Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TR/ATRAPS.Gen2 and Heur/Modified.SystemFile


  • This topic is locked This topic is locked
17 replies to this topic

#1 BFISTER

BFISTER

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 02 July 2012 - 06:57 AM

Hello,

I have Dell noteboob with Windows 7 Professional and I am infected with several trojan viruses. Can someone please help me to remove all of them. THank you!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:05 AM

Posted 02 July 2012 - 11:18 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 BFISTER

BFISTER
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 03 July 2012 - 06:05 AM

Hello Gringo,

Thank you very much for your quick reply.

I am pasting now the Security Check log:

Results of screen317's Security Check version 0.99.42
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
XoftSpySE
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 30
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Mozilla Thunderbird 10.0.1 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````



And Combobox log:

ComboFix 12-07-02.01 - tfister 03.07.2012 9:15.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.386.1033.18.3893.2058 [GMT 2:00]
Running from: c:\users\tfister\Desktop\Bleeping\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\tfister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\@
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\00000001.@
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\80000000.@
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\800000cb.@
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz1BAD.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz216B.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz251E.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz2CFC.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz43BA.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz44B7.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz5536.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz594F.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz5D03.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz640A.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz8249.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz8508.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz893F.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz95B5.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzAD14.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzB1AA.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzB2BC.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzB35E.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzB55E.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzB627.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzDC01.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzE20B.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzE29B.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzF181.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzF2A4.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzF3C2.tmp
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
c:\windows\XSxS
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.


For now computer runs OK, I hope it stays like that :).

Hope to hear from you soon that my computer is clean. Thank you!

Best regards,
B.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:05 AM

Posted 03 July 2012 - 07:18 AM

greetings


that is only part of the report - can you resend the whole report please.


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 BFISTER

BFISTER
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 03 July 2012 - 08:39 AM

Ohh, yes sorry. Here is complete report:

ComboFix 12-07-02.01 - tfister 03.07.2012 9:15.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.386.1033.18.3893.2058 [GMT 2:00]
Running from: c:\users\tfister\Desktop\Bleeping\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\tfister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\@
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\00000001.@
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\80000000.@
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\800000cb.@
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz1BAD.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz216B.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz251E.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz2CFC.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz43BA.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz44B7.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz5536.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz594F.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz5D03.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz640A.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz8249.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz8508.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz893F.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz95B5.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzAD14.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzB1AA.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzB2BC.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzB35E.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzB55E.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzB627.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzDC01.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzE20B.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzE29B.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzF181.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzF2A4.tmp
c:\windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzF3C2.tmp
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
c:\windows\XSxS
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 07:27 . 2012-07-03 07:27 -------- d-----w- c:\users\user\AppData\Local\temp
2012-07-03 07:27 . 2012-07-03 07:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 07:27 . 2012-07-03 07:27 -------- d-----w- c:\users\bfister\AppData\Local\temp
2012-07-01 08:50 . 2012-07-01 08:50 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-01 08:50 . 2012-07-01 08:50 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-01 08:34 . 2012-07-01 08:34 -------- d-----w- c:\users\tfister\AppData\Local\Macromedia
2012-06-21 14:55 . 2012-06-21 14:55 -------- d-----w- c:\programdata\ParetoLogic
2012-06-21 14:55 . 2012-06-21 14:55 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2012-06-21 14:54 . 2012-06-21 14:54 -------- d-----w- c:\programdata\XoftSpySE
2012-06-21 14:54 . 2012-06-21 14:54 -------- d-----w- c:\program files (x86)\Common Files\XoftSpySE
2012-06-21 14:54 . 2012-06-21 14:55 -------- d-----w- c:\program files (x86)\XoftSpySE6
2012-06-20 10:04 . 2012-06-20 10:04 691 ----a-w- c:\users\tfister\AppData\Roaming\GetValue.vbs
2012-06-20 10:04 . 2012-06-20 10:04 35 ----a-w- c:\users\tfister\AppData\Roaming\SetValue.bat
2012-06-20 06:44 . 2012-06-20 06:44 -------- d-----w- c:\users\tfister\AppData\Roaming\SUPERAntiSpyware.com
2012-06-20 06:43 . 2012-06-20 06:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-20 06:43 . 2012-06-20 06:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-20 06:08 . 2012-06-20 06:08 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-19 20:34 . 2012-06-19 21:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-19 20:34 . 2012-06-19 20:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-19 20:20 . 2012-06-19 20:20 -------- d-----w- c:\users\tfister\AppData\Roaming\AVG2012
2012-06-19 20:20 . 2012-06-19 20:20 -------- d--h--w- c:\programdata\Common Files
2012-06-19 20:19 . 2012-06-19 20:19 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-19 20:19 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-19 20:19 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-19 20:19 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-19 20:19 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-19 20:19 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-19 20:19 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-19 20:19 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-19 20:19 . 2012-07-03 06:21 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-19 20:19 . 2012-06-19 20:25 -------- d-----w- c:\programdata\AVG2012
2012-06-19 20:19 . 2012-06-19 20:19 -------- d-----w- C:\$AVG
2012-06-19 20:18 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-19 20:18 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-06-19 20:18 . 2012-06-19 20:18 -------- d-----w- c:\program files (x86)\AVG
2012-06-19 20:18 . 2012-06-19 20:18 -------- d-----w- c:\programdata\AVAST Software
2012-06-19 20:18 . 2012-06-19 20:18 -------- d-----w- c:\program files\AVAST Software
2012-06-19 20:16 . 2012-07-03 06:21 -------- d-----w- c:\programdata\MFAData
2012-06-19 13:43 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 13:43 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 13:43 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 13:43 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 13:43 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 13:43 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 13:43 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 13:43 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 13:43 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 15:46 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 15:46 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 15:46 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 15:46 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 15:46 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 15:46 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 15:46 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 15:46 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 15:45 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 15:45 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-13 15:45 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 15:44 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 15:44 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 15:44 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 15:44 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 15:44 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 15:44 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-11 07:14 . 2012-06-11 07:14 -------- d-----w- C:\sh4ldr
2012-06-11 07:14 . 2012-06-11 07:14 110080 ----a-r- c:\users\tfister\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
2012-06-11 07:14 . 2012-06-11 07:14 110080 ----a-r- c:\users\tfister\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
2012-06-11 07:14 . 2012-06-11 07:14 110080 ----a-r- c:\users\tfister\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
2012-06-11 07:14 . 2012-06-11 07:14 -------- d-----w- c:\program files\Enigma Software Group
2012-06-11 07:14 . 2012-06-11 07:14 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-11 07:14 . 2012-06-11 07:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-10 18:30 . 2012-06-13 11:16 -------- d-----w- c:\programdata\B7E858860010CFDD006B3610A6014588
2012-06-08 22:10 . 2012-05-14 23:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50459807-09AC-4A26-96DE-7416F77601B3}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 20:28 . 2012-05-10 10:23 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-28 20:28 . 2011-12-09 16:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-27 20:58 . 2009-05-21 19:21 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-27 20:58 . 2009-05-21 17:57 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-02 13:24 . 2012-06-01 21:47 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-27 08:20 . 2012-06-01 21:47 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-24 22:32 . 2012-06-01 21:47 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-19 02:50 . 2012-04-19 02:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-04 13:56 . 2012-06-01 22:29 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeCall"="c:\program files (x86)\FreeCall.com\FreeCall\freecall.exe" [2012-03-21 18013560]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-27 296056]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\tfister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 250056]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-01 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2012-01-04 16640]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-09 1255736]
R3 XoftSpyService;XoftSpyService;c:\program files (x86)\Common Files\XoftSpySE\6\xoftspyservice.exe [2010-09-29 582424]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-06-13 5161080]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-30 53800]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-30 35104]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys [2009-12-22 72744]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-17 7680512]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 20:28]
.
2012-07-03 c:\windows\Tasks\Dsrsykjeb.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-07-02 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-07-02 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-09-29 18:43]
.
2012-06-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-07-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-07-01 c:\windows\Tasks\XoftSpySE.job
- c:\program files (x86)\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.si/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.100 192.168.0.1 212.18.32.10 212.18.32.12
TCP: Interfaces\{E10018CD-8764-4219-BCE4-59E9D7DFB7D7}: NameServer = 10.0.0.1
FF - ProfilePath - c:\users\tfister\AppData\Roaming\Mozilla\Firefox\Profiles\iqzb6max.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2012-07-03 09:53:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-03 07:53
.
Pre-Run: 171.602.702.336 bytes free
Post-Run: 172.891.140.096 bytes free
.
- - End Of File - - FEB83F32B416103372A3E8626E064650

