Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect to easyA-Z site and other sites and Windows firewall turned off


  • This topic is locked This topic is locked
18 replies to this topic

#1 jackson33

jackson33

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 04 July 2012 - 05:44 PM

Would greatly appreciate if when one of you has some time you could help me with this

I Copy my DDS below. Runnign Gmer now, but it's already been going for 5 hours +









.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Andy at 18:52:10 on 2012-07-04
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2938.1600 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.club-vaio.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.club-vaio.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=e85eb29f00000000000000ff2a793186&tlver=1.4.19.14&affID=17163
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
uURLSearchHooks: H - No File
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [Google Update] "c:\users\andy\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Skytel] Skytel.exe
mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\andy\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\andy\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: kcl.ac.uk\firepass
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - c:\users\andy\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - c:\users\andy\appdata\local\temp\f5tmp\urxvpn.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - c:\users\andy\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\andy\appdata\local\temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\andy\appdata\local\temp\ixp000.tmp\InstallerControl.cab#-1,-1,-1,-1
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - c:\users\andy\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - c:\users\andy\appdata\local\temp\f5tmp\f5InspectionHost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - c:\users\andy\appdata\local\temp\f5tmp\urxshost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\andy\appdata\local\temp\f5tmp\urxhost.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - c:\users\andy\appdata\local\temp\f5tmp\f5opswati.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{789B4302-27CD-4727-BA87-8B5EC3E54992} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{93386FC9-11A2-4171-9D60-2C4371412B36} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 137.73.160.200 firepass.kcl.ac.uk #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#
Hosts: 137.73.160.200 firepass #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\andy\appdata\roaming\mozilla\firefox\profiles\qqbizrfy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=e85eb29f00000000000000ff2a793186&tlver=1.4.19.14&instlRef=&affID=17163&q=
FF - component: c:\users\andy\appdata\roaming\mozilla\firefox\profiles\qqbizrfy.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670} \components\XpcomOpusConnector.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\npdjvu.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\andy\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-3-23 15672]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-4 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-1-17 353688]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-12-19 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 38616]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-3-23 913752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-17 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-1-17 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-21 44808]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\cobian backup 11\cbVSCService11.exe [2012-7-4 67584]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2012-3-23 821592]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-1-12 68928]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-8-14 299008]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-9 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-10 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-9 9344]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpnwlh.sys [2010-10-20 36472]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 135664]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2011-2-18 13944]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 135664]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-8-30 81168]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2012-3-23 30600]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-7-4 27192]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-14 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-14 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-14 62752]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2012-3-23 19792]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-8-14 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-8-14 83232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2012-3-23 20336]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-07-04 15:07:34 -------- d-----w- c:\windows\LastGood.Tmp
2012-07-04 14:59:41 -------- d-----w- c:\programdata\CPA_VA
2012-07-04 14:23:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-04 14:23:00 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-07-04 14:23:00 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-04 14:23:00 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-04 14:05:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-04 14:05:04 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2012-07-04 14:05:04 140920 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-07-04 14:05:03 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-07-04 14:05:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-07-04 14:05:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-07-04 14:04:59 748664 ----a-w- c:\program files\internet explorer\iexplore.exe
2012-07-04 14:04:57 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-07-04 14:04:57 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2012-07-04 14:04:57 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-07-04 14:04:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-04 14:00:11 -------- d-----w- c:\programdata\Comodo
2012-07-04 13:59:26 -------- d-----w- c:\program files\Comodo
2012-07-04 13:55:29 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-07-04 13:55:28 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-07-04 13:55:28 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-07-04 13:55:27 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-07-04 13:55:27 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-07-04 13:55:25 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-04 13:54:58 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-04 13:54:50 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-07-04 13:54:50 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-07-04 13:54:49 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-07-04 13:54:49 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-07-04 13:54:49 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-07-04 13:54:48 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-07-04 13:54:44 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-04 13:54:43 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 13:52:55 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-04 13:52:54 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-04 13:28:49 -------- d-----w- c:\users\andy\appdata\local\ElevatedDiagnostics
2012-07-04 13:22:27 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-04 13:07:34 -------- d-----w- c:\program files\Cobian Backup 11
2012-07-04 12:00:34 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-07-04 12:00:32 -------- d-----w- c:\program files\VS Revo Group
2012-07-04 11:50:03 -------- d-----w- c:\program files\CodeStuff
2012-07-04 11:40:21 -------- d-----w- c:\users\andy\appdata\local\VS Revo Group
2012-07-04 11:23:52 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-04 11:23:18 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-04 11:23:09 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-04 11:23:09 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-03 23:49:00 -------- d-----w- c:\users\andy\The.Newsroom.2012.S01E02.720p.HDTV.x264-IMMERSE [PublicHD]
2012-06-25 20:18:51 -------- d-----w- c:\users\andy\ep1
2012-06-22 23:44:54 -------- d-----w- c:\users\andy\suits
2012-06-07 01:16:38 -------- d-----w- c:\users\andy\appdata\local\ApplicationHistory
2012-06-07 01:12:14 -------- d-----w- c:\program files\Mind Compression
2012-06-07 00:37:05 -------- d-----w- c:\windows\system32\URTTEMP
2012-06-06 23:33:14 38008320 ----a-w- c:\users\andy\footballmanager2005_vnnn_v505.exe
2012-06-06 23:32:06 49152 ----a-r- c:\users\andy\appdata\roaming\microsoft\installer\{ec0ab585-b279-4a77-8bb5-64c403e43ee7} \fm2005segatest1_EC0AB585B2794A778BB564C403E43EE7.exe
2012-06-06 23:32:06 49152 ----a-r- c:\users\andy\appdata\roaming\microsoft\installer\{ec0ab585-b279-4a77-8bb5-64c403e43ee7} \editor_EC0AB585B2794A778BB564C403E43EE7.exe
.
==================== Find3M ====================
.
2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-04-18 12:49:50 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
.
============= FINISH: 18:56:14.52 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 05 July 2012 - 08:38 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jackson33

jackson33
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 05 July 2012 - 08:27 PM

Thankyou for the quick response Gringo, and for giving your time to help.

The computer generally was, and is still, mostly working fine, although a little slow. The browser redirect is not on every link I click, but occurs intermittently. In the prep guidelines it said to run GMER, I did, and after around 13 hours overnight it gave the BSOD. Below are the logs you requested.


Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 6 Update 26
Java™ 6 Update 22
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.0.1.152
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 8.0 Firefox out of Date!
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````









