Recorder
2012-06-05 22:33:24 -------- d-----w- C:\Users\RJ\AppData\Roaming\SUPERAntiSpyware.com
2012-06-05 22:33:04 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-05 22:33:04 -------- d-----w- C:\Program Files\SUPERAntiSpyware
.
==================== Find3M ====================
.
2012-05-06 02:25:29 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 02:25:29 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 0:53:36.06 ===============


Thanks in advance for your assistance.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:08 AM

Posted 01 July 2012 - 12:49 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sanjoo9211

sanjoo9211
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 01 July 2012 - 11:01 PM

Greetings and Welcome to The Forums!!

Thank you!





Security Check

Results of screen317's Security Check version 0.99.42
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.2.202.235 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (6.0.1)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````





Run Combofix:

ComboFix 12-07-01.03 - RJ 07/01/2012 17:03:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3959.1148 [GMT -4:00]
Running from: c:\users\RJ\Desktop\BC2\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\RJ\AppData\Local\Diagnostics\Adobe\fhrpqqt.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 21:08 . 2012-07-01 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 04:26 . 2012-06-15 04:26 -------- d-----w- c:\program files (x86)\WinPcap
2012-06-15 04:25 . 2012-06-15 04:28 -------- d-----w- c:\program files (x86)\WMR11
2012-06-15 04:23 . 2012-06-15 04:23 -------- d-----w- c:\program files (x86)\WM Recorder
2012-06-05 22:33 . 2012-06-05 22:33 -------- d-----w- c:\users\RJ\AppData\Roaming\SUPERAntiSpyware.com
2012-06-05 22:33 . 2012-06-05 22:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-05 22:33 . 2012-06-05 22:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 02:25 . 2012-05-06 02:25 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 02:25 . 2012-01-05 03:32 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2012-05-29 22:44 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"cdloader"="c:\users\RJ\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-05-16 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-01-15 284696]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2010-09-21 129584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2011-11-12 24576]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 40464]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-03-24 37392]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-01-15 13336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-09-21 80944]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-01-28 86120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417966123-2682203076-2084814262-1001Core.job
- c:\users\RJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 03:30]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417966123-2682203076-2084814262-1001UA.job
- c:\users\RJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 03:30]
.
2012-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Block This Image (ABP) - c:\program files (x86)\Adblock Pro\blockimg.html
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 10.0.2.1
FF - ProfilePath - c:\users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\lrzu37oo.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Adobe - c:\users\RJ\AppData\Local\Diagnostics\Adobe\fhrpqqt.dll
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-01 17:10:05
ComboFix-quarantined-files.txt 2012-07-01 21:10
.
Pre-Run: 328,695,468,032 bytes free
Post-Run: 328,572,882,944 bytes free
.
- - End Of File - - 1710BC8D5466A0CB39E319E9159258C0





[*]Log from Combofix

Posted above.




[*]let me know of any problems you may have had

I did not encounter any problems when I ran SecurityCheck or ComboFix.




[*]How is the computer doing now?

I ran a few searches and it redirect me to 8.26.70.252. The problem persists.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:08 AM

Posted 01 July 2012 - 11:16 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sanjoo9211

sanjoo9211
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 01 July 2012 - 11:45 PM

Thank you for your quick response. I appreciate it.





tdsskiller:

00:23:58.0195 4516 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
00:23:58.0475 4516 ============================================================
00:23:58.0475 4516 Current date / time: 2012/07/02 00:23:58.0475
00:23:58.0475 4516 SystemInfo:
00:23:58.0475 4516
00:23:58.0475 4516 OS Version: 6.1.7600 ServicePack: 0.0
00:23:58.0475 4516 Product type: Workstation
00:23:58.0475 4516 ComputerName: HP
00:23:58.0475 4516 UserName: RJ
00:23:58.0475 4516 Windows directory: C:\Windows
00:23:58.0475 4516 System windows directory: C:\Windows
00:23:58.0475 4516 Running under WOW64
00:23:58.0475 4516 Processor architecture: Intel x64
00:23:58.0475 4516 Number of processors: 4
00:23:58.0475 4516 Page size: 0x1000
00:23:58.0475 4516 Boot type: Normal boot
00:23:58.0475 4516 ============================================================
00:23:58.0819 4516 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:23:58.0834 4516 ============================================================
00:23:58.0834 4516 \Device\Harddisk0\DR0:
00:23:58.0834 4516 MBR partitions:
00:23:58.0834 4516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:23:58.0834 4516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2C1C3000
00:23:58.0850 4516 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2C1F757E, BlocksNum 0x1900297E
00:23:58.0865 4516 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x451F9F3B, BlocksNum 0x10C2C0C5
00:23:58.0865 4516 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x55E26000, BlocksNum 0x171F800
00:23:58.0865 4516 ============================================================
00:23:58.0897 4516 C: <-> \Device\Harddisk0\DR0\Partition1
00:23:58.0928 4516 D: <-> \Device\Harddisk0\DR0\Partition4
00:23:58.0959 4516 X: <-> \Device\Harddisk0\DR0\Partition2
00:23:58.0975 4516 Y: <-> \Device\Harddisk0\DR0\Partition3
00:23:58.0990 4516 ============================================================
00:23:58.0990 4516 Initialize success
00:23:58.0990 4516 ============================================================
00:24:18.0631 5176 ============================================================
00:24:18.0631 5176 Scan started
00:24:18.0631 5176 Mode: Manual;
00:24:18.0631 5176 ============================================================
00:24:18.0943 5176 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
00:24:18.0943 5176 !SASCORE - ok
00:24:19.0067 5176 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
00:24:19.0067 5176 1394ohci - ok
00:24:19.0099 5176 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
00:24:19.0099 5176 ACPI - ok
00:24:19.0130 5176 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
00:24:19.0145 5176 AcpiPmi - ok
00:24:19.0192 5176 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:24:19.0208 5176 adp94xx - ok
00:24:19.0255 5176 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:24:19.0255 5176 adpahci - ok
00:24:19.0270 5176 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:24:19.0286 5176 adpu320 - ok
00:24:19.0301 5176 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:24:19.0317 5176 AeLookupSvc - ok
00:24:19.0364 5176 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
00:24:19.0364 5176 AFD - ok
00:24:19.0379 5176 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
00:24:19.0379 5176 agp440 - ok
00:24:19.0395 5176 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:24:19.0395 5176 ALG - ok
00:24:19.0411 5176 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
00:24:19.0411 5176 aliide - ok
00:24:19.0411 5176 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
00:24:19.0411 5176 amdide - ok
00:24:19.0426 5176 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:24:19.0426 5176 AmdK8 - ok
00:24:19.0442 5176 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:24:19.0442 5176 AmdPPM - ok
00:24:19.0473 5176 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
00:24:19.0473 5176 amdsata - ok
00:24:19.0489 5176 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:24:19.0489 5176 amdsbs - ok
00:24:19.0520 5176 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
00:24:19.0520 5176 amdxata - ok
00:24:19.0535 5176 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
00:24:19.0535 5176 AppID - ok
00:24:19.0551 5176 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:24:19.0551 5176 AppIDSvc - ok
00:24:19.0582 5176 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
00:24:19.0598 5176 Appinfo - ok
00:24:19.0613 5176 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:24:19.0613 5176 arc - ok
00:24:19.0645 5176 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:24:19.0645 5176 arcsas - ok
00:24:19.0691 5176 aswFsBlk (b76182f203e0bd5eb6a5f6538f0faee4) C:\Windows\system32\drivers\aswFsBlk.sys
00:24:19.0707 5176 aswFsBlk - ok
00:24:19.0754 5176 aswMonFlt (a88e9544edda1ce83825dd22d6a8b5f9) C:\Windows\system32\drivers\aswMonFlt.sys
00:24:19.0754 5176 aswMonFlt - ok
00:24:19.0754 5176 aswRdr (cfad2fb33b22e7039c9dc233baacbf8b) C:\Windows\system32\drivers\aswRdr.sys
00:24:19.0754 5176 aswRdr - ok
00:24:19.0769 5176 aswSP (594365e887f4a5ad3970870b352eb887) C:\Windows\system32\drivers\aswSP.sys
00:24:19.0769 5176 aswSP - ok
00:24:19.0785 5176 aswTdi (4ba0a0e1d36f88f536180ffe5efd8b7c) C:\Windows\system32\drivers\aswTdi.sys
00:24:19.0785 5176 aswTdi - ok
00:24:19.0801 5176 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:24:19.0801 5176 AsyncMac - ok
00:24:19.0816 5176 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
00:24:19.0816 5176 atapi - ok
00:24:19.0863 5176 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:24:19.0879 5176 AudioEndpointBuilder - ok
00:24:19.0879 5176 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:24:19.0894 5176 AudioSrv - ok
00:24:19.0957 5176 avast! Antivirus (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
00:24:19.0957 5176 avast! Antivirus - ok
00:24:19.0957 5176 avast! Mail Scanner (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
00:24:19.0957 5176 avast! Mail Scanner - ok
00:24:19.0957 5176 avast! Web Scanner (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
00:24:19.0957 5176 avast! Web Scanner - ok
00:24:19.0988 5176 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
00:24:20.0003 5176 AxInstSV - ok
00:24:20.0035 5176 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:24:20.0050 5176 b06bdrv - ok
00:24:20.0081 5176 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:24:20.0081 5176 b57nd60a - ok
00:24:20.0097 5176 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:24:20.0113 5176 BDESVC - ok
00:24:20.0128 5176 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:24:20.0128 5176 Beep - ok
00:24:20.0175 5176 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
00:24:20.0191 5176 BFE - ok
00:24:20.0284 5176 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
00:24:20.0284 5176 BITS - ok
00:24:20.0331 5176 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:24:20.0331 5176 blbdrive - ok
00:24:20.0347 5176 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
00:24:20.0347 5176 bowser - ok
00:24:20.0362 5176 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:24:20.0362 5176 BrFiltLo - ok
00:24:20.0393 5176 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:24:20.0393 5176 BrFiltUp - ok
00:24:20.0425 5176 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:24:20.0440 5176 BridgeMP - ok
00:24:20.0456 5176 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
00:24:20.0456 5176 Browser - ok
00:24:20.0471 5176 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:24:20.0487 5176 Brserid - ok
00:24:20.0487 5176 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:24:20.0503 5176 BrSerWdm - ok
00:24:20.0503 5176 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:24:20.0503 5176 BrUsbMdm - ok
00:24:20.0518 5176 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:24:20.0518 5176 BrUsbSer - ok
00:24:20.0534 5176 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:24:20.0534 5176 BTHMODEM - ok
00:24:20.0549 5176 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:24:20.0565 5176 bthserv - ok
00:24:20.0565 5176 catchme - ok
00:24:20.0581 5176 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:24:20.0581 5176 cdfs - ok
00:24:20.0627 5176 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
00:24:20.0627 5176 cdrom - ok
00:24:20.0659 5176 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:24:20.0659 5176 CertPropSvc - ok
00:24:20.0737 5176 CinemaNow Service (2c24db5f78f0aca759803001e6b4f320) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
00:24:20.0737 5176 CinemaNow Service - ok
00:24:20.0752 5176 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:24:20.0752 5176 circlass - ok
00:24:20.0768 5176 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:24:20.0783 5176 CLFS - ok
00:24:20.0830 5176 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:24:20.0830 5176 clr_optimization_v2.0.50727_32 - ok
00:24:20.0861 5176 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:24:20.0861 5176 clr_optimization_v2.0.50727_64 - ok
00:24:20.0893 5176 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:24:20.0893 5176 CmBatt - ok
00:24:20.0893 5176 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
00:24:20.0908 5176 cmdide - ok
00:24:20.0924 5176 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
00:24:20.0939 5176 CNG - ok
00:24:20.0939 5176 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:24:20.0955 5176 Compbatt - ok
00:24:20.0986 5176 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:24:20.0986 5176 CompositeBus - ok
00:24:20.0986 5176 COMSysApp - ok
00:24:21.0002 5176 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:24:21.0002 5176 crcdisk - ok
00:24:21.0064 5176 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
00:24:21.0064 5176 CryptSvc - ok
00:24:21.0158 5176 cvhsvc (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:24:21.0173 5176 cvhsvc - ok
00:24:21.0220 5176 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
00:24:21.0236 5176 DcomLaunch - ok
00:24:21.0267 5176 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:24:21.0283 5176 defragsvc - ok
00:24:21.0314 5176 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
00:24:21.0314 5176 DfsC - ok
00:24:21.0329 5176 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
00:24:21.0329 5176 Dhcp - ok
00:24:21.0345 5176 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:24:21.0345 5176 discache - ok
00:24:21.0361 5176 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:24:21.0361 5176 Disk - ok
00:24:21.0392 5176 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
00:24:21.0392 5176 Dnscache - ok
00:24:21.0423 5176 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
00:24:21.0423 5176 dot3svc - ok
00:24:21.0439 5176 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
00:24:21.0439 5176 DPS - ok
00:24:21.0470 5176 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:24:21.0470 5176 drmkaud - ok
00:24:21.0501 5176 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
00:24:21.0517 5176 DXGKrnl - ok
00:24:21.0548 5176 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:24:21.0548 5176 EapHost - ok
00:24:21.0657 5176 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:24:21.0704 5176 ebdrv - ok
00:24:21.0797 5176 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
00:24:21.0797 5176 EFS - ok
00:24:21.0891 5176 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
00:24:21.0907 5176 ehRecvr - ok
00:24:21.0922 5176 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:24:21.0922 5176 ehSched - ok
00:24:21.0969 5176 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:24:21.0985 5176 elxstor - ok
00:24:21.0985 5176 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
00:24:22.0000 5176 ErrDev - ok
00:24:22.0031 5176 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:24:22.0031 5176 EventSystem - ok
00:24:22.0063 5176 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:24:22.0063 5176 exfat - ok
00:24:22.0078 5176 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:24:22.0094 5176 fastfat - ok
00:24:22.0141 5176 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
00:24:22.0141 5176 Fax - ok
00:24:22.0156 5176 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:24:22.0156 5176 fdc - ok
00:24:22.0172 5176 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:24:22.0172 5176 fdPHost - ok
00:24:22.0187 5176 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:24:22.0187 5176 FDResPub - ok
00:24:22.0187 5176 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:24:22.0203 5176 FileInfo - ok
00:24:22.0203 5176 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:24:22.0203 5176 Filetrace - ok
00:24:22.0219 5176 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:24:22.0219 5176 flpydisk - ok
00:24:22.0234 5176 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
00:24:22.0234 5176 FltMgr - ok
00:24:22.0281 5176 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
00:24:22.0281 5176 FlyUsb - ok
00:24:22.0328 5176 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
00:24:22.0359 5176 FontCache - ok
00:24:22.0406 5176 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:24:22.0406 5176 FontCache3.0.0.0 - ok
00:24:22.0437 5176 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:24:22.0437 5176 FsDepends - ok
00:24:22.0453 5176 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:24:22.0453 5176 Fs_Rec - ok
00:24:22.0468 5176 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
00:24:22.0468 5176 fvevol - ok
00:24:22.0484 5176 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:24:22.0499 5176 gagp30kx - ok
00:24:22.0593 5176 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
00:24:22.0593 5176 GameConsoleService - ok
00:24:22.0640 5176 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
00:24:22.0655 5176 gpsvc - ok
00:24:22.0702 5176 hcmon (94d46ded293c216822fb39df2ec6add4) C:\Windows\system32\drivers\hcmon.sys
00:24:22.0702 5176 hcmon - ok
00:24:22.0749 5176 hcw85cir (25581dcfe6cb06cc0e48fa5b63f67532) C:\Windows\system32\drivers\hcw85cir3.sys
00:24:22.0749 5176 hcw85cir - ok
00:24:22.0780 5176 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
00:24:22.0780 5176 HdAudAddService - ok
00:24:22.0811 5176 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:24:22.0811 5176 HDAudBus - ok
00:24:22.0843 5176 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
00:24:22.0843 5176 HECIx64 - ok
00:24:22.0858 5176 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:24:22.0858 5176 HidBatt - ok
00:24:22.0874 5176 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:24:22.0874 5176 HidBth - ok
00:24:22.0889 5176 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:24:22.0889 5176 HidIr - ok
00:24:22.0905 5176 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:24:22.0905 5176 hidserv - ok
00:24:22.0921 5176 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
00:24:22.0921 5176 HidUsb - ok
00:24:22.0936 5176 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
00:24:22.0936 5176 hkmsvc - ok
00:24:22.0967 5176 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
00:24:22.0967 5176 HomeGroupListener - ok
00:24:22.0999 5176 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
00:24:23.0014 5176 HomeGroupProvider - ok
00:24:23.0045 5176 hotcore3 (f1f359f2de372d1850a61382ebabc868) C:\Windows\system32\DRIVERS\hotcore3.sys
00:24:23.0045 5176 hotcore3 - ok
00:24:23.0139 5176 HP Health Check Service (c84bcc03858daeac4db1e95efcce1934) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
00:24:23.0139 5176 HP Health Check Service - ok
00:24:23.0186 5176 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
00:24:23.0186 5176 hpqwmiex - ok
00:24:23.0201 5176 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:24:23.0201 5176 HpSAMD - ok
00:24:23.0248 5176 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
00:24:23.0264 5176 HTTP - ok
00:24:23.0295 5176 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
00:24:23.0295 5176 hwpolicy - ok
00:24:23.0326 5176 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:24:23.0326 5176 i8042prt - ok
00:24:23.0373 5176 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
00:24:23.0373 5176 iaStor - ok