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:05 AM

Posted 03 July 2012 - 08:40 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 BFISTER

BFISTER
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 03 July 2012 - 09:05 AM

Here TDSkiller:

15:44:55.0396 6036 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
15:44:55.0575 6036 ============================================================
15:44:55.0575 6036 Current date / time: 2012/07/03 15:44:55.0575
15:44:55.0575 6036 SystemInfo:
15:44:55.0576 6036
15:44:55.0576 6036 OS Version: 6.1.7600 ServicePack: 0.0
15:44:55.0576 6036 Product type: Workstation
15:44:55.0576 6036 ComputerName: TATJANA-NB
15:44:55.0576 6036 UserName: tfister
15:44:55.0576 6036 Windows directory: C:\Windows
15:44:55.0576 6036 System windows directory: C:\Windows
15:44:55.0576 6036 Running under WOW64
15:44:55.0576 6036 Processor architecture: Intel x64
15:44:55.0576 6036 Number of processors: 4
15:44:55.0576 6036 Page size: 0x1000
15:44:55.0577 6036 Boot type: Normal boot
15:44:55.0577 6036 ============================================================
15:44:57.0854 6036 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:44:57.0870 6036 ============================================================
15:44:57.0870 6036 \Device\Harddisk0\DR0:
15:44:57.0870 6036 MBR partitions:
15:44:57.0870 6036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:44:57.0870 6036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x199636EE
15:44:57.0884 6036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x19995F2D, BlocksNum 0x209EED14
15:44:57.0884 6036 ============================================================
15:44:57.0922 6036 C: <-> \Device\Harddisk0\DR0\Partition1
15:44:57.0950 6036 D: <-> \Device\Harddisk0\DR0\Partition2
15:44:57.0950 6036 ============================================================
15:44:57.0950 6036 Initialize success
15:44:57.0950 6036 ============================================================
15:45:01.0822 6076 ============================================================
15:45:01.0822 6076 Scan started
15:45:01.0822 6076 Mode: Manual;
15:45:01.0822 6076 ============================================================
15:45:03.0055 6076 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:45:03.0066 6076 1394ohci - ok
15:45:03.0113 6076 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:45:03.0117 6076 ACPI - ok
15:45:03.0136 6076 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:45:03.0139 6076 AcpiPmi - ok
15:45:03.0226 6076 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:45:03.0227 6076 AdobeARMservice - ok
15:45:03.0375 6076 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:45:03.0394 6076 AdobeFlashPlayerUpdateSvc - ok
15:45:03.0463 6076 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:45:03.0488 6076 adp94xx - ok
15:45:03.0549 6076 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:45:03.0567 6076 adpahci - ok
15:45:03.0586 6076 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:45:03.0602 6076 adpu320 - ok
15:45:03.0636 6076 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:45:03.0638 6076 AeLookupSvc - ok
15:45:03.0717 6076 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
15:45:03.0724 6076 AFD - ok
15:45:03.0765 6076 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:45:03.0769 6076 agp440 - ok
15:45:03.0781 6076 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:45:03.0783 6076 ALG - ok
15:45:03.0804 6076 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:45:03.0807 6076 aliide - ok
15:45:03.0820 6076 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:45:03.0823 6076 amdide - ok
15:45:03.0856 6076 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:45:03.0859 6076 AmdK8 - ok
15:45:03.0868 6076 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:45:03.0871 6076 AmdPPM - ok
15:45:03.0907 6076 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
15:45:03.0911 6076 amdsata - ok
15:45:03.0943 6076 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:45:03.0957 6076 amdsbs - ok
15:45:03.0978 6076 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
15:45:03.0979 6076 amdxata - ok
15:45:04.0009 6076 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:45:04.0013 6076 AppID - ok
15:45:04.0034 6076 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:45:04.0035 6076 AppIDSvc - ok
15:45:04.0054 6076 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
15:45:04.0055 6076 Appinfo - ok
15:45:04.0106 6076 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:45:04.0108 6076 AppMgmt - ok
15:45:04.0177 6076 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:45:04.0181 6076 arc - ok
15:45:04.0203 6076 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:45:04.0207 6076 arcsas - ok
15:45:04.0230 6076 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:45:04.0233 6076 AsyncMac - ok
15:45:04.0251 6076 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:45:04.0252 6076 atapi - ok
15:45:04.0328 6076 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:45:04.0336 6076 AudioEndpointBuilder - ok
15:45:04.0349 6076 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:45:04.0358 6076 AudioSrv - ok
15:45:04.0803 6076 AVGIDSAgent (55893fff154ffd7c29919d2b9218210c) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
15:45:04.0857 6076 AVGIDSAgent - ok
15:45:04.0992 6076 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:45:04.0994 6076 AVGIDSDriver - ok
15:45:05.0017 6076 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
15:45:05.0018 6076 AVGIDSFilter - ok
15:45:05.0054 6076 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
15:45:05.0055 6076 AVGIDSHA - ok
15:45:05.0106 6076 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
15:45:05.0109 6076 Avgldx64 - ok
15:45:05.0133 6076 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:45:05.0134 6076 Avgmfx64 - ok
15:45:05.0163 6076 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:45:05.0164 6076 Avgrkx64 - ok
15:45:05.0202 6076 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
15:45:05.0206 6076 Avgtdia - ok
15:45:05.0360 6076 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:45:05.0363 6076 avgwd - ok
15:45:05.0414 6076 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
15:45:05.0417 6076 AxInstSV - ok
15:45:05.0482 6076 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:45:05.0507 6076 b06bdrv - ok
15:45:05.0544 6076 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:45:05.0562 6076 b57nd60a - ok
15:45:05.0618 6076 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:45:05.0620 6076 BDESVC - ok
15:45:05.0643 6076 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:45:05.0645 6076 Beep - ok
15:45:05.0750 6076 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
15:45:05.0763 6076 BFE - ok
15:45:05.0873 6076 BingDesktopUpdate (1b63f2b7ca6b5290cc124cdd07520bc9) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
15:45:05.0876 6076 BingDesktopUpdate - ok
15:45:05.0951 6076 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
15:45:05.0961 6076 BITS - ok
15:45:06.0030 6076 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:45:06.0033 6076 blbdrive - ok
15:45:06.0103 6076 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:45:06.0105 6076 bowser - ok
15:45:06.0129 6076 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:45:06.0132 6076 BrFiltLo - ok
15:45:06.0149 6076 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:45:06.0151 6076 BrFiltUp - ok
15:45:06.0175 6076 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:45:06.0178 6076 BridgeMP - ok
15:45:06.0217 6076 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
15:45:06.0219 6076 Browser - ok
15:45:06.0250 6076 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:45:06.0272 6076 Brserid - ok
15:45:06.0280 6076 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:45:06.0283 6076 BrSerWdm - ok
15:45:06.0289 6076 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:45:06.0291 6076 BrUsbMdm - ok
15:45:06.0298 6076 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:45:06.0300 6076 BrUsbSer - ok
15:45:06.0332 6076 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:45:06.0335 6076 BthEnum - ok
15:45:06.0347 6076 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:45:06.0349 6076 BTHMODEM - ok
15:45:06.0398 6076 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:45:06.0402 6076 BthPan - ok
15:45:06.0470 6076 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
15:45:06.0491 6076 BTHPORT - ok
15:45:06.0532 6076 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:45:06.0534 6076 bthserv - ok
15:45:06.0557 6076 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
15:45:06.0560 6076 BTHUSB - ok
15:45:06.0586 6076 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
15:45:06.0588 6076 btusbflt - ok
15:45:06.0618 6076 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
15:45:06.0620 6076 btwaudio - ok
15:45:06.0658 6076 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
15:45:06.0660 6076 btwavdt - ok
15:45:06.0794 6076 btwdins (10ffb5fa51d5713d872b41a59dfc2213) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:45:06.0804 6076 btwdins - ok
15:45:06.0823 6076 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:45:06.0824 6076 btwl2cap - ok
15:45:06.0839 6076 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
15:45:06.0840 6076 btwrchid - ok
15:45:06.0881 6076 catchme - ok
15:45:06.0912 6076 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:45:06.0915 6076 cdfs - ok
15:45:06.0956 6076 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:45:06.0971 6076 cdrom - ok
15:45:07.0021 6076 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:45:07.0023 6076 CertPropSvc - ok
15:45:07.0063 6076 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:45:07.0067 6076 circlass - ok
15:45:07.0105 6076 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:45:07.0109 6076 CLFS - ok
15:45:07.0179 6076 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:45:07.0186 6076 clr_optimization_v2.0.50727_32 - ok
15:45:07.0238 6076 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:45:07.0243 6076 clr_optimization_v2.0.50727_64 - ok
15:45:07.0322 6076 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:45:07.0359 6076 clr_optimization_v4.0.30319_32 - ok
15:45:07.0402 6076 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:45:07.0407 6076 clr_optimization_v4.0.30319_64 - ok
15:45:07.0450 6076 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:45:07.0453 6076 CmBatt - ok
15:45:07.0470 6076 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:45:07.0472 6076 cmdide - ok
15:45:07.0530 6076 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
15:45:07.0536 6076 CNG - ok
15:45:07.0560 6076 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:45:07.0561 6076 Compbatt - ok
15:45:07.0579 6076 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:45:07.0582 6076 CompositeBus - ok
15:45:07.0590 6076 COMSysApp - ok
15:45:07.0608 6076 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:45:07.0611 6076 crcdisk - ok
15:45:07.0640 6076 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
15:45:07.0643 6076 CryptSvc - ok
15:45:07.0700 6076 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
15:45:07.0724 6076 CSC - ok
15:45:07.0809 6076 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
15:45:07.0817 6076 CscService - ok
15:45:07.0891 6076 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:45:07.0898 6076 DcomLaunch - ok
15:45:07.0938 6076 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:45:07.0941 6076 defragsvc - ok
15:45:08.0002 6076 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:45:08.0005 6076 DfsC - ok
15:45:08.0058 6076 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
15:45:08.0062 6076 Dhcp - ok
15:45:08.0098 6076 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:45:08.0099 6076 discache - ok
15:45:08.0139 6076 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:45:08.0140 6076 Disk - ok