ComboFix 12-07-05.04 - Andy 06/07/2012 1:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2938.1844 [GMT 1:00]
Running from: c:\users\Andy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\Skype
c:\skype\desktop.ini
c:\skype\Phone\Skype.exe
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Recent\Now You Know.url
c:\users\Andy\footballmanager2005_vnnn_v505.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\regobj.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-04 14:59 . 2012-07-04 17:44 -------- d-----w- c:\programdata\CPA_VA
2012-07-04 14:23 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-04 14:23 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-07-04 14:23 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-04 14:23 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-04 14:05 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-07-04 14:05 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-07-04 14:05 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-04 14:05 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-07-04 14:05 . 2012-05-17 22:35 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-07-04 14:05 . 2012-05-17 22:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-07-04 14:04 . 2012-05-17 23:21 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-07-04 14:04 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-07-04 14:04 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-04 14:04 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-04 14:04 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-04 14:00 . 2012-07-05 12:28 -------- d-----w- c:\programdata\Comodo
2012-07-04 13:59 . 2012-07-04 15:05 -------- d-----w- c:\program files\Comodo
2012-07-04 13:55 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-07-04 13:55 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-07-04 13:55 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-07-04 13:55 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-07-04 13:55 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-07-04 13:55 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-04 13:54 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-04 13:54 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-07-04 13:54 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-07-04 13:54 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-07-04 13:54 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-07-04 13:54 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-04 13:54 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-07-04 13:54 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-04 13:54 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 13:52 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-04 13:52 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-04 13:28 . 2012-07-04 13:28 -------- d-----w- c:\users\Andy\AppData\Local\ElevatedDiagnostics
2012-07-04 13:22 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-04 13:07 . 2012-07-05 12:33 -------- d-----w- c:\program files\Cobian Backup 11
2012-07-04 12:00 . 2009-12-30 10:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-07-04 12:00 . 2012-07-04 12:00 -------- d-----w- c:\program files\VS Revo Group
2012-07-04 11:50 . 2012-07-04 11:50 -------- d-----w- c:\program files\CodeStuff
2012-07-04 11:40 . 2012-07-04 11:40 -------- d-----w- c:\users\Andy\AppData\Local\VS Revo Group
2012-07-04 11:23 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-04 11:23 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-04 11:23 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-04 11:23 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-04 11:23 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-04 11:23 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-04 11:23 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-04 11:23 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-04 11:23 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-29 10:03 . 2012-06-29 10:03 -------- d-----w- c:\users\Guest\AppData\Roaming\IObit
2012-06-07 01:16 . 2012-06-07 01:30 -------- d-----w- c:\users\Andy\AppData\Local\ApplicationHistory
2012-06-07 01:12 . 2012-06-07 01:12 -------- d-----w- c:\program files\Mind Compression
2012-06-07 00:37 . 2012-06-07 00:37 -------- d-----w- c:\windows\system32\URTTEMP
2012-06-06 23:32 . 2012-06-06 23:32 49152 ------r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\fm2005segatest1_EC0AB585B2794A778BB564C403E43EE7.exe
2012-06-06 23:32 . 2012-06-06 23:32 49152 ------r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\editor_EC0AB585B2794A778BB564C403E43EE7.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 16:21 . 2009-01-17 15:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2009-01-17 15:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2009-01-17 15:13 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2009-01-17 15:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2009-01-17 15:13 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-09-21 15:08 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2009-01-17 15:13 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-18 12:49 . 2012-05-09 20:08 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2011-11-05 07:10 . 2011-11-21 14:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 15:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-28 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"Skytel"="Skytel.exe" [2008-07-03 1826816]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-08-14 24576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-20 6676808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 19:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ SOGOUPY.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PPLive.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PPLive.lnk
backup=c:\windows\pss\PPLive.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start Guardian.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Start Guardian.lnk
backup=c:\windows\pss\Start Guardian.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Andy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Keyboard King.lnk]
path=c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Keyboard King.lnk
backup=c:\windows\pss\Keyboard King.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Andy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-03-06 18:39 574296 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 15:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2012-07-03 16:21 4273976 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 11:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2010-09-29 11:27 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 10:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-02-01 14:49 220552 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 23:40]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 23:40]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-734840139-810832572-1079004847-1003Core.job
- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-04 19:47]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-734840139-810832572-1079004847-1003UA.job
- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-04 19:47]
.
2012-07-06 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job
- c:\program files\MATLAB\R2012a\bin\win32\MATLABStartupAccelerator.exe [2012-05-27 03:08]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: kcl.ac.uk\firepass
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - c:\users\Andy\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - c:\users\Andy\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - c:\users\Andy\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - c:\users\Andy\AppData\Local\Temp\f5tmp\f5opswati.cab
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\qqbizrfy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=e85eb29f00000000000000ff2a793186&tlver=1.4.19.14&instlRef=&affID=17163&q=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.14\BabylonToolbarsrv.exe
MSConfigStartUp-Brain Bullet - c:\progra~1\BRAINB~1\bb.exe
MSConfigStartUp-ClickPotatoLiteSA - c:\program files\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteSA.exe
MSConfigStartUp-PPLiveVA - c:\program files\PPLiveVA\PPLiveVA.exe
MSConfigStartUp-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-06 02:04
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-734840139-810832572-1079004847-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-734840139-810832572-1079004847-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{789b4302-27cd-4727-ba87-8b5ec3e54992}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f001a80
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{93386fc9-11a2-4171-9d60-2c4371412b36}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:100016ea
"Dhcpv6State"=dword:00000002
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{96ce2027-8eea-4601-bc2e-d5bd4026e0ad}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:14020054
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f3240f0a-efb2-4f33-8962-a669cf010825}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10001fe1
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\guard32.dll
.
Completion time: 2012-07-06 02:08:39
ComboFix-quarantined-files.txt 2012-07-06 01:08
.
Pre-Run: 93,352,558,592 bytes free
Post-Run: 93,262,716,928 bytes free
.
- - End Of File - - 773A48C74D748E53510F1CBCA87FDC6E

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 05 July 2012 - 09:16 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jackson33

jackson33
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 06 July 2012 - 07:47 AM

TDSSKiller report is at the bottom. aswMBR caused a blue screen (would you like me to try again?). Also just to be clear, do you want avast antivirus and firewalls off during all future scans, because you mentioned it for Combofix, but not for these? Thanks.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: 34
BCP1: 0005077C
BCP2: CF76DBD0
BCP3: CF76D8CC
BCP4: 8AC92B50
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini070612-02.dmp
C:\Users\Andy\AppData\Local\temp\WER-135050-0.sysdata.xml
C:\Users\Andy\AppData\Local\temp\WERD815.tmp.version.txt