00:24:23.0435 5176 IAStorDataMgrSvc (f627bc830ee548527966288e4968aac0) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
00:24:23.0435 5176 IAStorDataMgrSvc - ok
00:24:23.0467 5176 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
00:24:23.0467 5176 iaStorV - ok
00:24:23.0529 5176 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:24:23.0545 5176 idsvc - ok
00:24:23.0576 5176 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:24:23.0576 5176 iirsp - ok
00:24:23.0638 5176 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
00:24:23.0638 5176 IKEEXT - ok
00:24:23.0747 5176 IntcAzAudAddService (28ceefbd2c63f91dc17ded3e8d27ecf5) C:\Windows\system32\drivers\RTKVHD64.sys
00:24:23.0763 5176 IntcAzAudAddService - ok
00:24:23.0825 5176 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
00:24:23.0825 5176 intelide - ok
00:24:23.0841 5176 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:24:23.0841 5176 intelppm - ok
00:24:23.0872 5176 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:24:23.0872 5176 IPBusEnum - ok
00:24:23.0919 5176 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:24:23.0919 5176 IpFilterDriver - ok
00:24:23.0950 5176 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
00:24:23.0950 5176 iphlpsvc - ok
00:24:23.0966 5176 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:24:23.0966 5176 IPMIDRV - ok
00:24:23.0981 5176 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:24:23.0981 5176 IPNAT - ok
00:24:23.0997 5176 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:24:24.0013 5176 IRENUM - ok
00:24:24.0013 5176 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
00:24:24.0028 5176 isapnp - ok
00:24:24.0059 5176 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
00:24:24.0075 5176 iScsiPrt - ok
00:24:24.0106 5176 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:24:24.0106 5176 kbdclass - ok
00:24:24.0122 5176 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
00:24:24.0122 5176 kbdhid - ok
00:24:24.0137 5176 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:24:24.0137 5176 KeyIso - ok
00:24:24.0137 5176 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
00:24:24.0137 5176 KSecDD - ok
00:24:24.0153 5176 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
00:24:24.0153 5176 KSecPkg - ok
00:24:24.0169 5176 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:24:24.0169 5176 ksthunk - ok
00:24:24.0184 5176 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:24:24.0200 5176 KtmRm - ok
00:24:24.0231 5176 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll
00:24:24.0231 5176 LanmanServer - ok
00:24:24.0247 5176 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
00:24:24.0247 5176 LanmanWorkstation - ok
00:24:24.0481 5176 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
00:24:24.0559 5176 LeapFrog Connect Device Service - ok
00:24:24.0621 5176 LightScribeService (3503f257b3203f824b1567238ebe17e2) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:24:24.0621 5176 LightScribeService - ok
00:24:24.0730 5176 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:24:24.0730 5176 lltdio - ok
00:24:24.0761 5176 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:24:24.0761 5176 lltdsvc - ok
00:24:24.0777 5176 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:24:24.0777 5176 lmhosts - ok
00:24:24.0824 5176 LMS (e38775922d4a4c05b5d96733ab4ce169) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:24:24.0824 5176 LMS - ok
00:24:24.0839 5176 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:24:24.0839 5176 LSI_FC - ok
00:24:24.0871 5176 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:24:24.0871 5176 LSI_SAS - ok
00:24:24.0886 5176 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:24:24.0886 5176 LSI_SAS2 - ok
00:24:24.0886 5176 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:24:24.0902 5176 LSI_SCSI - ok
00:24:24.0917 5176 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:24:24.0917 5176 luafv - ok
00:24:24.0949 5176 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
00:24:24.0949 5176 Mcx2Svc - ok
00:24:24.0964 5176 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:24:24.0964 5176 megasas - ok
00:24:24.0980 5176 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:24:24.0995 5176 MegaSR - ok
00:24:25.0011 5176 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:24:25.0011 5176 MMCSS - ok
00:24:25.0027 5176 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:24:25.0027 5176 Modem - ok
00:24:25.0042 5176 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:24:25.0042 5176 monitor - ok
00:24:25.0073 5176 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:24:25.0073 5176 mouclass - ok
00:24:25.0073 5176 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:24:25.0089 5176 mouhid - ok
00:24:25.0136 5176 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
00:24:25.0136 5176 mountmgr - ok
00:24:25.0151 5176 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
00:24:25.0167 5176 mpio - ok
00:24:25.0183 5176 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:24:25.0183 5176 mpsdrv - ok
00:24:25.0214 5176 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
00:24:25.0229 5176 MpsSvc - ok
00:24:25.0245 5176 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
00:24:25.0245 5176 MRxDAV - ok
00:24:25.0261 5176 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:24:25.0276 5176 mrxsmb - ok
00:24:25.0292 5176 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:24:25.0292 5176 mrxsmb10 - ok
00:24:25.0307 5176 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:24:25.0307 5176 mrxsmb20 - ok
00:24:25.0323 5176 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
00:24:25.0323 5176 msahci - ok
00:24:25.0339 5176 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
00:24:25.0339 5176 msdsm - ok
00:24:25.0370 5176 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:24:25.0370 5176 MSDTC - ok
00:24:25.0417 5176 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:24:25.0417 5176 Msfs - ok
00:24:25.0432 5176 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:24:25.0432 5176 mshidkmdf - ok
00:24:25.0448 5176 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
00:24:25.0448 5176 msisadrv - ok
00:24:25.0495 5176 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:24:25.0495 5176 MSiSCSI - ok
00:24:25.0510 5176 msiserver - ok
00:24:25.0510 5176 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:24:25.0526 5176 MSKSSRV - ok
00:24:25.0526 5176 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:24:25.0526 5176 MSPCLOCK - ok
00:24:25.0541 5176 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:24:25.0541 5176 MSPQM - ok
00:24:25.0573 5176 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
00:24:25.0573 5176 MsRPC - ok
00:24:25.0588 5176 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:24:25.0588 5176 mssmbios - ok
00:24:25.0604 5176 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:24:25.0604 5176 MSTEE - ok
00:24:25.0604 5176 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:24:25.0619 5176 MTConfig - ok
00:24:25.0635 5176 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:24:25.0635 5176 Mup - ok
00:24:25.0666 5176 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
00:24:25.0682 5176 napagent - ok
00:24:25.0713 5176 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:24:25.0729 5176 NativeWifiP - ok
00:24:25.0775 5176 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
00:24:25.0791 5176 NDIS - ok
00:24:25.0822 5176 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:24:25.0822 5176 NdisCap - ok
00:24:25.0838 5176 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:24:25.0838 5176 NdisTapi - ok
00:24:25.0853 5176 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
00:24:25.0853 5176 Ndisuio - ok
00:24:25.0869 5176 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:24:25.0869 5176 NdisWan - ok
00:24:25.0885 5176 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
00:24:25.0900 5176 NDProxy - ok
00:24:25.0900 5176 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:24:25.0900 5176 NetBIOS - ok
00:24:25.0916 5176 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
00:24:25.0916 5176 NetBT - ok
00:24:25.0931 5176 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:24:25.0931 5176 Netlogon - ok
00:24:25.0963 5176 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:24:25.0963 5176 Netman - ok
00:24:25.0978 5176 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:24:25.0978 5176 netprofm - ok
00:24:26.0041 5176 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
00:24:26.0041 5176 netr28x - ok
00:24:26.0119 5176 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:24:26.0134 5176 NetTcpPortSharing - ok
00:24:26.0150 5176 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:24:26.0150 5176 nfrd960 - ok
00:24:26.0181 5176 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
00:24:26.0181 5176 NlaSvc - ok
00:24:26.0306 5176 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
00:24:26.0306 5176 NMIndexingService - ok
00:24:26.0353 5176 NPF (3ceee0be85d24d911b9c02714817774c) C:\Windows\system32\drivers\npf.sys
00:24:26.0368 5176 NPF - ok
00:24:26.0384 5176 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:24:26.0384 5176 Npfs - ok
00:24:26.0415 5176 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:24:26.0415 5176 nsi - ok
00:24:26.0415 5176 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:24:26.0415 5176 nsiproxy - ok
00:24:26.0477 5176 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
00:24:26.0524 5176 Ntfs - ok
00:24:26.0571 5176 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:24:26.0571 5176 Null - ok
00:24:26.0618 5176 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
00:24:26.0618 5176 NVHDA - ok
00:24:27.0008 5176 nvlddmkm (04a048659b8f77f9151308a690f14e87) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:24:27.0195 5176 nvlddmkm - ok
00:24:27.0257 5176 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
00:24:27.0257 5176 nvraid - ok
00:24:27.0273 5176 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
00:24:27.0273 5176 nvstor - ok
00:24:27.0304 5176 nvsvc (35ed605e778509668c08ed15db96e7cd) C:\Windows\system32\nvvsvc.exe
00:24:27.0304 5176 nvsvc - ok
00:24:27.0320 5176 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
00:24:27.0320 5176 nv_agp - ok
00:24:27.0335 5176 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
00:24:27.0335 5176 ohci1394 - ok
00:24:27.0429 5176 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:24:27.0429 5176 ose - ok
00:24:27.0632 5176 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:24:27.0710 5176 osppsvc - ok
00:24:27.0772 5176 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:24:27.0788 5176 p2pimsvc - ok
00:24:27.0819 5176 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:24:27.0835 5176 p2psvc - ok
00:24:27.0850 5176 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:24:27.0850 5176 Parport - ok
00:24:27.0866 5176 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
00:24:27.0866 5176 partmgr - ok
00:24:27.0881 5176 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:24:27.0881 5176 PcaSvc - ok
00:24:27.0897 5176 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
00:24:27.0913 5176 pci - ok
00:24:27.0944 5176 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
00:24:27.0959 5176 pciide - ok
00:24:27.0975 5176 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:24:27.0975 5176 pcmcia - ok
00:24:27.0975 5176 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:24:27.0975 5176 pcw - ok
00:24:28.0006 5176 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:24:28.0022 5176 PEAUTH - ok
00:24:28.0069 5176 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:24:28.0069 5176 PerfHost - ok
00:24:28.0131 5176 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
00:24:28.0162 5176 pla - ok
00:24:28.0209 5176 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
00:24:28.0209 5176 PlugPlay - ok
00:24:28.0225 5176 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:24:28.0225 5176 PNRPAutoReg - ok
00:24:28.0256 5176 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:24:28.0256 5176 PNRPsvc - ok
00:24:28.0287 5176 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
00:24:28.0287 5176 PolicyAgent - ok
00:24:28.0303 5176 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:24:28.0303 5176 Power - ok
00:24:28.0318 5176 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
00:24:28.0318 5176 PptpMiniport - ok
00:24:28.0334 5176 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:24:28.0334 5176 Processor - ok
00:24:28.0365 5176 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
00:24:28.0365 5176 ProfSvc - ok
00:24:28.0381 5176 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:24:28.0396 5176 ProtectedStorage - ok
00:24:28.0396 5176 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
00:24:28.0396 5176 Psched - ok
00:24:28.0459 5176 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:24:28.0490 5176 ql2300 - ok
00:24:28.0552 5176 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:24:28.0552 5176 ql40xx - ok
00:24:28.0583 5176 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:24:28.0583 5176 QWAVE - ok
00:24:28.0599 5176 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:24:28.0599 5176 QWAVEdrv - ok
00:24:28.0615 5176 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:24:28.0615 5176 RasAcd - ok
00:24:28.0646 5176 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:24:28.0646 5176 RasAgileVpn - ok
00:24:28.0661 5176 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:24:28.0677 5176 RasAuto - ok
00:24:28.0677 5176 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:24:28.0677 5176 Rasl2tp - ok
00:24:28.0708 5176 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
00:24:28.0724 5176 RasMan - ok
00:24:28.0724 5176 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:24:28.0724 5176 RasPppoe - ok
00:24:28.0739 5176 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:24:28.0739 5176 RasSstp - ok
00:24:28.0771 5176 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
00:24:28.0771 5176 rdbss - ok
00:24:28.0786 5176 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:24:28.0786 5176 rdpbus - ok
00:24:28.0802 5176 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:24:28.0802 5176 RDPCDD - ok
00:24:28.0802 5176 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:24:28.0817 5176 RDPENCDD - ok
00:24:28.0817 5176 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:24:28.0833 5176 RDPREFMP - ok
00:24:28.0849 5176 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
00:24:28.0849 5176 RDPWD - ok
00:24:28.0864 5176 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
00:24:28.0864 5176 rdyboost - ok
00:24:28.0895 5176 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:24:28.0895 5176 RemoteAccess - ok
00:24:28.0911 5176 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:24:28.0927 5176 RemoteRegistry - ok
00:24:28.0989 5176 rpcapd (e51a8d02b4bd33eba1f7a5b76c3766ed) C:\Program Files (x86)\WinPcap\rpcapd.exe
00:24:28.0989 5176 rpcapd - ok
00:24:29.0005 5176 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:24:29.0005 5176 RpcEptMapper - ok
00:24:29.0020 5176 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:24:29.0020 5176 RpcLocator - ok
00:24:29.0051 5176 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
00:24:29.0051 5176 RpcSs - ok
00:24:29.0051 5176 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:24:29.0067 5176 rspndr - ok
00:24:29.0083 5176 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:24:29.0098 5176 RTL8167 - ok
00:24:29.0098 5176 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:24:29.0098 5176 SamSs - ok
00:24:29.0176 5176 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:24:29.0192 5176 SASDIFSV - ok
00:24:29.0207 5176 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:24:29.0207 5176 SASKUTIL - ok
00:24:29.0223 5176 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
00:24:29.0223 5176 sbp2port - ok
00:24:29.0254 5176 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:24:29.0254 5176 SCardSvr - ok
00:24:29.0270 5176 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