15:45:08.0183 6076 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
15:45:08.0186 6076 Dnscache - ok
15:45:08.0219 6076 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
15:45:08.0221 6076 dot3svc - ok
15:45:08.0283 6076 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:45:08.0287 6076 Dot4 - ok
15:45:08.0303 6076 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:45:08.0306 6076 Dot4Print - ok
15:45:08.0341 6076 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:45:08.0344 6076 dot4usb - ok
15:45:08.0383 6076 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
15:45:08.0385 6076 DPS - ok
15:45:08.0422 6076 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:45:08.0425 6076 drmkaud - ok
15:45:08.0505 6076 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:45:08.0514 6076 DXGKrnl - ok
15:45:08.0555 6076 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:45:08.0557 6076 EapHost - ok
15:45:08.0782 6076 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:45:08.0867 6076 ebdrv - ok
15:45:08.0969 6076 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
15:45:08.0971 6076 EFS - ok
15:45:09.0063 6076 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
15:45:09.0072 6076 ehRecvr - ok
15:45:09.0101 6076 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:45:09.0103 6076 ehSched - ok
15:45:09.0200 6076 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:45:09.0222 6076 elxstor - ok
15:45:09.0250 6076 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
15:45:09.0253 6076 epmntdrv - ok
15:45:09.0274 6076 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:45:09.0277 6076 ErrDev - ok
15:45:09.0338 6076 esgiguard - ok
15:45:09.0361 6076 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
15:45:09.0364 6076 EuGdiDrv - ok
15:45:09.0418 6076 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:45:09.0423 6076 EventSystem - ok
15:45:09.0575 6076 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:45:09.0591 6076 EvtEng - ok
15:45:09.0716 6076 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:45:09.0729 6076 exfat - ok
15:45:09.0764 6076 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:45:09.0777 6076 fastfat - ok
15:45:09.0842 6076 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
15:45:09.0870 6076 Fax - ok
15:45:09.0887 6076 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:45:09.0890 6076 fdc - ok
15:45:09.0923 6076 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:45:09.0924 6076 fdPHost - ok
15:45:09.0943 6076 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:45:09.0945 6076 FDResPub - ok
15:45:09.0967 6076 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:45:09.0969 6076 FileInfo - ok
15:45:09.0983 6076 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:45:09.0985 6076 Filetrace - ok
15:45:10.0000 6076 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:45:10.0003 6076 flpydisk - ok
15:45:10.0030 6076 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:45:10.0033 6076 FltMgr - ok
15:45:10.0122 6076 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
15:45:10.0132 6076 FontCache - ok
15:45:10.0233 6076 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:45:10.0238 6076 FontCache3.0.0.0 - ok
15:45:10.0281 6076 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:45:10.0282 6076 FsDepends - ok
15:45:10.0322 6076 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
15:45:10.0323 6076 Fs_Rec - ok
15:45:10.0375 6076 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:45:10.0377 6076 fvevol - ok
15:45:10.0417 6076 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:45:10.0421 6076 gagp30kx - ok
15:45:10.0502 6076 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
15:45:10.0511 6076 gpsvc - ok
15:45:10.0563 6076 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:45:10.0566 6076 hcw85cir - ok
15:45:10.0618 6076 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:45:10.0636 6076 HdAudAddService - ok
15:45:10.0672 6076 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:45:10.0677 6076 HDAudBus - ok
15:45:10.0712 6076 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:45:10.0713 6076 HECIx64 - ok
15:45:10.0742 6076 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:45:10.0746 6076 HidBatt - ok
15:45:10.0759 6076 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:45:10.0762 6076 HidBth - ok
15:45:10.0782 6076 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:45:10.0801 6076 HidIr - ok
15:45:10.0834 6076 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:45:10.0837 6076 hidserv - ok
15:45:10.0890 6076 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:45:10.0893 6076 HidUsb - ok
15:45:10.0939 6076 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
15:45:10.0944 6076 hkmsvc - ok
15:45:10.0980 6076 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
15:45:10.0984 6076 HomeGroupListener - ok
15:45:11.0013 6076 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
15:45:11.0017 6076 HomeGroupProvider - ok
15:45:11.0143 6076 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
15:45:11.0154 6076 hpqcxs08 - ok
15:45:11.0185 6076 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
15:45:11.0188 6076 hpqddsvc - ok
15:45:11.0232 6076 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:45:11.0236 6076 HpSAMD - ok
15:45:11.0346 6076 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
15:45:11.0381 6076 HPSLPSVC - ok
15:45:11.0458 6076 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:45:11.0466 6076 HTTP - ok
15:45:11.0479 6076 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:45:11.0480 6076 hwpolicy - ok
15:45:11.0522 6076 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:45:11.0526 6076 i8042prt - ok
15:45:11.0597 6076 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
15:45:11.0613 6076 iaStorV - ok
15:45:11.0744 6076 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:45:11.0785 6076 idsvc - ok
15:45:12.0414 6076 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:45:12.0673 6076 igfx - ok
15:45:12.0797 6076 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:45:12.0801 6076 iirsp - ok
15:45:12.0882 6076 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
15:45:12.0913 6076 IKEEXT - ok
15:45:12.0962 6076 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
15:45:12.0967 6076 Impcd - ok
15:45:13.0036 6076 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:45:13.0053 6076 IntcDAud - ok
15:45:13.0077 6076 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:45:13.0080 6076 intelide - ok
15:45:13.0109 6076 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:45:13.0111 6076 intelppm - ok
15:45:13.0140 6076 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:45:13.0143 6076 IPBusEnum - ok
15:45:13.0164 6076 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:45:13.0168 6076 IpFilterDriver - ok
15:45:13.0237 6076 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
15:45:13.0245 6076 iphlpsvc - ok
15:45:13.0275 6076 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:45:13.0278 6076 IPMIDRV - ok
15:45:13.0307 6076 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:45:13.0311 6076 IPNAT - ok
15:45:13.0334 6076 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:45:13.0335 6076 IRENUM - ok
15:45:13.0351 6076 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:45:13.0354 6076 isapnp - ok
15:45:13.0378 6076 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:45:13.0392 6076 iScsiPrt - ok
15:45:13.0419 6076 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:45:13.0420 6076 kbdclass - ok
15:45:13.0440 6076 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:45:13.0443 6076 kbdhid - ok
15:45:13.0459 6076 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:45:13.0460 6076 KeyIso - ok
15:45:13.0483 6076 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
15:45:13.0484 6076 KSecDD - ok
15:45:13.0521 6076 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
15:45:13.0523 6076 KSecPkg - ok
15:45:13.0560 6076 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:45:13.0562 6076 ksthunk - ok
15:45:13.0618 6076 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:45:13.0636 6076 KtmRm - ok
15:45:13.0670 6076 L1C (be6220fb3be34e65224d3df28284f33b) C:\Windows\system32\DRIVERS\L1C60x64.sys
15:45:13.0672 6076 L1C - ok
15:45:13.0711 6076 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
15:45:13.0716 6076 LanmanServer - ok
15:45:13.0751 6076 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
15:45:13.0754 6076 LanmanWorkstation - ok
15:45:13.0798 6076 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:45:13.0799 6076 lltdio - ok
15:45:13.0842 6076 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:45:13.0862 6076 lltdsvc - ok
15:45:13.0880 6076 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:45:13.0882 6076 lmhosts - ok
15:45:13.0928 6076 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:45:13.0934 6076 LSI_FC - ok
15:45:13.0956 6076 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:45:13.0961 6076 LSI_SAS - ok
15:45:13.0974 6076 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:45:13.0978 6076 LSI_SAS2 - ok
15:45:14.0000 6076 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:45:14.0005 6076 LSI_SCSI - ok
15:45:14.0032 6076 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:45:14.0034 6076 luafv - ok
15:45:14.0072 6076 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:45:14.0073 6076 MBAMProtector - ok
15:45:14.0149 6076 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:45:14.0184 6076 MBAMService - ok
15:45:14.0215 6076 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
15:45:14.0221 6076 Mcx2Svc - ok
15:45:14.0234 6076 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:45:14.0237 6076 megasas - ok
15:45:14.0275 6076 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:45:14.0293 6076 MegaSR - ok
15:45:14.0326 6076 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:45:14.0329 6076 MMCSS - ok
15:45:14.0346 6076 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:45:14.0349 6076 Modem - ok
15:45:14.0383 6076 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:45:14.0384 6076 monitor - ok
15:45:14.0405 6076 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:45:14.0406 6076 mouclass - ok
15:45:14.0428 6076 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:45:14.0430 6076 mouhid - ok
15:45:14.0448 6076 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:45:14.0450 6076 mountmgr - ok
15:45:14.0552 6076 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:45:14.0554 6076 MozillaMaintenance - ok
15:45:14.0593 6076 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:45:14.0597 6076 mpio - ok
15:45:14.0617 6076 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:45:14.0618 6076 mpsdrv - ok
15:45:14.0699 6076 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
15:45:14.0708 6076 MpsSvc - ok
15:45:14.0734 6076 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:45:14.0739 6076 MRxDAV - ok
15:45:14.0765 6076 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:45:14.0767 6076 mrxsmb - ok
15:45:14.0802 6076 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:45:14.0805 6076 mrxsmb10 - ok
15:45:14.0831 6076 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:45:14.0832 6076 mrxsmb20 - ok
15:45:14.0849 6076 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:45:14.0850 6076 msahci - ok
15:45:14.0879 6076 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:45:14.0883 6076 msdsm - ok
15:45:14.0912 6076 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:45:14.0917 6076 MSDTC - ok
15:45:14.0934 6076 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:45:14.0936 6076 Msfs - ok
15:45:14.0965 6076 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:45:14.0966 6076 mshidkmdf - ok
15:45:14.0983 6076 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:45:14.0985 6076 msisadrv - ok