03:31:14.0707 1784 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
03:31:14.0820 1784 ============================================================
03:31:14.0820 1784 Current date / time: 2012/07/06 03:31:14.0820
03:31:14.0820 1784 SystemInfo:
03:31:14.0820 1784
03:31:14.0820 1784 OS Version: 6.0.6002 ServicePack: 2.0
03:31:14.0820 1784 Product type: Workstation
03:31:14.0820 1784 ComputerName: HOME
03:31:14.0820 1784 UserName: Andy
03:31:14.0820 1784 Windows directory: C:\Windows
03:31:14.0820 1784 System windows directory: C:\Windows
03:31:14.0820 1784 Processor architecture: Intel x86
03:31:14.0820 1784 Number of processors: 2
03:31:14.0820 1784 Page size: 0x1000
03:31:14.0820 1784 Boot type: Normal boot
03:31:14.0821 1784 ============================================================
03:31:15.0357 1784 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
03:31:15.0366 1784 ============================================================
03:31:15.0366 1784 \Device\Harddisk0\DR0:
03:31:15.0366 1784 MBR partitions:
03:31:15.0366 1784 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x100C000, BlocksNum 0x1C1B9170
03:31:15.0366 1784 ============================================================
03:31:15.0422 1784 C: <-> \Device\Harddisk0\DR0\Partition0
03:31:15.0422 1784 ============================================================
03:31:15.0422 1784 Initialize success
03:31:15.0423 1784 ============================================================
03:31:22.0318 2880 ============================================================
03:31:22.0318 2880 Scan started
03:31:22.0318 2880 Mode: Manual; SigCheck; TDLFS;
03:31:22.0318 2880 ============================================================
03:31:22.0779 2880 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
03:31:23.0097 2880 ACPI - ok
03:31:23.0170 2880 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
03:31:23.0209 2880 adp94xx - ok
03:31:23.0239 2880 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
03:31:23.0272 2880 adpahci - ok
03:31:23.0313 2880 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
03:31:23.0342 2880 adpu160m - ok
03:31:23.0377 2880 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
03:31:23.0398 2880 adpu320 - ok
03:31:23.0598 2880 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
03:31:23.0673 2880 AdvancedSystemCareService5 - ok
03:31:23.0713 2880 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
03:31:23.0804 2880 AeLookupSvc - ok
03:31:23.0900 2880 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
03:31:23.0983 2880 AFD - ok
03:31:24.0042 2880 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
03:31:24.0078 2880 agp440 - ok
03:31:24.0108 2880 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
03:31:24.0125 2880 aic78xx - ok
03:31:24.0142 2880 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
03:31:24.0192 2880 ALG - ok
03:31:24.0219 2880 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
03:31:24.0244 2880 aliide - ok
03:31:24.0285 2880 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
03:31:24.0336 2880 amdagp - ok
03:31:24.0371 2880 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
03:31:24.0410 2880 amdide - ok
03:31:24.0452 2880 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
03:31:24.0541 2880 AmdK7 - ok
03:31:24.0564 2880 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
03:31:24.0667 2880 AmdK8 - ok
03:31:24.0733 2880 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
03:31:24.0800 2880 Appinfo - ok
03:31:24.0939 2880 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:31:24.0970 2880 Apple Mobile Device - ok
03:31:25.0038 2880 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
03:31:25.0080 2880 arc - ok
03:31:25.0130 2880 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
03:31:25.0171 2880 arcsas - ok
03:31:25.0276 2880 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
03:31:25.0312 2880 aspnet_state - ok
03:31:25.0380 2880 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
03:31:25.0476 2880 aswFsBlk - ok
03:31:25.0527 2880 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
03:31:25.0541 2880 aswMonFlt - ok
03:31:25.0563 2880 aswRdr (982e275d1c5801042fe94209fb0160fb) C:\Windows\system32\drivers\aswRdr.sys
03:31:25.0578 2880 aswRdr - ok
03:31:25.0691 2880 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
03:31:25.0782 2880 aswSnx - ok
03:31:25.0837 2880 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
03:31:25.0898 2880 aswSP - ok
03:31:25.0946 2880 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
03:31:25.0981 2880 aswTdi - ok
03:31:26.0033 2880 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
03:31:26.0139 2880 AsyncMac - ok
03:31:26.0173 2880 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
03:31:26.0213 2880 atapi - ok
03:31:26.0315 2880 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
03:31:26.0449 2880 athr - ok
03:31:26.0741 2880 atikmdag (a4e212f45b2457b39d59d4972a67af47) C:\Windows\system32\DRIVERS\atikmdag.sys
03:31:27.0012 2880 atikmdag - ok
03:31:27.0178 2880 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
03:31:27.0255 2880 AudioEndpointBuilder - ok
03:31:27.0266 2880 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
03:31:27.0300 2880 Audiosrv - ok
03:31:27.0404 2880 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
03:31:27.0438 2880 avast! Antivirus - ok
03:31:27.0494 2880 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
03:31:27.0529 2880 BcmSqlStartupSvc - ok
03:31:27.0631 2880 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
03:31:27.0719 2880 Beep - ok
03:31:27.0805 2880 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
03:31:27.0908 2880 BFE - ok
03:31:28.0025 2880 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
03:31:28.0151 2880 BITS - ok
03:31:28.0189 2880 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
03:31:28.0280 2880 blbdrive - ok
03:31:28.0393 2880 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
03:31:28.0436 2880 Bonjour Service - ok
03:31:28.0491 2880 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
03:31:28.0566 2880 bowser - ok
03:31:28.0627 2880 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
03:31:28.0704 2880 BrFiltLo - ok
03:31:28.0739 2880 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
03:31:28.0814 2880 BrFiltUp - ok
03:31:28.0862 2880 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
03:31:28.0960 2880 Browser - ok
03:31:29.0010 2880 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
03:31:29.0258 2880 Brserid - ok
03:31:29.0297 2880 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
03:31:29.0435 2880 BrSerWdm - ok
03:31:29.0460 2880 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
03:31:29.0592 2880 BrUsbMdm - ok
03:31:29.0601 2880 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
03:31:29.0743 2880 BrUsbSer - ok
03:31:29.0790 2880 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
03:31:29.0929 2880 BTHMODEM - ok
03:31:30.0056 2880 catchme - ok
03:31:30.0140 2880 cbVSCService11 (58bf7714a312698108a96d0de2bb6825) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
03:31:30.0173 2880 cbVSCService11 ( UnsignedFile.Multi.Generic ) - warning
03:31:30.0173 2880 cbVSCService11 - detected UnsignedFile.Multi.Generic (1)
03:31:30.0216 2880 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
03:31:30.0293 2880 cdfs - ok
03:31:30.0340 2880 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
03:31:30.0398 2880 cdrom - ok
03:31:30.0462 2880 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
03:31:30.0561 2880 CertPropSvc - ok
03:31:30.0600 2880 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
03:31:30.0689 2880 circlass - ok
03:31:30.0737 2880 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
03:31:30.0786 2880 CLFS - ok
03:31:30.0949 2880 CLPSLS (be465a17fda2e79ed49053cbec7e9335) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
03:31:31.0032 2880 CLPSLS - ok
03:31:31.0110 2880 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:31:31.0151 2880 clr_optimization_v2.0.50727_32 - ok
03:31:31.0228 2880 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:31:31.0266 2880 clr_optimization_v4.0.30319_32 - ok
03:31:31.0421 2880 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
03:31:31.0504 2880 CmBatt - ok
03:31:31.0756 2880 cmdAgent (6629d81b41badd0d787f0e306ceee7e0) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
03:31:31.0888 2880 cmdAgent - ok
03:31:32.0084 2880 cmdGuard (9c46c7210367b7f5d1eacc6c29602bd6) C:\Windows\system32\DRIVERS\cmdguard.sys
03:31:32.0160 2880 cmdGuard - ok
03:31:32.0197 2880 cmdHlp (b4c05b0bfcb90c030085893a39863b6f) C:\Windows\system32\DRIVERS\cmdhlp.sys
03:31:32.0231 2880 cmdHlp - ok
03:31:32.0271 2880 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
03:31:32.0309 2880 cmdide - ok