00:24:29.0270 5176 scfilter - ok
00:24:29.0317 5176 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
00:24:29.0348 5176 Schedule - ok
00:24:29.0363 5176 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:24:29.0363 5176 SCPolicySvc - ok
00:24:29.0410 5176 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
00:24:29.0426 5176 SDRSVC - ok
00:24:29.0519 5176 SeaPort (b85bbdbb3b429c5df976ea9d710c2e12) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:24:29.0519 5176 SeaPort - ok
00:24:29.0566 5176 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:24:29.0566 5176 secdrv - ok
00:24:29.0582 5176 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
00:24:29.0597 5176 seclogon - ok
00:24:29.0629 5176 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:24:29.0629 5176 SENS - ok
00:24:29.0644 5176 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:24:29.0644 5176 SensrSvc - ok
00:24:29.0660 5176 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:24:29.0660 5176 Serenum - ok
00:24:29.0675 5176 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:24:29.0675 5176 Serial - ok
00:24:29.0707 5176 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:24:29.0707 5176 sermouse - ok
00:24:29.0738 5176 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
00:24:29.0738 5176 SessionEnv - ok
00:24:29.0753 5176 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
00:24:29.0753 5176 sffdisk - ok
00:24:29.0769 5176 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:24:29.0769 5176 sffp_mmc - ok
00:24:29.0785 5176 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:24:29.0785 5176 sffp_sd - ok
00:24:29.0800 5176 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:24:29.0800 5176 sfloppy - ok
00:24:29.0847 5176 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
00:24:29.0863 5176 Sftfs - ok
00:24:29.0909 5176 sftlist (bfdb58616ff5ea540a5f58301d50641e) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:24:29.0909 5176 sftlist - ok
00:24:29.0941 5176 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:24:29.0941 5176 Sftplay - ok
00:24:29.0956 5176 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:24:29.0972 5176 Sftredir - ok
00:24:29.0987 5176 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
00:24:29.0987 5176 Sftvol - ok
00:24:30.0003 5176 sftvsa (b94c3c4dca2093243c76ca218ede2a97) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:24:30.0003 5176 sftvsa - ok
00:24:30.0065 5176 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:24:30.0065 5176 SharedAccess - ok
00:24:30.0097 5176 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
00:24:30.0112 5176 ShellHWDetection - ok
00:24:30.0128 5176 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:24:30.0128 5176 SiSRaid2 - ok
00:24:30.0143 5176 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:24:30.0143 5176 SiSRaid4 - ok
00:24:30.0159 5176 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:24:30.0159 5176 Smb - ok
00:24:30.0190 5176 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:24:30.0190 5176 SNMPTRAP - ok
00:24:30.0206 5176 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:24:30.0206 5176 spldr - ok
00:24:30.0221 5176 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
00:24:30.0237 5176 Spooler - ok
00:24:30.0362 5176 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
00:24:30.0424 5176 sppsvc - ok
00:24:30.0487 5176 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:24:30.0487 5176 sppuinotify - ok
00:24:30.0518 5176 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
00:24:30.0518 5176 srv - ok
00:24:30.0533 5176 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
00:24:30.0549 5176 srv2 - ok
00:24:30.0549 5176 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
00:24:30.0549 5176 srvnet - ok
00:24:30.0596 5176 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:24:30.0596 5176 SSDPSRV - ok
00:24:30.0611 5176 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:24:30.0611 5176 SstpSvc - ok
00:24:30.0627 5176 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:24:30.0627 5176 stexstor - ok
00:24:30.0674 5176 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
00:24:30.0689 5176 stisvc - ok
00:24:30.0689 5176 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:24:30.0689 5176 swenum - ok
00:24:31.0079 5176 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:24:31.0095 5176 SwitchBoard - ok
00:24:31.0189 5176 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:24:31.0204 5176 swprv - ok
00:24:31.0298 5176 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
00:24:31.0329 5176 SysMain - ok
00:24:31.0407 5176 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
00:24:31.0407 5176 TabletInputService - ok
00:24:31.0438 5176 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
00:24:31.0438 5176 TapiSrv - ok
00:24:31.0454 5176 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:24:31.0454 5176 TBS - ok
00:24:31.0547 5176 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
00:24:31.0579 5176 Tcpip - ok
00:24:31.0719 5176 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
00:24:31.0735 5176 TCPIP6 - ok
00:24:31.0797 5176 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
00:24:31.0797 5176 tcpipreg - ok
00:24:31.0828 5176 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:24:31.0828 5176 TDPIPE - ok
00:24:31.0828 5176 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:24:31.0844 5176 TDTCP - ok
00:24:31.0859 5176 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
00:24:31.0859 5176 tdx - ok
00:24:31.0984 5176 TeamViewer6 (1c46c27e9f1938b9589859c70450d275) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
00:24:32.0015 5176 TeamViewer6 - ok
00:24:32.0203 5176 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
00:24:32.0249 5176 TeamViewer7 - ok
00:24:32.0296 5176 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
00:24:32.0296 5176 TermDD - ok
00:24:32.0343 5176 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
00:24:32.0359 5176 TermService - ok
00:24:32.0374 5176 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:24:32.0374 5176 Themes - ok
00:24:32.0390 5176 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:24:32.0390 5176 THREADORDER - ok
00:24:32.0405 5176 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:24:32.0405 5176 TrkWks - ok
00:24:32.0452 5176 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
00:24:32.0452 5176 TrustedInstaller - ok
00:24:32.0483 5176 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:24:32.0483 5176 tssecsrv - ok
00:24:32.0530 5176 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
00:24:32.0530 5176 tunnel - ok
00:24:32.0546 5176 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:24:32.0546 5176 uagp35 - ok
00:24:32.0577 5176 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
00:24:32.0577 5176 udfs - ok
00:24:32.0624 5176 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
00:24:32.0624 5176 ufad-ws60 - ok
00:24:32.0639 5176 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:24:32.0655 5176 UI0Detect - ok
00:24:32.0655 5176 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:24:32.0671 5176 uliagpkx - ok
00:24:32.0686 5176 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
00:24:32.0686 5176 umbus - ok
00:24:32.0702 5176 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:24:32.0702 5176 UmPass - ok
00:24:32.0827 5176 UNS (02c298382359653bec4c737c2ab7f9c5) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:24:32.0858 5176 UNS - ok
00:24:32.0936 5176 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:24:32.0936 5176 upnphost - ok
00:24:32.0998 5176 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
00:24:33.0014 5176 usbaudio - ok
00:24:33.0029 5176 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
00:24:33.0029 5176 usbccgp - ok
00:24:33.0045 5176 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
00:24:33.0061 5176 usbcir - ok
00:24:33.0076 5176 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
00:24:33.0076 5176 usbehci - ok
00:24:33.0107 5176 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
00:24:33.0107 5176 usbhub - ok
00:24:33.0123 5176 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
00:24:33.0123 5176 usbohci - ok
00:24:33.0139 5176 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:24:33.0154 5176 usbprint - ok
00:24:33.0154 5176 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:24:33.0154 5176 USBSTOR - ok
00:24:33.0170 5176 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
00:24:33.0170 5176 usbuhci - ok
00:24:33.0185 5176 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:24:33.0185 5176 UxSms - ok
00:24:33.0217 5176 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:24:33.0232 5176 VaultSvc - ok
00:24:33.0248 5176 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:24:33.0248 5176 vdrvroot - ok
00:24:33.0279 5176 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
00:24:33.0279 5176 vds - ok
00:24:33.0295 5176 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:24:33.0295 5176 vga - ok
00:24:33.0310 5176 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:24:33.0310 5176 VgaSave - ok
00:24:33.0341 5176 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
00:24:33.0341 5176 vhdmp - ok
00:24:33.0357 5176 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
00:24:33.0357 5176 viaide - ok
00:24:33.0451 5176 VMAuthdService (1f80afac99745122baa8024e93a35c5b) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
00:24:33.0451 5176 VMAuthdService - ok
00:24:33.0482 5176 vmci (72433d7cfe64134c7d1492785c79efd6) C:\Windows\system32\drivers\vmci.sys
00:24:33.0482 5176 vmci - ok
00:24:33.0497 5176 vmkbd (95569794560db9aa8cf27f890096ffe9) C:\Windows\system32\drivers\VMkbd.sys
00:24:33.0497 5176 vmkbd - ok
00:24:33.0513 5176 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
00:24:33.0513 5176 VMnetAdapter - ok
00:24:33.0529 5176 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
00:24:33.0529 5176 VMnetBridge - ok
00:24:33.0529 5176 VMnetDHCP - ok
00:24:33.0544 5176 VMnetuserif (c220e38410a4e4ba359a366db081d2ea) C:\Windows\system32\drivers\vmnetuserif.sys
00:24:33.0544 5176 VMnetuserif - ok
00:24:33.0591 5176 VMUSBArbService (dfef590c1818955e101654c30283f8ea) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
00:24:33.0591 5176 VMUSBArbService - ok
00:24:33.0591 5176 VMware NAT Service - ok
00:24:33.0622 5176 vmx86 (8baf654fdad3420d1dafd57196147457) C:\Windows\system32\drivers\vmx86.sys
00:24:33.0622 5176 vmx86 - ok
00:24:33.0622 5176 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
00:24:33.0622 5176 volmgr - ok
00:24:33.0653 5176 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
00:24:33.0653 5176 volmgrx - ok
00:24:33.0669 5176 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
00:24:33.0669 5176 volsnap - ok
00:24:33.0685 5176 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:24:33.0685 5176 vsmraid - ok
00:24:33.0747 5176 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
00:24:33.0778 5176 VSS - ok
00:24:33.0794 5176 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
00:24:33.0794 5176 vstor2-ws60 - ok
00:24:33.0872 5176 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:24:33.0872 5176 vwifibus - ok
00:24:33.0903 5176 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:24:33.0903 5176 vwififlt - ok
00:24:33.0919 5176 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:24:33.0934 5176 W32Time - ok
00:24:33.0965 5176 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:24:33.0965 5176 WacomPen - ok
00:24:33.0997 5176 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:24:33.0997 5176 WANARP - ok
00:24:33.0997 5176 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:24:33.0997 5176 Wanarpv6 - ok
00:24:34.0059 5176 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
00:24:34.0075 5176 wbengine - ok
00:24:34.0153 5176 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:24:34.0153 5176 WbioSrvc - ok
00:24:34.0184 5176 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
00:24:34.0184 5176 wcncsvc - ok
00:24:34.0199 5176 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:24:34.0215 5176 WcsPlugInService - ok
00:24:34.0231 5176 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:24:34.0231 5176 Wd - ok
00:24:34.0262 5176 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:24:34.0262 5176 Wdf01000 - ok
00:24:34.0277 5176 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:24:34.0277 5176 WdiServiceHost - ok
00:24:34.0277 5176 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:24:34.0293 5176 WdiSystemHost - ok
00:24:34.0293 5176 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
00:24:34.0309 5176 WebClient - ok
00:24:34.0324 5176 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:24:34.0324 5176 Wecsvc - ok
00:24:34.0340 5176 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:24:34.0340 5176 wercplsupport - ok
00:24:34.0387 5176 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:24:34.0387 5176 WerSvc - ok
00:24:34.0402 5176 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:24:34.0402 5176 WfpLwf - ok
00:24:34.0418 5176 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:24:34.0418 5176 WIMMount - ok
00:24:34.0433 5176 WinDefend - ok
00:24:34.0433 5176 WinHttpAutoProxySvc - ok
00:24:34.0496 5176 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:24:34.0496 5176 Winmgmt - ok
00:24:34.0574 5176 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
00:24:34.0636 5176 WinRM - ok
00:24:34.0730 5176 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
00:24:34.0730 5176 WinUsb - ok
00:24:34.0777 5176 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:24:34.0777 5176 Wlansvc - ok
00:24:34.0901 5176 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:24:34.0917 5176 wlidsvc - ok
00:24:34.0995 5176 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:24:34.0995 5176 WmiAcpi - ok
00:24:35.0026 5176 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:24:35.0026 5176 wmiApSrv - ok
00:24:35.0042 5176 WMPNetworkSvc - ok
00:24:35.0089 5176 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:24:35.0104 5176 WPCSvc - ok
00:24:35.0120 5176 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
00:24:35.0135 5176 WPDBusEnum - ok
00:24:35.0151 5176 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:24:35.0151 5176 ws2ifsl - ok
00:24:35.0167 5176 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
00:24:35.0167 5176 wscsvc - ok
00:24:35.0167 5176 WSearch - ok
00:24:35.0260 5176 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
00:24:35.0307 5176 wuauserv - ok
00:24:35.0369 5176 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
00:24:35.0369 5176 WudfPf - ok
00:24:35.0385 5176 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:24:35.0385 5176 WUDFRd - ok
00:24:35.0416 5176 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
00:24:35.0416 5176 wudfsvc - ok
00:24:35.0432 5176 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:24:35.0447 5176 WwanSvc - ok
00:24:35.0463 5176 MBR (0x1B8) (c26ca00a270d87c6d79a500e4bdcf633) \Device\Harddisk0\DR0
00:24:35.0603 5176 \Device\Harddisk0\DR0 - ok
00:24:35.0603 5176 Boot (0x1200) (9ef95e95e7e17cd432a98db80fefcd26) \Device\Harddisk0\DR0\Partition0
00:24:35.0619 5176 \Device\Harddisk0\DR0\Partition0 - ok
00:24:35.0650 5176 Boot (0x1200) (13332bd02767dd0920091ffb5663617e) \Device\Harddisk0\DR0\Partition1
00:24:35.0650 5176 \Device\Harddisk0\DR0\Partition1 - ok
00:24:35.0666 5176 Boot (0x1200) (001293bfdc82a19bcb5a8a7cf19f9b39) \Device\Harddisk0\DR0\Partition2
00:24:35.0666 5176 \Device\Harddisk0\DR0\Partition2 - ok
00:24:35.0681 5176 Boot (0x1200) (53044db4d7dc40c1ec9f154298cefd3e) \Device\Harddisk0\DR0\Partition3
00:24:35.0681 5176 \Device\Harddisk0\DR0\Partition3 - ok
00:24:35.0713 5176 Boot (0x1200) (f2daa724110ee52337b9d83c11cb9da9) \Device\Harddisk0\DR0\Partition4
00:24:35.0713 5176 \Device\Harddisk0\DR0\Partition4 - ok
00:24:35.0713 5176 ============================================================
00:24:35.0713 5176 Scan finished
00:24:35.0713 5176 ============================================================
00:24:35.0728 4872 Detected object count: 0
00:24:35.0728 4872 Actual detected object count: 0





aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-02 00:31:21
-----------------------------
00:31:21.430 OS Version: Windows x64 6.1.7600
00:31:21.430 Number of processors: 4 586 0x2502
00:31:21.430 ComputerName: HP UserName: RJ
00:31:23.209 Initialize success
00:31:23.271 AVAST engine defs: 12062900
00:31:26.469 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:31:26.485 Disk 0 Vendor: ST375052 HP35 Size: 715404MB BusType: 8
00:31:26.500 Disk 0 MBR read successfully
00:31:26.500 Disk 0 MBR scan
00:31:26.500 Disk 0 unknown MBR code
00:31:26.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:31:26.531 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 361350 MB offset 206848
00:31:26.531 Disk 0 Partition - 00 0F Extended LBA 342113 MB offset 740251648
00:31:26.578 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11839 MB offset 1440899072
00:31:26.625 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 204805 MB offset 740259198
00:31:26.625 Disk 0 Partition - 00 05 Extended 137304 MB offset 1159700220
00:31:26.656 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 137304 MB offset 1159700283
00:31:26.703 Disk 0 scanning C:\Windows\system32\drivers
00:31:35.267 Service scanning
00:31:45.657 Modules scanning
00:31:45.657 Disk 0 trace - called modules:
00:31:45.688 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:31:45.688 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049fa060]
00:31:45.704 3 CLASSPNP.SYS[fffff88000c5543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046d9050]
00:31:47.841 AVAST engine scan C:\Windows
00:31:50.899 AVAST engine scan C:\Windows\system32
00:32:57.760 AVAST engine scan C:\Windows\system32\drivers
00:33:05.155 AVAST engine scan C:\Users\RJ
00:43:13.571 Disk 0 MBR has been saved successfully to "C:\Users\RJ\Desktop\BC2\MBR.dat"
00:43:13.571 The log file has been saved successfully to "C:\Users\RJ\Desktop\BC2\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:08 AM