15:45:15.0025 6076 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:45:15.0041 6076 MSiSCSI - ok
15:45:15.0045 6076 msiserver - ok
15:45:15.0083 6076 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:45:15.0085 6076 MSKSSRV - ok
15:45:15.0094 6076 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:45:15.0097 6076 MSPCLOCK - ok
15:45:15.0102 6076 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:45:15.0104 6076 MSPQM - ok
15:45:15.0138 6076 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:45:15.0141 6076 MsRPC - ok
15:45:15.0161 6076 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:45:15.0162 6076 mssmbios - ok
15:45:15.0174 6076 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:45:15.0177 6076 MSTEE - ok
15:45:15.0196 6076 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:45:15.0199 6076 MTConfig - ok
15:45:15.0223 6076 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:45:15.0225 6076 Mup - ok
15:45:15.0352 6076 MyWiFiDHCPDNS (a9bc2302fbdf52c8af4e2fc966288d21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:45:15.0371 6076 MyWiFiDHCPDNS - ok
15:45:15.0431 6076 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
15:45:15.0453 6076 napagent - ok
15:45:15.0519 6076 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:45:15.0523 6076 NativeWifiP - ok
15:45:15.0655 6076 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
15:45:15.0664 6076 NAUpdate - ok
15:45:15.0774 6076 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:45:15.0785 6076 NDIS - ok
15:45:15.0811 6076 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:45:15.0814 6076 NdisCap - ok
15:45:15.0832 6076 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:45:15.0835 6076 NdisTapi - ok
15:45:15.0855 6076 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:45:15.0856 6076 Ndisuio - ok
15:45:15.0878 6076 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:45:15.0883 6076 NdisWan - ok
15:45:15.0902 6076 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:45:15.0905 6076 NDProxy - ok
15:45:15.0955 6076 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
15:45:15.0957 6076 Net Driver HPZ12 - ok
15:45:16.0012 6076 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:45:16.0015 6076 NetBIOS - ok
15:45:16.0043 6076 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:45:16.0047 6076 NetBT - ok
15:45:16.0067 6076 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:45:16.0069 6076 Netlogon - ok
15:45:16.0116 6076 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:45:16.0122 6076 Netman - ok
15:45:16.0165 6076 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:45:16.0171 6076 netprofm - ok
15:45:16.0251 6076 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:45:16.0255 6076 NetTcpPortSharing - ok
15:45:16.0782 6076 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
15:45:16.0942 6076 NETw5s64 - ok
15:45:17.0124 6076 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:45:17.0128 6076 nfrd960 - ok
15:45:17.0211 6076 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
15:45:17.0217 6076 NlaSvc - ok
15:45:17.0240 6076 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:45:17.0243 6076 Npfs - ok
15:45:17.0271 6076 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:45:17.0273 6076 nsi - ok
15:45:17.0285 6076 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:45:17.0287 6076 nsiproxy - ok
15:45:17.0407 6076 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
15:45:17.0421 6076 Ntfs - ok
15:45:17.0539 6076 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:45:17.0541 6076 Null - ok
15:45:17.0582 6076 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
15:45:17.0587 6076 nvraid - ok
15:45:17.0608 6076 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
15:45:17.0623 6076 nvstor - ok
15:45:17.0661 6076 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:45:17.0665 6076 nv_agp - ok
15:45:17.0680 6076 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:45:17.0683 6076 ohci1394 - ok
15:45:17.0723 6076 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:45:17.0730 6076 p2pimsvc - ok
15:45:17.0768 6076 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:45:17.0774 6076 p2psvc - ok
15:45:17.0806 6076 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:45:17.0809 6076 Parport - ok
15:45:17.0854 6076 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
15:45:17.0856 6076 partmgr - ok
15:45:18.0004 6076 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:45:18.0008 6076 PcaSvc - ok
15:45:18.0049 6076 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:45:18.0052 6076 pci - ok
15:45:18.0071 6076 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:45:18.0074 6076 pciide - ok
15:45:18.0101 6076 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:45:18.0113 6076 pcmcia - ok
15:45:18.0157 6076 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:45:18.0158 6076 pcw - ok
15:45:18.0210 6076 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:45:18.0216 6076 PEAUTH - ok
15:45:18.0329 6076 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:45:18.0345 6076 PeerDistSvc - ok
15:45:18.0428 6076 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:45:18.0431 6076 PerfHost - ok
15:45:18.0620 6076 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
15:45:18.0638 6076 pla - ok
15:45:18.0775 6076 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
15:45:18.0781 6076 PlugPlay - ok
15:45:18.0850 6076 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
15:45:18.0852 6076 Pml Driver HPZ12 - ok
15:45:18.0874 6076 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:45:18.0877 6076 PNRPAutoReg - ok
15:45:19.0189 6076 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:45:19.0193 6076 PNRPsvc - ok
15:45:19.0384 6076 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
15:45:19.0401 6076 PolicyAgent - ok
15:45:19.0459 6076 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:45:19.0462 6076 Power - ok
15:45:19.0525 6076 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:45:19.0530 6076 PptpMiniport - ok
15:45:19.0546 6076 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:45:19.0549 6076 Processor - ok
15:45:19.0595 6076 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
15:45:19.0600 6076 ProfSvc - ok
15:45:19.0621 6076 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:45:19.0624 6076 ProtectedStorage - ok
15:45:19.0667 6076 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:45:19.0669 6076 Psched - ok
15:45:19.0779 6076 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:45:19.0838 6076 ql2300 - ok
15:45:20.0004 6076 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:45:20.0010 6076 ql40xx - ok
15:45:20.0057 6076 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:45:20.0061 6076 QWAVE - ok
15:45:20.0072 6076 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:45:20.0074 6076 QWAVEdrv - ok
15:45:20.0103 6076 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:45:20.0106 6076 RasAcd - ok
15:45:20.0133 6076 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:45:20.0136 6076 RasAgileVpn - ok
15:45:20.0157 6076 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:45:20.0160 6076 RasAuto - ok
15:45:20.0184 6076 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:45:20.0189 6076 Rasl2tp - ok
15:45:20.0224 6076 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
15:45:20.0228 6076 RasMan - ok
15:45:20.0246 6076 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:45:20.0250 6076 RasPppoe - ok
15:45:20.0267 6076 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:45:20.0271 6076 RasSstp - ok
15:45:20.0301 6076 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:45:20.0320 6076 rdbss - ok
15:45:20.0339 6076 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:45:20.0342 6076 rdpbus - ok
15:45:20.0350 6076 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:45:20.0351 6076 RDPCDD - ok
15:45:20.0388 6076 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
15:45:20.0392 6076 RDPDR - ok
15:45:20.0422 6076 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:45:20.0424 6076 RDPENCDD - ok
15:45:20.0437 6076 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:45:20.0439 6076 RDPREFMP - ok
15:45:20.0477 6076 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
15:45:20.0490 6076 RDPWD - ok
15:45:20.0569 6076 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:45:20.0573 6076 rdyboost - ok
15:45:20.0707 6076 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:45:20.0717 6076 RegSrvc - ok
15:45:20.0760 6076 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:45:20.0763 6076 RemoteAccess - ok
15:45:20.0797 6076 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:45:20.0801 6076 RemoteRegistry - ok
15:45:20.0861 6076 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:45:20.0867 6076 RFCOMM - ok
15:45:20.0885 6076 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:45:20.0889 6076 RpcEptMapper - ok
15:45:20.0917 6076 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:45:20.0919 6076 RpcLocator - ok
15:45:20.0964 6076 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:45:20.0970 6076 RpcSs - ok
15:45:21.0018 6076 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:45:21.0020 6076 rspndr - ok
15:45:21.0039 6076 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
15:45:21.0043 6076 s3cap - ok
15:45:21.0063 6076 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:45:21.0065 6076 SamSs - ok
15:45:21.0090 6076 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:45:21.0095 6076 sbp2port - ok
15:45:21.0134 6076 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:45:21.0138 6076 SCardSvr - ok
15:45:21.0153 6076 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:45:21.0154 6076 scfilter - ok
15:45:21.0247 6076 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
15:45:21.0261 6076 Schedule - ok
15:45:21.0294 6076 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:45:21.0295 6076 SCPolicySvc - ok
15:45:21.0324 6076 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
15:45:21.0328 6076 SDRSVC - ok
15:45:21.0398 6076 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:45:21.0399 6076 secdrv - ok
15:45:21.0422 6076 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
15:45:21.0425 6076 seclogon - ok
15:45:21.0450 6076 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:45:21.0453 6076 SENS - ok
15:45:21.0470 6076 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:45:21.0473 6076 SensrSvc - ok
15:45:21.0490 6076 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:45:21.0493 6076 Serenum - ok
15:45:21.0523 6076 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:45:21.0526 6076 Serial - ok
15:45:21.0541 6076 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:45:21.0545 6076 sermouse - ok
15:45:21.0581 6076 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
15:45:21.0584 6076 SessionEnv - ok
15:45:21.0620 6076 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:45:21.0627 6076 sffdisk - ok
15:45:21.0641 6076 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:45:21.0644 6076 sffp_mmc - ok
15:45:21.0658 6076 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
15:45:21.0661 6076 sffp_sd - ok
15:45:21.0688 6076 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:45:21.0691 6076 sfloppy - ok
15:45:21.0771 6076 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:45:21.0778 6076 SharedAccess - ok
15:45:21.0824 6076 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
15:45:21.0831 6076 ShellHWDetection - ok
15:45:21.0855 6076 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:45:21.0858 6076 SiSRaid2 - ok
15:45:21.0891 6076 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:45:21.0895 6076 SiSRaid4 - ok
15:45:21.0988 6076 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:45:21.0991 6076 SkypeUpdate - ok
15:45:22.0020 6076 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:45:22.0024 6076 Smb - ok
15:45:22.0094 6076 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:45:22.0096 6076 SNMPTRAP - ok