03:31:32.0338 2880 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
03:31:32.0376 2880 Compbatt - ok
03:31:32.0384 2880 COMSysApp - ok
03:31:32.0408 2880 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
03:31:32.0450 2880 crcdisk - ok
03:31:32.0477 2880 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
03:31:32.0542 2880 Crusoe - ok
03:31:32.0600 2880 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
03:31:32.0678 2880 CryptSvc - ok
03:31:32.0749 2880 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
03:31:32.0880 2880 DcomLaunch - ok
03:31:32.0921 2880 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
03:31:32.0999 2880 DfsC - ok
03:31:33.0186 2880 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
03:31:33.0370 2880 DFSR - ok
03:31:33.0520 2880 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
03:31:33.0596 2880 Dhcp - ok
03:31:33.0679 2880 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
03:31:33.0721 2880 disk - ok
03:31:33.0786 2880 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
03:31:33.0816 2880 DMICall - ok
03:31:33.0879 2880 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
03:31:33.0948 2880 Dnscache - ok
03:31:33.0991 2880 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
03:31:34.0091 2880 dot3svc - ok
03:31:34.0157 2880 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
03:31:34.0256 2880 DPS - ok
03:31:34.0310 2880 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
03:31:34.0394 2880 drmkaud - ok
03:31:34.0472 2880 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
03:31:34.0572 2880 DXGKrnl - ok
03:31:34.0646 2880 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
03:31:34.0740 2880 E1G60 - ok
03:31:34.0793 2880 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
03:31:34.0861 2880 EapHost - ok
03:31:34.0926 2880 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
03:31:34.0985 2880 Ecache - ok
03:31:35.0054 2880 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
03:31:35.0109 2880 ehRecvr - ok
03:31:35.0144 2880 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
03:31:35.0229 2880 ehSched - ok
03:31:35.0245 2880 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
03:31:35.0315 2880 ehstart - ok
03:31:35.0365 2880 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
03:31:35.0401 2880 ElbyCDIO - ok
03:31:35.0469 2880 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
03:31:35.0537 2880 elxstor - ok
03:31:35.0625 2880 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
03:31:35.0739 2880 EMDMgmt - ok
03:31:35.0797 2880 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
03:31:35.0888 2880 ErrDev - ok
03:31:35.0954 2880 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
03:31:36.0010 2880 EventSystem - ok
03:31:36.0117 2880 EvtEng (306ac856622864c761cbdb5e816bb9d8) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
03:31:36.0151 2880 EvtEng ( UnsignedFile.Multi.Generic ) - warning
03:31:36.0151 2880 EvtEng - detected UnsignedFile.Multi.Generic (1)
03:31:36.0219 2880 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
03:31:36.0301 2880 exfat - ok
03:31:36.0370 2880 f5ipfw (4a018575c59bb924bcbfe7389a841540) C:\Windows\system32\drivers\urfltwlh.sys
03:31:36.0401 2880 f5ipfw - ok
03:31:36.0450 2880 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
03:31:36.0544 2880 fastfat - ok
03:31:36.0583 2880 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
03:31:36.0669 2880 fdc - ok
03:31:36.0714 2880 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
03:31:36.0800 2880 fdPHost - ok
03:31:36.0817 2880 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
03:31:36.0949 2880 FDResPub - ok
03:31:36.0975 2880 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
03:31:37.0014 2880 FileInfo - ok
03:31:37.0140 2880 FileMonitor (47b91551fe7489a323baf4904cad757a) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys
03:31:37.0173 2880 FileMonitor - ok
03:31:37.0215 2880 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
03:31:37.0299 2880 Filetrace - ok
03:31:37.0435 2880 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
03:31:37.0516 2880 FLEXnet Licensing Service - ok
03:31:37.0560 2880 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
03:31:37.0645 2880 flpydisk - ok
03:31:37.0706 2880 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
03:31:37.0762 2880 FltMgr - ok
03:31:37.0883 2880 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
03:31:38.0001 2880 FontCache - ok
03:31:38.0088 2880 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
03:31:38.0125 2880 FontCache3.0.0.0 - ok
03:31:38.0196 2880 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
03:31:38.0235 2880 fssfltr - ok
03:31:38.0451 2880 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
03:31:38.0575 2880 fsssvc - ok
03:31:38.0736 2880 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
03:31:38.0798 2880 Fs_Rec - ok
03:31:38.0842 2880 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
03:31:38.0881 2880 gagp30kx - ok
03:31:38.0919 2880 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:31:38.0950 2880 GEARAspiWDM - ok
03:31:39.0051 2880 getPlusHelper (360fc9e29ebcd7cb75320e2663eba0f2) C:\Program Files\NOS\bin\getPlus_Helper.dll
03:31:39.0083 2880 getPlusHelper - ok
03:31:39.0154 2880 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
03:31:39.0296 2880 gpsvc - ok
03:31:39.0413 2880 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
03:31:39.0447 2880 gupdate - ok
03:31:39.0473 2880 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
03:31:39.0507 2880 gupdatem - ok
03:31:39.0570 2880 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
03:31:39.0617 2880 gusvc - ok
03:31:39.0676 2880 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
03:31:39.0822 2880 HdAudAddService - ok
03:31:39.0880 2880 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
03:31:39.0989 2880 HDAudBus - ok
03:31:40.0020 2880 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
03:31:40.0156 2880 HidBth - ok
03:31:40.0198 2880 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
03:31:40.0321 2880 HidIr - ok
03:31:40.0378 2880 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
03:31:40.0440 2880 hidserv - ok
03:31:40.0470 2880 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
03:31:40.0540 2880 HidUsb - ok
03:31:40.0585 2880 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
03:31:40.0678 2880 hkmsvc - ok
03:31:40.0717 2880 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
03:31:40.0758 2880 HpCISSs - ok
03:31:40.0896 2880 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
03:31:40.0940 2880 hpqcxs08 - ok
03:31:40.0968 2880 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
03:31:41.0001 2880 hpqddsvc - ok
03:31:41.0091 2880 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
03:31:41.0170 2880 HPSLPSVC - ok
03:31:41.0229 2880 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
03:31:41.0340 2880 HSFHWAZL - ok
03:31:41.0446 2880 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
03:31:41.0552 2880 HSF_DPV - ok
03:31:41.0630 2880 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
03:31:41.0673 2880 HSXHWAZL - ok
03:31:41.0745 2880 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
03:31:41.0818 2880 HTTP - ok
03:31:41.0858 2880 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
03:31:41.0897 2880 i2omp - ok
03:31:41.0952 2880 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
03:31:42.0021 2880 i8042prt - ok
03:31:42.0095 2880 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
03:31:42.0137 2880 iaStor - ok
03:31:42.0198 2880 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
03:31:42.0256 2880 iaStorV - ok
03:31:42.0389 2880 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:31:42.0480 2880 idsvc - ok
03:31:42.0683 2880 igfx (ce5ff5d5e3f4ca974e36dc24c15474d0) C:\Windows\system32\DRIVERS\igdkmd32.sys
03:31:42.0896 2880 igfx - ok
03:31:43.0062 2880 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
03:31:43.0099 2880 iirsp - ok
03:31:43.0171 2880 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
03:31:43.0275 2880 IKEEXT - ok
03:31:43.0453 2880 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
03:31:43.0528 2880 IMFservice - ok
03:31:43.0623 2880 inspect (bd2e5fab6f73c57ff67d3e1428e5b8ee) C:\Windows\system32\DRIVERS\inspect.sys
03:31:43.0659 2880 inspect - ok
03:31:43.0852 2880 IntcAzAudAddService (4a0f260df9a5333c07f4ab40ca9d4f4b) C:\Windows\system32\drivers\RTKVHDA.sys
03:31:44.0025 2880 IntcAzAudAddService - ok
03:31:44.0202 2880 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
03:31:44.0240 2880 intelide - ok
03:31:44.0292 2880 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
03:31:44.0381 2880 intelppm - ok
03:31:44.0421 2880 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
03:31:44.0537 2880 IPBusEnum - ok