Posted 01 July 2012 - 11:51 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sanjoo9211

sanjoo9211
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 02 July 2012 - 12:23 AM

Report from Combofix

ComboFix 12-07-01.03 - RJ 07/02/2012 1:02.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3959.991 [GMT -4:00]
Running from: c:\users\RJ\Desktop\BC2\ComboFix.exe
Command switches used :: c:\users\RJ\Desktop\BC2\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 05:06 . 2012-07-02 05:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 05:06 . 2012-07-02 05:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-15 04:26 . 2012-06-15 04:26 -------- d-----w- c:\program files (x86)\WinPcap
2012-06-15 04:25 . 2012-06-15 04:28 -------- d-----w- c:\program files (x86)\WMR11
2012-06-15 04:23 . 2012-06-15 04:23 -------- d-----w- c:\program files (x86)\WM Recorder
2012-06-05 22:33 . 2012-06-05 22:33 -------- d-----w- c:\users\RJ\AppData\Roaming\SUPERAntiSpyware.com
2012-06-05 22:33 . 2012-06-05 22:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-05 22:33 . 2012-06-05 22:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 02:25 . 2012-05-06 02:25 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 02:25 . 2012-01-05 03:32 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2012-05-29 22:44 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-01_21.08.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-01 18:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-02 02:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-01 18:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-02 02:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-02 02:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-01 18:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"cdloader"="c:\users\RJ\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-05-16 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-01-15 284696]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2010-09-21 129584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2011-11-12 24576]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 40464]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-03-24 37392]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-01-15 13336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-09-21 80944]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-01-28 86120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 00375478
*NewlyCreated* - ASWMBR
*Deregistered* - 00375478
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417966123-2682203076-2084814262-1001Core.job
- c:\users\RJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 03:30]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417966123-2682203076-2084814262-1001UA.job
- c:\users\RJ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 03:30]
.
2012-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Block This Image (ABP) - c:\program files (x86)\Adblock Pro\blockimg.html
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 10.0.2.1
FF - ProfilePath - c:\users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\lrzu37oo.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-02 01:07:56
ComboFix-quarantined-files.txt 2012-07-02 05:07
ComboFix2.txt 2012-07-01 21:10
.
Pre-Run: 330,903,552,000 bytes free
Post-Run: 330,616,688,640 bytes free
.
- - End Of File - - 8322EB8E579E453FC2C828D5D2316A9F





Let me know of any problems you may have had

I did not encounter any issues when running CFScript.




How is the computer doing now after running the script?

Issue has been resolved. I ran multiple searches on FireFox and none of the search results were redirected. I also ran a couple of searches on Internet Explorer and it ran without issues.