15:45:22.0119 6076 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:45:22.0121 6076 spldr - ok
15:45:22.0454 6076 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
15:45:22.0461 6076 Spooler - ok
15:45:22.0746 6076 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
15:45:22.0772 6076 sppsvc - ok
15:45:22.0935 6076 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:45:22.0939 6076 sppuinotify - ok
15:45:22.0997 6076 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:45:23.0003 6076 srv - ok
15:45:23.0053 6076 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:45:23.0059 6076 srv2 - ok
15:45:23.0099 6076 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:45:23.0102 6076 srvnet - ok
15:45:23.0138 6076 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:45:23.0142 6076 SSDPSRV - ok
15:45:23.0165 6076 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:45:23.0168 6076 SstpSvc - ok
15:45:23.0189 6076 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:45:23.0193 6076 stexstor - ok
15:45:23.0244 6076 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
15:45:23.0251 6076 stisvc - ok
15:45:23.0278 6076 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
15:45:23.0280 6076 storflt - ok
15:45:23.0292 6076 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:45:23.0295 6076 StorSvc - ok
15:45:23.0313 6076 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
15:45:23.0316 6076 storvsc - ok
15:45:23.0338 6076 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:45:23.0339 6076 swenum - ok
15:45:23.0400 6076 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:45:23.0406 6076 swprv - ok
15:45:23.0486 6076 SynTP (56f16a398affe40afab04ba0081cdc27) C:\Windows\system32\DRIVERS\SynTP.sys
15:45:23.0490 6076 SynTP - ok
15:45:23.0610 6076 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
15:45:23.0631 6076 SysMain - ok
15:45:23.0721 6076 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
15:45:23.0726 6076 TabletInputService - ok
15:45:23.0759 6076 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
15:45:23.0765 6076 TapiSrv - ok
15:45:23.0823 6076 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:45:23.0826 6076 TBS - ok
15:45:23.0976 6076 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
15:45:23.0995 6076 Tcpip - ok
15:45:24.0237 6076 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
15:45:24.0259 6076 TCPIP6 - ok
15:45:24.0381 6076 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:45:24.0383 6076 tcpipreg - ok
15:45:24.0400 6076 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:45:24.0402 6076 TDPIPE - ok
15:45:24.0429 6076 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
15:45:24.0432 6076 TDTCP - ok
15:45:24.0461 6076 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:45:24.0465 6076 tdx - ok
15:45:24.0484 6076 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:45:24.0485 6076 TermDD - ok
15:45:24.0716 6076 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
15:45:24.0727 6076 TermService - ok
15:45:24.0760 6076 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:45:24.0763 6076 Themes - ok
15:45:24.0792 6076 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:45:24.0794 6076 THREADORDER - ok
15:45:24.0813 6076 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:45:24.0816 6076 TrkWks - ok
15:45:24.0872 6076 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
15:45:24.0876 6076 TrustedInstaller - ok
15:45:24.0894 6076 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:45:24.0896 6076 tssecsrv - ok
15:45:24.0942 6076 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:45:24.0946 6076 tunnel - ok
15:45:24.0971 6076 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:45:24.0975 6076 uagp35 - ok
15:45:25.0005 6076 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:45:25.0024 6076 udfs - ok
15:45:25.0060 6076 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:45:25.0063 6076 UI0Detect - ok
15:45:25.0091 6076 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:45:25.0095 6076 uliagpkx - ok
15:45:25.0129 6076 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:45:25.0132 6076 umbus - ok
15:45:25.0148 6076 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:45:25.0151 6076 UmPass - ok
15:45:25.0189 6076 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
15:45:25.0193 6076 UmRdpService - ok
15:45:25.0243 6076 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:45:25.0251 6076 upnphost - ok
15:45:25.0289 6076 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
15:45:25.0293 6076 usbccgp - ok
15:45:25.0321 6076 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:45:25.0326 6076 usbcir - ok
15:45:25.0350 6076 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
15:45:25.0353 6076 usbehci - ok
15:45:25.0401 6076 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
15:45:25.0421 6076 usbhub - ok
15:45:25.0437 6076 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
15:45:25.0440 6076 usbohci - ok
15:45:25.0462 6076 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:45:25.0465 6076 usbprint - ok
15:45:25.0486 6076 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:45:25.0489 6076 usbscan - ok
15:45:25.0511 6076 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:45:25.0515 6076 USBSTOR - ok
15:45:25.0544 6076 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
15:45:25.0547 6076 usbuhci - ok
15:45:25.0596 6076 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
15:45:25.0610 6076 usbvideo - ok
15:45:25.0644 6076 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:45:25.0646 6076 UxSms - ok
15:45:25.0674 6076 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:45:25.0676 6076 VaultSvc - ok
15:45:25.0717 6076 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:45:25.0719 6076 vdrvroot - ok
15:45:25.0781 6076 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
15:45:25.0790 6076 vds - ok
15:45:25.0813 6076 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:45:25.0816 6076 vga - ok
15:45:25.0831 6076 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:45:25.0834 6076 VgaSave - ok
15:45:25.0862 6076 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:45:25.0875 6076 vhdmp - ok
15:45:25.0897 6076 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:45:25.0899 6076 viaide - ok
15:45:25.0933 6076 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
15:45:25.0948 6076 vmbus - ok
15:45:25.0958 6076 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
15:45:25.0962 6076 VMBusHID - ok
15:45:25.0983 6076 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:45:25.0985 6076 volmgr - ok
15:45:26.0028 6076 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:45:26.0032 6076 volmgrx - ok
15:45:26.0065 6076 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:45:26.0068 6076 volsnap - ok
15:45:26.0096 6076 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:45:26.0101 6076 vsmraid - ok
15:45:26.0220 6076 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
15:45:26.0239 6076 VSS - ok
15:45:26.0354 6076 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:45:26.0358 6076 vwifibus - ok
15:45:26.0376 6076 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:45:26.0380 6076 vwififlt - ok
15:45:26.0401 6076 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:45:26.0404 6076 vwifimp - ok
15:45:26.0456 6076 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:45:26.0462 6076 W32Time - ok
15:45:26.0476 6076 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:45:26.0479 6076 WacomPen - ok
15:45:26.0513 6076 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:45:26.0517 6076 WANARP - ok
15:45:26.0532 6076 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:45:26.0534 6076 Wanarpv6 - ok
15:45:26.0655 6076 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:45:26.0713 6076 WatAdminSvc - ok
15:45:27.0318 6076 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
15:45:27.0337 6076 wbengine - ok
15:45:27.0463 6076 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:45:27.0468 6076 WbioSrvc - ok
15:45:27.0522 6076 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
15:45:27.0529 6076 wcncsvc - ok
15:45:27.0554 6076 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:45:27.0559 6076 WcsPlugInService - ok
15:45:27.0600 6076 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:45:27.0603 6076 Wd - ok
15:45:27.0668 6076 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:45:27.0675 6076 Wdf01000 - ok
15:45:27.0711 6076 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:45:27.0715 6076 WdiServiceHost - ok
15:45:27.0720 6076 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:45:27.0724 6076 WdiSystemHost - ok
15:45:27.0766 6076 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
15:45:27.0771 6076 WebClient - ok
15:45:27.0803 6076 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:45:27.0807 6076 Wecsvc - ok
15:45:27.0830 6076 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:45:27.0833 6076 wercplsupport - ok
15:45:27.0870 6076 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:45:27.0874 6076 WerSvc - ok
15:45:27.0935 6076 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:45:27.0938 6076 WfpLwf - ok
15:45:27.0951 6076 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:45:27.0954 6076 WIMMount - ok
15:45:27.0994 6076 WinDefend - ok
15:45:28.0004 6076 WinHttpAutoProxySvc - ok
15:45:28.0064 6076 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:45:28.0067 6076 Winmgmt - ok
15:45:28.0213 6076 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
15:45:28.0236 6076 WinRM - ok
15:45:28.0403 6076 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
15:45:28.0407 6076 WinUsb - ok
15:45:28.0491 6076 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:45:28.0503 6076 Wlansvc - ok
15:45:28.0632 6076 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:45:28.0633 6076 WmiAcpi - ok
15:45:29.0207 6076 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:45:29.0211 6076 wmiApSrv - ok
15:45:29.0277 6076 WMPNetworkSvc - ok
15:45:29.0313 6076 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:45:29.0316 6076 WPCSvc - ok
15:45:29.0748 6076 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
15:45:29.0752 6076 WPDBusEnum - ok
15:45:29.0801 6076 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:45:29.0802 6076 ws2ifsl - ok
15:45:29.0990 6076 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
15:45:29.0994 6076 wscsvc - ok
15:45:30.0000 6076 WSearch - ok
15:45:32.0624 6076 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:45:32.0648 6076 wuauserv - ok
15:45:34.0370 6076 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:45:34.0371 6076 WudfPf - ok
15:45:34.0674 6076 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:45:34.0695 6076 WUDFRd - ok
15:45:34.0781 6076 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
15:45:34.0785 6076 wudfsvc - ok
15:45:34.0807 6076 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:45:34.0814 6076 WwanSvc - ok
15:45:34.0864 6076 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:45:35.0084 6076 \Device\Harddisk0\DR0 - ok
15:45:35.0087 6076 Boot (0x1200) (11f5084e289555db2f6d3b591e3a359b) \Device\Harddisk0\DR0\Partition0
15:45:35.0089 6076 \Device\Harddisk0\DR0\Partition0 - ok
15:45:35.0101 6076 Boot (0x1200) (1f826ecfb07c0a6bb55e6a950313c10e) \Device\Harddisk0\DR0\Partition1
15:45:35.0103 6076 \Device\Harddisk0\DR0\Partition1 - ok
15:45:35.0124 6076 Boot (0x1200) (5557c654661785574d75b8d5a58178b4) \Device\Harddisk0\DR0\Partition2
15:45:35.0127 6076 \Device\Harddisk0\DR0\Partition2 - ok
15:45:35.0127 6076 ============================================================
15:45:35.0127 6076 Scan finished
15:45:35.0127 6076 ============================================================
15:45:35.0138 2428 Detected object count: 0
15:45:35.0138 2428 Actual detected object count: 0
15:46:33.0547 1136 Deinitialize success


and awsMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 15:47:37
-----------------------------
15:47:37.856 OS Version: Windows x64 6.1.7600
15:47:37.856 Number of processors: 4 586 0x2505
15:47:37.857 ComputerName: TATJANA-NB UserName: tfister
15:47:39.282 Initialize success
15:48:35.749 AVAST engine defs: 12070300
15:48:47.749 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:48:47.754 Disk 0 Vendor: ST9500325AS D005DEM1 Size: 476940MB BusType: 11
15:48:47.770 Disk 0 MBR read successfully
15:48:47.774 Disk 0 MBR scan
15:48:47.780 Disk 0 Windows 7 default MBR code
15:48:47.793 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:48:47.808 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 209606 MB offset 206848
15:48:47.816 Disk 0 Partition - 00 0F Extended LBA 267229 MB offset 429481710
15:48:47.843 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 267229 MB offset 429481773
15:48:47.891 Disk 0 scanning C:\Windows\system32\drivers
15:49:00.026 Service scanning
15:49:25.898 Modules scanning
15:49:25.915 Disk 0 trace - called modules:
15:49:25.933 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:49:25.943 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be3060]
15:49:25.953 3 CLASSPNP.SYS[fffff8800188043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049441f0]
15:49:27.317 AVAST engine scan C:\Windows
15:49:30.198 AVAST engine scan C:\Windows\system32
15:52:52.866 AVAST engine scan C:\Windows\system32\drivers
15:53:07.044 AVAST engine scan C:\Users\tfister
15:57:49.033 AVAST engine scan C:\ProgramData
15:59:17.728 Scan finished successfully
16:00:33.151 Disk 0 MBR has been saved successfully to "C:\Users\tfister\Desktop\Bleeping Computer\MBR.dat"
16:00:33.157 The log file has been saved successfully to "C:\Users\tfister\Desktop\Bleeping Computer\aswMBR.txt"