03:31:44.0566 2880 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:31:44.0652 2880 IpFilterDriver - ok
03:31:44.0722 2880 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
03:31:44.0810 2880 iphlpsvc - ok
03:31:44.0819 2880 IpInIp - ok
03:31:44.0865 2880 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
03:31:44.0960 2880 IPMIDRV - ok
03:31:44.0992 2880 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
03:31:45.0032 2880 IPNAT - ok
03:31:45.0137 2880 iPod Service (ca9d4b998bff311a539604ed87318fa0) C:\Program Files\iPod\bin\iPodService.exe
03:31:45.0206 2880 iPod Service - ok
03:31:45.0222 2880 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
03:31:45.0316 2880 IRENUM - ok
03:31:45.0365 2880 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
03:31:45.0404 2880 isapnp - ok
03:31:45.0447 2880 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
03:31:45.0495 2880 iScsiPrt - ok
03:31:45.0519 2880 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
03:31:45.0556 2880 iteatapi - ok
03:31:45.0594 2880 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
03:31:45.0631 2880 iteraid - ok
03:31:45.0709 2880 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
03:31:45.0746 2880 IviRegMgr - ok
03:31:45.0782 2880 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
03:31:45.0821 2880 kbdclass - ok
03:31:45.0848 2880 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
03:31:45.0925 2880 kbdhid - ok
03:31:45.0962 2880 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
03:31:46.0014 2880 KeyIso - ok
03:31:46.0074 2880 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
03:31:46.0144 2880 KSecDD - ok
03:31:46.0213 2880 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
03:31:46.0325 2880 KtmRm - ok
03:31:46.0366 2880 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
03:31:46.0446 2880 LanmanServer - ok
03:31:46.0522 2880 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
03:31:46.0606 2880 LanmanWorkstation - ok
03:31:46.0667 2880 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
03:31:46.0758 2880 lltdio - ok
03:31:46.0819 2880 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
03:31:46.0926 2880 lltdsvc - ok
03:31:46.0946 2880 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
03:31:47.0079 2880 lmhosts - ok
03:31:47.0127 2880 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
03:31:47.0172 2880 LSI_FC - ok
03:31:47.0197 2880 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
03:31:47.0243 2880 LSI_SAS - ok
03:31:47.0261 2880 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
03:31:47.0314 2880 LSI_SCSI - ok
03:31:47.0360 2880 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
03:31:47.0409 2880 luafv - ok
03:31:47.0550 2880 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
03:31:47.0586 2880 McciCMService ( UnsignedFile.Multi.Generic ) - warning
03:31:47.0586 2880 McciCMService - detected UnsignedFile.Multi.Generic (1)
03:31:47.0633 2880 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
03:31:47.0701 2880 Mcx2Svc - ok
03:31:47.0742 2880 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
03:31:47.0798 2880 mdmxsdk - ok
03:31:47.0862 2880 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
03:31:47.0900 2880 megasas - ok
03:31:47.0969 2880 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
03:31:48.0036 2880 MegaSR - ok
03:31:48.0076 2880 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
03:31:48.0162 2880 MMCSS - ok
03:31:48.0191 2880 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
03:31:48.0272 2880 Modem - ok
03:31:48.0317 2880 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
03:31:48.0413 2880 monitor - ok
03:31:48.0473 2880 MotioninJoyXFilter (61448ba3cca3063541437694a5527af2) C:\Windows\system32\DRIVERS\MijXfilt.sys
03:31:48.0512 2880 MotioninJoyXFilter - ok
03:31:48.0558 2880 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
03:31:48.0599 2880 mouclass - ok
03:31:48.0623 2880 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
03:31:48.0709 2880 mouhid - ok
03:31:48.0766 2880 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
03:31:48.0805 2880 MountMgr - ok
03:31:48.0847 2880 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
03:31:48.0895 2880 mpio - ok
03:31:48.0920 2880 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
03:31:49.0001 2880 mpsdrv - ok
03:31:49.0056 2880 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
03:31:49.0140 2880 MpsSvc - ok
03:31:49.0177 2880 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
03:31:49.0192 2880 Mraid35x - ok
03:31:49.0309 2880 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
03:31:49.0349 2880 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
03:31:49.0349 2880 MREMP50 - detected UnsignedFile.Multi.Generic (1)
03:31:49.0357 2880 MREMPR5 - ok
03:31:49.0371 2880 MRENDIS5 - ok
03:31:49.0405 2880 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
03:31:49.0423 2880 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
03:31:49.0423 2880 MRESP50 - detected UnsignedFile.Multi.Generic (1)
03:31:49.0468 2880 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
03:31:49.0545 2880 MRxDAV - ok
03:31:49.0603 2880 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:31:49.0658 2880 mrxsmb - ok
03:31:49.0716 2880 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:31:49.0778 2880 mrxsmb10 - ok
03:31:49.0823 2880 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:31:49.0871 2880 mrxsmb20 - ok
03:31:49.0917 2880 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
03:31:49.0957 2880 msahci - ok
03:31:50.0032 2880 MSCSPTISRV (a99d2c7e30ad63ef920a894131caf5f7) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
03:31:50.0071 2880 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
03:31:50.0071 2880 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
03:31:50.0115 2880 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
03:31:50.0160 2880 msdsm - ok
03:31:50.0210 2880 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
03:31:50.0299 2880 MSDTC - ok
03:31:50.0357 2880 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
03:31:50.0450 2880 Msfs - ok
03:31:50.0507 2880 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
03:31:50.0547 2880 msisadrv - ok
03:31:50.0598 2880 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
03:31:50.0691 2880 MSiSCSI - ok
03:31:50.0701 2880 msiserver - ok
03:31:50.0755 2880 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
03:31:50.0829 2880 MSKSSRV - ok
03:31:50.0867 2880 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
03:31:50.0950 2880 MSPCLOCK - ok
03:31:50.0976 2880 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
03:31:51.0051 2880 MSPQM - ok
03:31:51.0099 2880 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
03:31:51.0145 2880 MsRPC - ok
03:31:51.0203 2880 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
03:31:51.0241 2880 mssmbios - ok
03:31:51.0332 2880 MSSQL$MSSMLBIZ - ok
03:31:51.0409 2880 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
03:31:51.0443 2880 MSSQLServerADHelper - ok
03:31:51.0464 2880 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
03:31:51.0558 2880 MSTEE - ok
03:31:51.0594 2880 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
03:31:51.0635 2880 Mup - ok
03:31:51.0681 2880 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
03:31:51.0775 2880 napagent - ok
03:31:51.0832 2880 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
03:31:51.0861 2880 NativeWifiP - ok
03:31:51.0929 2880 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
03:31:52.0010 2880 NDIS - ok
03:31:52.0058 2880 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
03:31:52.0132 2880 NdisTapi - ok
03:31:52.0150 2880 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
03:31:52.0237 2880 Ndisuio - ok
03:31:52.0274 2880 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
03:31:52.0352 2880 NdisWan - ok
03:31:52.0406 2880 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
03:31:52.0475 2880 NDProxy - ok
03:31:52.0535 2880 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\Windows\system32\HPZinw12.dll
03:31:52.0570 2880 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
03:31:52.0570 2880 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
03:31:52.0599 2880 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
03:31:52.0679 2880 NetBIOS - ok
03:31:52.0720 2880 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
03:31:52.0797 2880 netbt - ok
03:31:52.0835 2880 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
03:31:52.0887 2880 Netlogon - ok
03:31:52.0944 2880 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
03:31:53.0052 2880 Netman - ok
03:31:53.0100 2880 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
03:31:53.0201 2880 netprofm - ok