What was the issue with my PC and what does the CFScript do to resolve this. I can understand if you choose not to answer this question and this maybe outside the scope of this forum.

I really appreciate all your efforts on this.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:08 AM

Posted 02 July 2012 - 12:42 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sanjoo9211

sanjoo9211
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 02 July 2012 - 01:21 AM

Log From MBAM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.02.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
RJ :: HP [administrator]

7/2/2012 2:07:18 AM
mbam-log-2012-07-02 (02-07-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218490
Time elapsed: 1 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





Report from Hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:13:55 AM, on 7/2/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\RJ\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files (x86)\Adblock Pro\blockimg.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
O9 - Extra 'Tools' menuitem: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/68.15/uploader2.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11434 bytes





Let me know of any problems you may have had

Did not have any problems unistalling µTorrent or Java™ 6 Update 29.
Installed Java 7 Update 5 without any issue.
CCleaner installed and run as you suggested without any issues.
MBAM & HijackThis ran without issues.



How is the computer doing now?

Computer is still doing great. I don't have redirect issues. In fact computer was running much better after the CFScript.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:08 AM

Posted 02 July 2012 - 01:25 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
      O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sanjoo9211

sanjoo9211
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 02 July 2012 - 07:33 PM

These logs are looking very good, we are almost done!!! Just one more scan to go.

Thank you for your assistance. I appreciate your dedication and prompt replies. I wouldn't have been able to restore my system without your guidance.




:Remove unneeded start-up entries:[/color]

Completed. Removed all the items that you suggested to be removed.




Eset Online Scanner

Doesn't look very exciting...

C:\Qoobox\Quarantine\C\Users\RJ\AppData\Local\Diagnostics\Adobe\fhrpqqt.dll.vir a variant of Win32/Kryptik.AHNI trojan
C:\Users\RJ\AppData\Local\Google\Chrome\User Data\Default\Default\aadfdfdddgdegdgcdcdgdcdjdedfgddj\background.html Win32/BHO.OEI trojan
C:\Users\RJ\AppData\Local\HP MediaSmart Video\Hewlett-Packard\fitzh.dll a variant of Win32/Kryptik.AGJS trojan
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\lrzu37oo.default\extensions\evactnmcpw@evactnmcpw.org.xpi JS/Redirector.NCA trojan
X:\200GB_02\Apps\TinyXP-Rev09.iso Win32/CMDOW.143 application
X:\200GB_02\Apps\Traktor DJ Studio 3.0.0.41+KeyGen.zip a variant of Win32/Keygen.AA application
X:\200GB_02\Apps\AUTODESK AUTOCAD LT 2009\acadlt2009_win32.iso a variant of Win32/Keygen.BT application
X:\200GB_02\Apps\AUTODESK AUTOCAD LT 2009\XF-ACADLT2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
X:\200GB_02\Apps\Nero 7.10.1.0\Keygen.exe Win32/Keygen.AJ application
X:\200GB_02\Apps\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application
X:\200GB_02\Apps\RiverPast Collection\River.Past.3GP.Booster.Pack.v2.5.WinALL-CHiCNCREAM\mocnc15a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.Animated.GIF.Booster.Pack.v2.5.WinALL-CHiCNCREAM\mocnc16a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.Audio.Capture.v7.5.0.0.WinALL-CHiCNCREAM\mocnc01a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.Audio.CD.Ripper.v6.5.0.0.WinALL-CHiCNCREAM\mocnc02a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.Audio.Converter.Pro.v7.5.0.0.WinALL-CHiCNCREAM\mocnc03a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.Cam.Do.Webmaster.Edition.v3.5.0.0.WinALL-CHiCNCREAM\mocnc05a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.DVD.QuickRip.v1.5.0.0.WinALL-CHiCNCREAM\mocnc07a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.Image.Sequence.Booster.Pack.v2.5.WinALL-CHiCNCREAM\mocnc17a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.MOV.Booster.Pack.v3.5.WinALL-CHiCNCREAM\mocnc18a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.MPEG-2.Booster.Pack.v1.5.WinALL-CHiCNCREAM\mocnc19a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.MPEG-4.Booster.Pack.v2.5.WinALL-CHiCNCREAM\mocnc20a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.PlayDV.v5.5.0.0.WinALL-CHiCNCREAM\mocnc08a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.RealMedia.Booster.Pack.v2.5.WinALL-CHiCNCREAM\mocnc21a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.Screen.Recorder.Pro.v7.5.0.0.WinALL-CHiCNCREAM\mocnc09a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.Talkative.v5.5.0.0.WinALL-CHiCNCREAM\mocnc11a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.Video.Cleaner.Pro.v7.5.0.0.WinALL-CHiCNCREAM\mocnc12a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.Video.Perspective.v7.5.0.0.WinALL-CHiCNCREAM\mocnc13a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Apps\RiverPast Collection\River.Past.Video.Slice.v5.5.0.0.WinALL-CHiCNCREAM\mocnc14a.zip a variant of Win32/HackTool.Patcher.A application
X:\200GB_02\Downloads\Alien Skin BlowUp 2.0.2 For Adobe Photoshop.rar a variant of Win32/Keygen.CX application
X:\200GB_02\Downloads\keygen.exe a variant of Win32/Keygen.CX application
X:\200GB_02\Downloads\Alien Skin (Complete Photoshop Plugin Collection)\Blow Up v1.0.2.exe probably a variant of Win32/Agent.CVRCHWO trojan
X:\200GB_02\Downloads\Alien Skin (Complete Photoshop Plugin Collection)\Keygens\Eye Candy v5.1 - Nature (Retail) Keygen.exe probably a variant of Win32/Agent.FHGSXPM trojan
X:\200GB_02\Downloads\Alien Skin (Complete Photoshop Plugin Collection)\Keygens\MultiKeygen v1.0.exe probably a variant of Win32/Agent.DBVCZBI trojan
X:\200GB_02\Downloads\Reshade.Image.Enlarger.v1.51-RES\Reshade.Image.Enlarger.v1.51-RES\Reshade.Image.Enlarger.v1.51-RES.rar a variant of Win32/HackTool.Patcher.D application
X:\200GB_02\Downloads\Sony Vegas Pro 8.0\Keygen.exe a variant of Win32/Keygen.AR application
X:\200GB_02\Downloads\VSO ConvertXtoDVD 3.5.3.139\ConvertXtoDVD Keygen.exe a variant of Win32/Keygen.AS application
X:\300GB_03\20GB_HDD_Backup\iPod_backup\RJ\Tune Up Utilities 2008+keygen\TU2008 Keymaker.rar a variant of Win32/Keygen.BB application
X:\300GB_03\20GB_HDD_Backup\share\Downloads\Nero 7.10.1.0\Keygen.exe Win32/Keygen.AJ application
X:\300GB_03\20GB_HDD_Backup\share\Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application
Y:\Downloads\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.rar a variant of Win32/HackTool.Patcher.P application
Y:\Downloads\setup.exe Win32/AdClicker.NAL trojan
Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\CORE - Master Collection + Other Apps (See Readme)\keygen.exe a variant of Win32/Keygen.BH application
Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\CORE - Soundbooth CS5\keygen.exe a variant of Win32/Keygen.BH application
Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\EMBRACE - Dreamweaver CS5\Adobe.Dreamweaver.CS5.v11.0.4909.Keymaker.Only-EMBRACE.exe a variant of Win32/HackTool.Patcher.P application
Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\EMBRACE - Flash Professional CS5\Adobe.Flash.Professional.CS5.Keymaker.Only-EMBRACE.exe a variant of Win32/HackTool.Patcher.P application
Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\EMBRACE - InDesign CS5\Adobe.InDesign.CS5.Keymaker.Only-EMBRACE.exe a variant of Win32/HackTool.Patcher.P application
Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\EMBRACE - Photoshop CS5 Extended\Adobe.Photoshop.CS5.Extended.v12.Keymaker.Only-EMBRACE.exe a variant of Win32/HackTool.Patcher.P application
Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\EMBRACE - Premier Professional CS5\keygen.exe a variant of Win32/HackTool.Patcher.P application
Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\EMBRACE - Premier Professional CS5\keygen_plugin.exe a variant of Win32/Keygen.BK application
Y:\Downloads\Mac OS X 10.6.2 Virtual Machine for VMware\VMware Workstation 7.0.0-203739.7z a variant of Win32/Keygen.BN application
Y:\Downloads\Microsoft Office 2010 Professional Plus\14.0.4763.1000_ProfessionalPlus_en-usx64-x86_dvd.rar a variant of Win32/Injector.FGL trojan
Y:\Downloads\Nero 7.10.1.0\Keygen.exe Win32/Keygen.AJ application
Y:\Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application
Y:\Downloads\Photoshop Plug-Ins & Add-Ons (J & K)\Kodak Eastman, Digital Roc v1.1.2 for Windows 98meNT2000XP.rar a variant of Win32/Keygen.BH application
Y:\Downloads\Photoshop Plug-Ins & Add-Ons (J & K)\Kodak Eastman, Digital Sho v1.1.2.rar a variant of Win32/Keygen.BH application
Y:\Downloads\Portraiture 2.3\portraiture_full_verison\PortraiturePlugin2308\Keygen\keygen.exe a variant of Win32/Keygen.CX application
Y:\Downloads\Portraiture v2.2 for Lightroom\keygen.exe a variant of Win32/Keygen.CX application
Y:\Downloads\Sony Vegas Pro 9.0 64-bit\Keygen\Keygen.exe a variant of Win32/Keygen.AR application