Best regards,
B.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:05 AM

Posted 03 July 2012 - 01:20 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\Tasks\Dsrsykjeb.job

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 BFISTER

BFISTER
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 04 July 2012 - 04:12 AM

Hello,

Everything went fine. No problem with computer at the moment.

Here is log:

ComboFix 12-07-02.01 - tfister 04.07.2012 10:47:34.2.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.386.1033.18.3893.2681 [GMT 2:00]
Running from: c:\users\tfister\Desktop\Bleeping Computer\ComboFix.exe
Command switches used :: c:\users\tfister\Desktop\Bleeping Computer\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\Dsrsykjeb.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Dsrsykjeb.job
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 08:51 . 2012-07-04 08:51 -------- d-----w- c:\users\user\AppData\Local\temp
2012-07-04 08:51 . 2012-07-04 08:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 08:51 . 2012-07-04 08:51 -------- d-----w- c:\users\bfister\AppData\Local\temp
2012-07-03 11:04 . 2012-07-03 11:04 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-03 11:04 . 2012-07-03 11:04 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-07-03 11:03 . 2012-07-03 11:03 -------- d-----w- c:\program files (x86)\Microsoft
2012-07-03 10:48 . 2012-07-03 10:48 -------- d-----w- c:\windows\system32\appmgmt
2012-07-01 08:50 . 2012-07-01 08:50 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-01 08:50 . 2012-07-01 08:50 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-01 08:34 . 2012-07-01 08:34 -------- d-----w- c:\users\tfister\AppData\Local\Macromedia
2012-06-21 14:54 . 2012-06-21 14:54 -------- d-----w- c:\programdata\XoftSpySE
2012-06-20 10:04 . 2012-06-20 10:04 691 ----a-w- c:\users\tfister\AppData\Roaming\GetValue.vbs
2012-06-20 10:04 . 2012-06-20 10:04 35 ----a-w- c:\users\tfister\AppData\Roaming\SetValue.bat
2012-06-20 06:08 . 2012-06-20 06:08 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-19 20:34 . 2012-07-03 10:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-19 20:34 . 2012-07-03 10:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-19 20:20 . 2012-06-19 20:20 -------- d-----w- c:\users\tfister\AppData\Roaming\AVG2012
2012-06-19 20:20 . 2012-06-19 20:20 -------- d--h--w- c:\programdata\Common Files
2012-06-19 20:19 . 2012-06-19 20:19 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-19 20:19 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-19 20:19 . 2012-07-04 07:11 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-19 20:19 . 2012-06-19 20:25 -------- d-----w- c:\programdata\AVG2012
2012-06-19 20:19 . 2012-06-19 20:19 -------- d-----w- C:\$AVG
2012-06-19 20:18 . 2012-06-19 20:18 -------- d-----w- c:\program files (x86)\AVG
2012-06-19 20:18 . 2012-07-03 10:53 -------- d-----w- c:\programdata\AVAST Software
2012-06-19 20:18 . 2012-06-19 20:18 -------- d-----w- c:\program files\AVAST Software
2012-06-19 20:16 . 2012-07-04 07:11 -------- d-----w- c:\programdata\MFAData
2012-06-19 13:43 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 13:43 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 13:43 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 13:43 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 13:43 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 13:43 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 13:43 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 13:43 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 13:43 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 15:46 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 15:46 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 15:46 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 15:46 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 15:46 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 15:46 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 15:46 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 15:46 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 15:45 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 15:45 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-13 15:45 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 15:44 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 15:44 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 15:44 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 15:44 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 15:44 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 15:44 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-11 07:14 . 2012-07-03 10:48 -------- d-----w- C:\sh4ldr
2012-06-11 07:14 . 2012-06-11 07:14 -------- d-----w- c:\program files\Enigma Software Group
2012-06-11 07:14 . 2012-07-03 10:48 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-11 07:14 . 2012-06-11 07:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-10 18:30 . 2012-06-13 11:16 -------- d-----w- c:\programdata\B7E858860010CFDD006B3610A6014588
2012-06-08 22:10 . 2012-05-14 23:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50459807-09AC-4A26-96DE-7416F77601B3}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 20:28 . 2012-05-10 10:23 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-28 20:28 . 2011-12-09 16:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-27 20:58 . 2009-05-21 19:21 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-27 20:58 . 2009-05-21 17:57 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-19 02:50 . 2012-04-19 02:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-03_07.32.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-07-03 09:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-03 07:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-03 09:26 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-03 07:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-03 07:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-03 09:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-06 14:08 . 2012-07-03 13:44 32988 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-03 13:44 32756 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-05 08:30 . 2012-06-28 20:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-05 08:30 . 2012-07-03 08:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-05 08:30 . 2012-07-03 08:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-05 08:30 . 2012-06-28 20:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-28 20:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-03 08:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-11 02:55 . 2012-04-11 02:55 41472 c:\windows\Installer\93c0f.msi
+ 2012-07-03 10:48 . 2012-07-03 10:48 66956 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCall.dll
+ 2011-12-12 16:10 . 2012-07-03 13:44 9474 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2353584654-1191650179-606188521-1137_UserData.bin
- 2012-07-03 07:29 . 2012-07-03 07:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-03 13:40 . 2012-07-03 13:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-03 13:40 . 2012-07-03 13:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-03 07:29 . 2012-07-03 07:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-06 20:51 . 2012-07-04 08:41 471318 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-03 07:31 616242 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-03 13:46 616242 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-03 13:46 106622 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-03 07:31 106622 c:\windows\system32\perfc009.dat
+ 2011-12-09 16:11 . 2012-07-03 11:08 626136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-09 16:11 . 2012-07-03 06:16 626136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-07-03 07:27 277876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-03 13:37 277876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-26 16:26 . 2012-07-03 10:53 688386 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2353584654-1191650179-606188521-1137-12288.dat
- 2011-12-26 16:26 . 2012-06-19 22:17 688386 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2353584654-1191650179-606188521-1137-12288.dat
+ 2012-07-03 11:06 . 2012-07-03 11:06 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
- 2012-06-08 08:14 . 2012-06-08 08:14 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-07-03 10:48 . 2012-07-03 10:48 189872 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla36.dll
+ 2012-07-03 10:48 . 2012-07-03 10:48 175992 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla34.dll
+ 2012-07-03 10:48 . 2012-07-03 10:48 176035 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla33.dll
+ 2012-07-03 10:48 . 2012-07-03 10:48 176545 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla32.dll
+ 2012-07-03 10:48 . 2012-07-03 10:48 184966 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla31.exe
+ 2012-07-03 10:48 . 2012-07-03 10:48 189776 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla21.dll
+ 2012-07-03 10:48 . 2012-07-03 10:48 176035 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla2.dll
+ 2012-07-03 10:48 . 2012-07-03 10:48 179526 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla.dll
+ 2011-12-15 02:18 . 2012-07-03 13:37 2335172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2353584654-1191650179-606188521-1137-8192.dat
+ 2012-03-30 12:50 . 2012-03-30 12:50 1726464 c:\windows\Installer\93c09.msi
+ 2009-07-14 02:34 . 2012-07-04 08:51 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-07-03 07:21 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-07-03 11:06 . 2012-07-03 11:06 19345408 c:\windows\Installer\93c22.msi
+ 2012-07-03 11:04 . 2012-07-03 11:04 53217792 c:\windows\Installer\93c17.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeCall"="c:\program files (x86)\FreeCall.com\FreeCall\freecall.exe" [2012-03-21 18013560]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-07 17425072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-27 296056]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
.
c:\users\tfister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-06-13 5161080]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 250056]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-01 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-09 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-30 53800]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-30 35104]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys [2009-12-22 72744]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-17 7680512]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 25361377
*NewlyCreated* - ASWMBR
*Deregistered* - 25361377
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 20:28]
.
2012-06-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-07-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.si/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.100 192.168.0.1 212.18.32.10 212.18.32.12
TCP: Interfaces\{E10018CD-8764-4219-BCE4-59E9D7DFB7D7}: NameServer = 10.0.0.1
FF - ProfilePath - c:\users\tfister\AppData\Roaming\Mozilla\Firefox\Profiles\iqzb6max.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-04 10:53:06
ComboFix-quarantined-files.txt 2012-07-04 08:53
ComboFix2.txt 2012-07-03 07:53
.
Pre-Run: 174.091.735.040 bytes free
Post-Run: 174.192.640.000 bytes free
.
- - End Of File - - CD3A2E3D8E04FF9098EB127D81A89C9E