03:31:53.0297 2880 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:31:53.0337 2880 NetTcpPortSharing - ok
03:31:53.0619 2880 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
03:31:53.0805 2880 NETw5v32 - ok
03:31:53.0968 2880 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
03:31:54.0011 2880 nfrd960 - ok
03:31:54.0068 2880 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
03:31:54.0177 2880 NlaSvc - ok
03:31:54.0235 2880 nlsX86cc (1e38790bdea07472c4b16add469e9912) C:\Windows\system32\NLSSRV32.EXE
03:31:54.0274 2880 nlsX86cc - ok
03:31:54.0302 2880 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
03:31:54.0378 2880 Npfs - ok
03:31:54.0432 2880 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
03:31:54.0518 2880 nsi - ok
03:31:54.0571 2880 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
03:31:54.0641 2880 nsiproxy - ok
03:31:54.0783 2880 NSUService (fd141d19f1392920a6a517316910d770) C:\Program Files\Sony\Network Utility\NSUService.exe
03:31:54.0807 2880 NSUService ( UnsignedFile.Multi.Generic ) - warning
03:31:54.0807 2880 NSUService - detected UnsignedFile.Multi.Generic (1)
03:31:54.0934 2880 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
03:31:55.0024 2880 Ntfs - ok
03:31:55.0066 2880 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
03:31:55.0190 2880 ntrigdigi - ok
03:31:55.0220 2880 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
03:31:55.0305 2880 Null - ok
03:31:55.0340 2880 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
03:31:55.0387 2880 nvraid - ok
03:31:55.0411 2880 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
03:31:55.0468 2880 nvstor - ok
03:31:55.0499 2880 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
03:31:55.0543 2880 nv_agp - ok
03:31:55.0553 2880 NwlnkFlt - ok
03:31:55.0568 2880 NwlnkFwd - ok
03:31:55.0623 2880 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
03:31:55.0704 2880 ohci1394 - ok
03:31:55.0802 2880 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:31:55.0852 2880 ose - ok
03:31:55.0931 2880 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
03:31:56.0058 2880 p2pimsvc - ok
03:31:56.0077 2880 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
03:31:56.0154 2880 p2psvc - ok
03:31:56.0238 2880 PACSPTISVR (41c33fb4fd929fed732a00d2daef5be0) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
03:31:56.0256 2880 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
03:31:56.0256 2880 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
03:31:56.0299 2880 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
03:31:56.0427 2880 Parport - ok
03:31:56.0465 2880 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
03:31:56.0488 2880 partmgr - ok
03:31:56.0509 2880 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
03:31:56.0575 2880 Parvdm - ok
03:31:56.0623 2880 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
03:31:56.0664 2880 PcaSvc - ok
03:31:56.0688 2880 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
03:31:56.0717 2880 pci - ok
03:31:56.0763 2880 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
03:31:56.0795 2880 pciide - ok
03:31:56.0828 2880 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
03:31:56.0882 2880 pcmcia - ok
03:31:56.0977 2880 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
03:31:57.0171 2880 PEAUTH - ok
03:31:57.0338 2880 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
03:31:57.0487 2880 pla - ok
03:31:57.0624 2880 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
03:31:57.0704 2880 PlugPlay - ok
03:31:57.0752 2880 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\Windows\system32\HPZipm12.dll
03:31:57.0772 2880 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
03:31:57.0773 2880 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
03:31:57.0849 2880 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
03:31:57.0927 2880 PNRPAutoReg - ok
03:31:57.0949 2880 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
03:31:58.0026 2880 PNRPsvc - ok
03:31:58.0079 2880 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
03:31:58.0183 2880 PolicyAgent - ok
03:31:58.0277 2880 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
03:31:58.0375 2880 PptpMiniport - ok
03:31:58.0402 2880 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
03:31:58.0492 2880 Processor - ok
03:31:58.0525 2880 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
03:31:58.0597 2880 ProfSvc - ok
03:31:58.0633 2880 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
03:31:58.0685 2880 ProtectedStorage - ok
03:31:58.0722 2880 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
03:31:58.0799 2880 PSched - ok
03:31:58.0839 2880 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
03:31:58.0876 2880 PxHelp20 - ok
03:31:59.0002 2880 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
03:31:59.0115 2880 ql2300 - ok
03:31:59.0150 2880 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
03:31:59.0193 2880 ql40xx - ok
03:31:59.0253 2880 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
03:31:59.0338 2880 QWAVE - ok
03:31:59.0377 2880 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
03:31:59.0422 2880 QWAVEdrv - ok
03:31:59.0450 2880 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
03:31:59.0549 2880 RasAcd - ok
03:31:59.0598 2880 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
03:31:59.0695 2880 RasAuto - ok
03:31:59.0721 2880 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:31:59.0813 2880 Rasl2tp - ok
03:31:59.0855 2880 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
03:31:59.0945 2880 RasMan - ok
03:31:59.0985 2880 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
03:32:00.0062 2880 RasPppoe - ok
03:32:00.0101 2880 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
03:32:00.0148 2880 RasSstp - ok
03:32:00.0198 2880 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
03:32:00.0286 2880 rdbss - ok
03:32:00.0332 2880 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:32:00.0419 2880 RDPCDD - ok
03:32:00.0510 2880 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
03:32:00.0616 2880 rdpdr - ok
03:32:00.0643 2880 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
03:32:00.0733 2880 RDPENCDD - ok
03:32:00.0788 2880 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
03:32:00.0884 2880 RDPWD - ok
03:32:01.0017 2880 RegFilter (bbe6ea838bffcfe7e27909545b237164) C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys
03:32:01.0048 2880 RegFilter - ok
03:32:01.0083 2880 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
03:32:01.0113 2880 regi - ok
03:32:01.0221 2880 RegSrvc (b33c88df3588acf250b87a004526c31a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
03:32:01.0271 2880 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
03:32:01.0271 2880 RegSrvc - detected UnsignedFile.Multi.Generic (1)
03:32:01.0333 2880 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
03:32:01.0414 2880 RemoteAccess - ok
03:32:01.0458 2880 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
03:32:01.0545 2880 RemoteRegistry - ok
03:32:01.0597 2880 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
03:32:01.0628 2880 Revoflt - ok
03:32:01.0674 2880 rimsptsk (d0c2a0ce1091e08efb7ccba6cea4c3f9) C:\Windows\system32\DRIVERS\rimsptsk.sys
03:32:01.0718 2880 rimsptsk - ok
03:32:01.0780 2880 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
03:32:01.0853 2880 RimUsb - ok
03:32:01.0911 2880 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
03:32:01.0966 2880 RimVSerPort - ok
03:32:02.0012 2880 risdptsk (c22e4e27ccdf9aa5fe8143104f28cde3) C:\Windows\system32\DRIVERS\risdptsk.sys
03:32:02.0079 2880 risdptsk - ok
03:32:02.0141 2880 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
03:32:02.0215 2880 ROOTMODEM - ok
03:32:02.0264 2880 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
03:32:02.0333 2880 RpcLocator - ok
03:32:02.0404 2880 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
03:32:02.0499 2880 RpcSs - ok
03:32:02.0545 2880 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
03:32:02.0635 2880 rspndr - ok
03:32:02.0707 2880 RtkAudioService (65330e78c17db8a99a7ff1ba3c8824b6) C:\Windows\RtkAudioService.exe
03:32:02.0740 2880 RtkAudioService - ok
03:32:02.0779 2880 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
03:32:02.0829 2880 SamSs - ok
03:32:02.0861 2880 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
03:32:02.0903 2880 sbp2port - ok
03:32:02.0947 2880 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
03:32:03.0021 2880 SCardSvr - ok
03:32:03.0100 2880 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
03:32:03.0251 2880 Schedule - ok
03:32:03.0286 2880 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
03:32:03.0348 2880 SCPolicySvc - ok
03:32:03.0407 2880 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
03:32:03.0545 2880 sdbus - ok