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:08 AM

Posted 02 July 2012 - 08:51 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\RJ\AppData\Local\Google\Chrome\User Data\Default\Default\aadfdfdddgdegdgcdcdgdcdjdedfgddj\background.html"
    del /f /s /q "C:\Users\RJ\AppData\Local\HP MediaSmart Video\Hewlett-Packard\fitzh.dll"
    del /f /s /q "C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\lrzu37oo.default\extensions\evactnmcpw@evactnmcpw.org.xpi"
    del /f /s /q "X:\200GB_02\Apps\TinyXP-Rev09.iso"
    del /f /s /q "X:\200GB_02\Apps\Traktor DJ Studio 3.0.0.41+KeyGen.zip"
    del /f /s /q "X:\200GB_02\Apps\AUTODESK AUTOCAD LT 2009\acadlt2009_win32.iso"
    del /f /s /q "X:\200GB_02\Apps\AUTODESK AUTOCAD LT 2009\XF-ACADLT2k9-32bit-KG.exe"
    del /f /s /q "X:\200GB_02\Apps\Nero 7.10.1.0\Keygen.exe"
    del /f /s /q "X:\200GB_02\Apps\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.3GP.Booster.Pack.v2.5.WinALL-CHiCNCREAM\mocnc15a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.Animated.GIF.Booster.Pack.v2.5.WinALL-CHiCNCREAM\mocnc16a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.Audio.Capture.v7.5.0.0.WinALL-CHiCNCREAM\mocnc01a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.Audio.CD.Ripper.v6.5.0.0.WinALL-CHiCNCREAM\mocnc02a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.Audio.Converter.Pro.v7.5.0.0.WinALL-CHiCNCREAM\mocnc03a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.Cam.Do.Webmaster.Edition.v3.5.0.0.WinALL-CHiCNCREAM\mocnc05a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.DVD.QuickRip.v1.5.0.0.WinALL-CHiCNCREAM\mocnc07a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.Image.Sequence.Booster.Pack.v2.5.WinALL-CHiCNCREAM\mocnc17a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.MOV.Booster.Pack.v3.5.WinALL-CHiCNCREAM\mocnc18a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.MPEG-2.Booster.Pack.v1.5.WinALL-CHiCNCREAM\mocnc19a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.MPEG-4.Booster.Pack.v2.5.WinALL-CHiCNCREAM\mocnc20a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.PlayDV.v5.5.0.0.WinALL-CHiCNCREAM\mocnc08a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.RealMedia.Booster.Pack.v2.5.WinALL-CHiCNCREAM\mocnc21a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.Screen.Recorder.Pro.v7.5.0.0.WinALL-CHiCNCREAM\mocnc09a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.Talkative.v5.5.0.0.WinALL-CHiCNCREAM\mocnc11a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.Video.Cleaner.Pro.v7.5.0.0.WinALL-CHiCNCREAM\mocnc12a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.Video.Perspective.v7.5.0.0.WinALL-CHiCNCREAM\mocnc13a.zip"
    del /f /s /q "X:\200GB_02\Apps\RiverPast Collection\River.Past.Video.Slice.v5.5.0.0.WinALL-CHiCNCREAM\mocnc14a.zip"
    del /f /s /q "X:\200GB_02\Downloads\Alien Skin BlowUp 2.0.2 For Adobe Photoshop.rar a variant of Win32/Keygen.CX application"
    del /f /s /q "X:\200GB_02\Downloads\keygen.exe"
    del /f /s /q "X:\200GB_02\Downloads\Alien Skin (Complete Photoshop Plugin Collection)\Blow Up v1.0.2.exe"
    del /f /s /q "X:\200GB_02\Downloads\Alien Skin (Complete Photoshop Plugin Collection)\Keygens\Eye Candy v5.1 - Nature (Retail) Keygen.exe"
    del /f /s /q "X:\200GB_02\Downloads\Alien Skin (Complete Photoshop Plugin Collection)\Keygens\MultiKeygen v1.0.exe"
    del /f /s /q "X:\200GB_02\Downloads\Reshade.Image.Enlarger.v1.51-RES\Reshade.Image.Enlarger.v1.51-RES\Reshade.Image.Enlarger.v1.51-RES.rar"
    del /f /s /q "X:\200GB_02\Downloads\Sony Vegas Pro 8.0\Keygen.exe"
    del /f /s /q "X:\200GB_02\Downloads\VSO ConvertXtoDVD 3.5.3.139\ConvertXtoDVD Keygen.exe"
    del /f /s /q "X:\300GB_03\20GB_HDD_Backup\iPod_backup\RJ\Tune Up Utilities 2008+keygen\TU2008 Keymaker.rar"
    del /f /s /q "X:\300GB_03\20GB_HDD_Backup\share\Downloads\Nero 7.10.1.0\Keygen.exe"
    del /f /s /q "X:\300GB_03\20GB_HDD_Backup\share\Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe"
    del /f /s /q "Y:\Downloads\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.rar"
    del /f /s /q "Y:\Downloads\setup.exe"
    del /f /s /q "Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\CORE - Master Collection + Other Apps (See Readme)\keygen.exe"
    del /f /s /q "Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\CORE - Soundbooth CS5\keygen.exe a variant of Win32/Keygen.BH application"
    del /f /s /q "Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\EMBRACE - Dreamweaver CS5\Adobe.Dreamweaver.CS5.v11.0.4909.Keymaker.Only-EMBRACE.exe"
    del /f /s /q "Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\EMBRACE - Flash Professional CS5\Adobe.Flash.Professional.CS5.Keymaker.Only-EMBRACE.exe"
    del /f /s /q "Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\EMBRACE - InDesign CS5\Adobe.InDesign.CS5.Keymaker.Only-EMBRACE.exe"
    del /f /s /q "Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\EMBRACE - Photoshop CS5 Extended\Adobe.Photoshop.CS5.Extended.v12.Keymaker.Only-EMBRACE.exe"
    del /f /s /q "Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\EMBRACE - Premier Professional CS5\keygen.exe"
    del /f /s /q "Y:\Downloads\All Adobe CS5 Keygen EMBRACE & CORE + All Serials Adobe CS5\EMBRACE - Premier Professional CS5\keygen_plugin.exe"
    del /f /s /q "Y:\Downloads\Mac OS X 10.6.2 Virtual Machine for VMware\VMware Workstation 7.0.0-203739.7z"
    del /f /s /q "Y:\Downloads\Microsoft Office 2010 Professional Plus\14.0.4763.1000_ProfessionalPlus_en-usx64-x86_dvd.rar"
    del /f /s /q "Y:\Downloads\Nero 7.10.1.0\Keygen.exe"
    del /f /s /q "Y:\Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe"
    del /f /s /q "Y:\Downloads\Photoshop Plug-Ins & Add-Ons (J & K)\Kodak Eastman, Digital Roc v1.1.2 for Windows 98meNT2000XP.rar"
    del /f /s /q "Y:\Downloads\Photoshop Plug-Ins & Add-Ons (J & K)\Kodak Eastman, Digital Sho v1.1.2.rar"
    del /f /s /q "Y:\Downloads\Portraiture 2.3\portraiture_full_verison\PortraiturePlugin2308\Keygen\keygen.exe"
    del /f /s /q "Y:\Downloads\Portraiture v2.2 for Lightroom\keygen.exe"
    del /f /s /q "Y:\Downloads\Sony Vegas Pro 9.0 64-bit\Keygen\Keygen.exe"del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:08 AM

Posted 05 July 2012 - 08:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users