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:05 AM

Posted 04 July 2012 - 12:26 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 30
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 BFISTER

BFISTER
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 05 July 2012 - 01:25 AM

Hello,

MBAM log:

Malwarebytes Anti-Malware (Preskusna različica.) 1.61.0.1400
www.malwarebytes.org

Različica baze: v2012.07.05.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
tfister :: TATJANA-NB [skrbnik]

Zaščita: Onemogočena

5.7.2012 08:14:42
mbam-log-2012-07-05 (08-14-42).txt

Tip pregleda: Hitri pregled
Možnosti pregleda omogočene: Spomin | Zagon | Register | Datotečni sistem | Hevristika/Dodatno | Hevristika/Shuriken | PUP | PUM
Možnosti pregleda onemogočene: P2P
Preverjenih objektov: 248148
Pretečen čas: 2 minut, 3 sekund

Odkritih spominskih procesov: 0
(Ni bilo najdenih zlonamernih objektov)

Odkritih spominskih modulov: 0
(Ni bilo najdenih zlonamernih objektov)

Odkritih ključev registra: 0
(Ni bilo najdenih zlonamernih objektov)

Odkritih vrednosti registra: 0
(Ni bilo najdenih zlonamernih objektov)

Odkritih vnosov v register: 0
(Ni bilo najdenih zlonamernih objektov)

Odkritih map: 0
(Ni bilo najdenih zlonamernih objektov)

Odkritih datotek: 0
(Ni bilo najdenih zlonamernih objektov)

(konec)


Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:19:58, on 5.7.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\FreeCall.com\FreeCall\freecall.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Users\tfister\Desktop\Bleeping Computer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.si/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files (x86)\FreeCall.com\FreeCall\freecall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = linfis.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{E10018CD-8764-4219-BCE4-59E9D7DFB7D7}: NameServer = 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = linfis.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = linfis.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10716 bytes


Regards,B.

#12 BFISTER

BFISTER
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 05 July 2012 - 01:36 AM

MBAM log in english :) :

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.05.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
tfister :: TATJANA-NB [administrator]

5.7.2012 08:23:33
mbam-log-2012-07-05 (08-23-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 248186
Time elapsed: 1 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:05 AM

Posted 05 July 2012 - 10:10 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [FreeCall] "C:\Program Files (x86)\FreeCall.com\FreeCall\freecall.exe" -nosplash -minimized
      O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 BFISTER

BFISTER
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 05 July 2012 - 11:08 AM

Hello Gringo,

The ESET ONLINE SCANNER found some more problems as follows:

C:\Program Files (x86)\Mozilla Firefox\SmitfraudFix\Process.exe Win32/PrcView application
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\80000000.@.vir Win64/Sirefef.AL trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\800000cb.@.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz1BAD.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz216B.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz251E.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz2CFC.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz43BA.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz44B7.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz5536.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz594F.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz5D03.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz640A.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz8249.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz8508.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz893F.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trz95B5.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzAD14.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzB1AA.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzB2BC.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzB35E.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzB55E.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzB627.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzDC01.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzE20B.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzE29B.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzF181.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzF2A4.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{fe0a5220-1a60-791f-3eb3-ad5af1586f8d}\U\trzF3C2.tmp.vir Win64/Sirefef.T trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan
C:\Qoobox\Quarantine\C\Windows\SysWOW64\Process.exe.vir Win32/PrcView application
D:\backup\!Backup podatkov!\tfister\AppData\Local\Temp\nsu6C6C.tmp\OCSetupHlp.dll Win32/OpenCandy application


Thank you for your help further on.

Regards,
B.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:05 AM

Posted 05 July 2012 - 07:29 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Program Files (x86)\Mozilla Firefox\SmitfraudFix\Process.exe"
    del /f /s /q "C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
    del /f /s /q "D:\backup\!Backup podatkov!\tfister\AppData\Local\Temp\nsu6C6C.tmp\OCSetupHlp.dll"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users