03:32:03.0602 2880 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
03:32:03.0657 2880 SDRSVC - ok
03:32:03.0687 2880 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
03:32:03.0752 2880 secdrv - ok
03:32:03.0843 2880 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
03:32:03.0938 2880 seclogon - ok
03:32:04.0114 2880 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
03:32:04.0208 2880 SENS - ok
03:32:04.0240 2880 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
03:32:04.0369 2880 Serenum - ok
03:32:04.0410 2880 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
03:32:04.0560 2880 Serial - ok
03:32:04.0597 2880 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
03:32:04.0672 2880 sermouse - ok
03:32:04.0742 2880 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
03:32:04.0832 2880 SessionEnv - ok
03:32:04.0906 2880 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
03:32:04.0977 2880 SFEP - ok
03:32:05.0005 2880 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
03:32:05.0085 2880 sffdisk - ok
03:32:05.0155 2880 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
03:32:05.0251 2880 sffp_mmc - ok
03:32:05.0312 2880 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
03:32:05.0425 2880 sffp_sd - ok
03:32:05.0497 2880 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
03:32:05.0601 2880 sfloppy - ok
03:32:06.0911 2880 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
03:32:07.0030 2880 SharedAccess - ok
03:32:08.0246 2880 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
03:32:08.0342 2880 ShellHWDetection - ok
03:32:08.0384 2880 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
03:32:08.0424 2880 sisagp - ok
03:32:08.0624 2880 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
03:32:08.0673 2880 SiSRaid2 - ok
03:32:08.0977 2880 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
03:32:09.0027 2880 SiSRaid4 - ok
03:32:14.0409 2880 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
03:32:14.0612 2880 slsvc - ok
03:32:14.0746 2880 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
03:32:14.0836 2880 SLUINotify - ok
03:32:14.0990 2880 SmartDefragDriver (46b40982af166bf89c3f51fb13e60d6d) C:\Windows\system32\Drivers\SmartDefragDriver.sys
03:32:15.0044 2880 SmartDefragDriver - ok
03:32:15.0118 2880 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
03:32:15.0182 2880 Smb - ok
03:32:15.0234 2880 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
03:32:15.0294 2880 SNMPTRAP - ok
03:32:15.0412 2880 SOHCImp (dc826affa608f50c385bca4c71ef1bdd) C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
03:32:15.0448 2880 SOHCImp - ok
03:32:15.0488 2880 SOHDms (1ec739f65c51fa1c7ac4502464a3c3a8) C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
03:32:15.0547 2880 SOHDms - ok
03:32:15.0571 2880 SOHDs (ec8fab4ac684445d6032aa5c6e77ca2e) C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
03:32:15.0602 2880 SOHDs - ok
03:32:15.0645 2880 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
03:32:15.0683 2880 spldr - ok
03:32:15.0731 2880 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
03:32:15.0829 2880 Spooler - ok
03:32:15.0856 2880 sptd - ok
03:32:15.0940 2880 SPTISRV (f63102f289ae2039940b22e9b2a8e0bd) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
03:32:15.0959 2880 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
03:32:15.0959 2880 SPTISRV - detected UnsignedFile.Multi.Generic (1)
03:32:16.0018 2880 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
03:32:16.0034 2880 SQLBrowser - ok
03:32:16.0080 2880 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
03:32:16.0113 2880 SQLWriter - ok
03:32:16.0182 2880 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
03:32:16.0266 2880 srv - ok
03:32:16.0322 2880 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
03:32:16.0401 2880 srv2 - ok
03:32:16.0440 2880 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
03:32:16.0497 2880 srvnet - ok
03:32:16.0551 2880 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
03:32:16.0656 2880 SSDPSRV - ok
03:32:16.0702 2880 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
03:32:16.0805 2880 SstpSvc - ok
03:32:16.0873 2880 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
03:32:16.0981 2880 stisvc - ok
03:32:17.0035 2880 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
03:32:17.0073 2880 swenum - ok
03:32:17.0126 2880 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
03:32:17.0226 2880 swprv - ok
03:32:17.0269 2880 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
03:32:17.0307 2880 Symc8xx - ok
03:32:17.0326 2880 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
03:32:17.0364 2880 Sym_hi - ok
03:32:17.0391 2880 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
03:32:17.0428 2880 Sym_u3 - ok
03:32:17.0496 2880 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
03:32:17.0550 2880 SynTP - ok
03:32:17.0615 2880 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
03:32:17.0740 2880 SysMain - ok
03:32:17.0791 2880 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
03:32:17.0858 2880 TabletInputService - ok
03:32:17.0903 2880 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
03:32:17.0916 2880 taphss - ok
03:32:17.0967 2880 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
03:32:18.0022 2880 TapiSrv - ok
03:32:18.0068 2880 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
03:32:18.0162 2880 TBS - ok
03:32:18.0277 2880 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
03:32:18.0378 2880 Tcpip - ok
03:32:18.0408 2880 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
03:32:18.0492 2880 Tcpip6 - ok
03:32:18.0533 2880 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
03:32:18.0595 2880 tcpipreg - ok
03:32:18.0630 2880 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
03:32:18.0716 2880 TDPIPE - ok
03:32:18.0750 2880 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
03:32:18.0829 2880 TDTCP - ok
03:32:18.0870 2880 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
03:32:18.0948 2880 tdx - ok
03:32:18.0985 2880 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
03:32:19.0027 2880 TermDD - ok
03:32:19.0086 2880 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
03:32:19.0232 2880 TermService - ok
03:32:19.0289 2880 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
03:32:19.0351 2880 Themes - ok
03:32:19.0405 2880 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
03:32:19.0486 2880 THREADORDER - ok
03:32:19.0535 2880 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
03:32:19.0631 2880 TrkWks - ok
03:32:19.0705 2880 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
03:32:19.0768 2880 TrustedInstaller - ok
03:32:19.0825 2880 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:32:19.0911 2880 tssecsrv - ok
03:32:19.0938 2880 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
03:32:20.0002 2880 tunmp - ok
03:32:20.0041 2880 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
03:32:20.0089 2880 tunnel - ok
03:32:20.0133 2880 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
03:32:20.0174 2880 uagp35 - ok
03:32:20.0225 2880 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
03:32:20.0301 2880 udfs - ok
03:32:20.0355 2880 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
03:32:20.0419 2880 UI0Detect - ok
03:32:20.0457 2880 UIUSys - ok
03:32:20.0494 2880 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
03:32:20.0537 2880 uliagpkx - ok
03:32:20.0575 2880 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
03:32:20.0604 2880 uliahci - ok
03:32:20.0642 2880 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
03:32:20.0665 2880 UlSata - ok
03:32:20.0684 2880 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
03:32:20.0738 2880 ulsata2 - ok
03:32:20.0764 2880 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
03:32:20.0858 2880 umbus - ok
03:32:20.0915 2880 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
03:32:21.0017 2880 upnphost - ok
03:32:21.0151 2880 UrlFilter (8d5437d41b868bb28403fe10d9a3fd51) C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys
03:32:21.0181 2880 UrlFilter - ok
03:32:21.0219 2880 urvpndrv (463f1dcfbcd4daea4c19791c88c13e98) C:\Windows\system32\DRIVERS\covpnwlh.sys
03:32:21.0247 2880 urvpndrv - ok
03:32:21.0297 2880 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
03:32:21.0364 2880 USBAAPL - ok
03:32:21.0424 2880 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
03:32:21.0501 2880 usbccgp - ok
03:32:21.0553 2880 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
03:32:21.0689 2880 usbcir - ok
03:32:21.0718 2880 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
03:32:21.0783 2880 usbehci - ok
03:32:21.0832 2880 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
03:32:21.0923 2880 usbhub - ok
03:32:21.0972 2880 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
03:32:22.0101 2880 usbohci - ok
03:32:22.0140 2880 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
03:32:22.0271 2880 usbprint - ok
03:32:22.0310 2880 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:32:22.0376 2880 USBSTOR - ok
03:32:22.0402 2880 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
03:32:22.0474 2880 usbuhci - ok
03:32:22.0529 2880 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
03:32:22.0613 2880 usbvideo - ok
03:32:22.0652 2880 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
03:32:22.0737 2880 UxSms - ok
03:32:22.0836 2880 VAIO Entertainment TV Device Arbitration Service (2a640dc735cb0112ac1dcd1e1549b27e) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
03:32:22.0878 2880 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
03:32:22.0878 2880 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
03:32:22.0994 2880 VAIO Event Service (693a3fdd279c345105fff9dde277849b) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
03:32:23.0030 2880 VAIO Event Service - ok
03:32:23.0095 2880 VAIO Power Management (43cec9bf5a4f2917982ad01d92e0f44d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
03:32:23.0142 2880 VAIO Power Management - ok
03:32:23.0229 2880 VCFw (cbcbe2233d21e9b278f95f5cb28bc8ae) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
03:32:23.0272 2880 VCFw ( UnsignedFile.Multi.Generic ) - warning
03:32:23.0272 2880 VCFw - detected UnsignedFile.Multi.Generic (1)
03:32:23.0344 2880 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
03:32:23.0415 2880 VClone - ok
03:32:23.0499 2880 VcmIAlzMgr (27888f132d2ee0b72b28093a5f5f20eb) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
03:32:23.0558 2880 VcmIAlzMgr - ok
03:32:23.0604 2880 VcmXmlIfHelper (ee9abfc2f8f2dcdc624b6a9d5cf3b19d) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
03:32:23.0640 2880 VcmXmlIfHelper - ok
03:32:23.0678 2880 Vcsw - ok
03:32:23.0844 2880 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
03:32:24.0095 2880 vds - ok
03:32:24.0292 2880 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
03:32:24.0383 2880 vga - ok
03:32:24.0406 2880 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
03:32:24.0491 2880 VgaSave - ok
03:32:24.0524 2880 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
03:32:24.0564 2880 viaagp - ok
03:32:24.0592 2880 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
03:32:24.0678 2880 ViaC7 - ok
03:32:24.0702 2880 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
03:32:24.0745 2880 viaide - ok
03:32:24.0793 2880 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
03:32:24.0839 2880 volmgr - ok
03:32:24.0903 2880 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
03:32:24.0955 2880 volmgrx - ok
03:32:25.0009 2880 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
03:32:25.0071 2880 volsnap - ok
03:32:25.0128 2880 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
03:32:25.0175 2880 vsmraid - ok
03:32:25.0275 2880 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
03:32:25.0415 2880 VSS - ok
03:32:25.0880 2880 VzCdbSvc (071634532066c2e29350d450c3412837) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
03:32:25.0891 2880 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
03:32:25.0891 2880 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
03:32:25.0945 2880 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
03:32:26.0009 2880 W32Time - ok
03:32:26.0248 2880 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
03:32:26.0408 2880 WacomPen - ok
03:32:26.0434 2880 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
03:32:26.0524 2880 Wanarp - ok
03:32:26.0535 2880 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
03:32:26.0587 2880 Wanarpv6 - ok
03:32:26.0653 2880 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
03:32:26.0767 2880 wcncsvc - ok
03:32:26.0806 2880 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
03:32:26.0892 2880 WcsPlugInService - ok
03:32:26.0943 2880 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
03:32:26.0973 2880 Wd - ok
03:32:27.0030 2880 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
03:32:27.0091 2880 Wdf01000 - ok
03:32:27.0111 2880 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
03:32:27.0171 2880 WdiServiceHost - ok
03:32:27.0179 2880 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
03:32:27.0237 2880 WdiSystemHost - ok
03:32:27.0271 2880 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
03:32:27.0321 2880 WebClient - ok
03:32:27.0363 2880 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
03:32:27.0440 2880 Wecsvc - ok
03:32:27.0493 2880 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
03:32:27.0562 2880 wercplsupport - ok
03:32:27.0591 2880 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
03:32:27.0652 2880 WerSvc - ok
03:32:27.0703 2880 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
03:32:27.0738 2880 WimFltr - ok
03:32:27.0805 2880 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
03:32:27.0886 2880 winachsf - ok
03:32:27.0998 2880 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
03:32:28.0057 2880 WinDefend - ok
03:32:28.0073 2880 WinHttpAutoProxySvc - ok
03:32:28.0173 2880 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
03:32:28.0240 2880 Winmgmt - ok
03:32:28.0365 2880 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
03:32:28.0529 2880 WinRM - ok
03:32:28.0621 2880 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
03:32:28.0738 2880 Wlansvc - ok
03:32:28.0832 2880 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
03:32:28.0867 2880 wlcrasvc - ok
03:32:29.0061 2880 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:32:29.0180 2880 wlidsvc - ok
03:32:29.0334 2880 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
03:32:29.0416 2880 WmiAcpi - ok
03:32:29.0523 2880 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
03:32:29.0607 2880 wmiApSrv - ok
03:32:29.0779 2880 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
03:32:29.0884 2880 WMPNetworkSvc - ok
03:32:29.0936 2880 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
03:32:29.0993 2880 WPCSvc - ok
03:32:30.0033 2880 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
03:32:30.0098 2880 WPDBusEnum - ok
03:32:30.0171 2880 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
03:32:30.0216 2880 WpdUsb - ok
03:32:30.0431 2880 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:32:30.0517 2880 WPFFontCache_v0400 - ok
03:32:30.0556 2880 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
03:32:30.0632 2880 ws2ifsl - ok
03:32:30.0735 2880 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
03:32:30.0821 2880 wscsvc - ok
03:32:30.0879 2880 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
03:32:30.0974 2880 WSDPrintDevice - ok
03:32:30.0986 2880 WSearch - ok
03:32:31.0160 2880 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
03:32:31.0274 2880 wuauserv - ok
03:32:31.0434 2880 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:32:31.0541 2880 WUDFRd - ok
03:32:31.0586 2880 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
03:32:31.0695 2880 wudfsvc - ok
03:32:31.0728 2880 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
03:32:31.0768 2880 XAudio - ok
03:32:31.0832 2880 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
03:32:31.0883 2880 XAudioService - ok
03:32:31.0940 2880 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
03:32:31.0981 2880 xusb21 - ok
03:32:32.0033 2880 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
03:32:32.0118 2880 yukonwlh - ok
03:32:32.0161 2880 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
03:32:32.0506 2880 \Device\Harddisk0\DR0 - ok
03:32:32.0539 2880 Boot (0x1200) (90d7c01e951fcd48102801e5d0bb9398) \Device\Harddisk0\DR0\Partition0
03:32:32.0542 2880 \Device\Harddisk0\DR0\Partition0 - ok
03:32:32.0542 2880 ============================================================
03:32:32.0542 2880 Scan finished
03:32:32.0543 2880 ============================================================
03:32:32.0572 3464 Detected object count: 15
03:32:32.0572 3464 Actual detected object count: 15
03:32:40.0850 3464 cbVSCService11 ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:40.0851 3464 cbVSCService11 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:32:40.0855 3464 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:40.0855 3464 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:32:40.0861 3464 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:40.0861 3464 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:32:40.0865 3464 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:40.0866 3464 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:32:40.0870 3464 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:40.0870 3464 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:32:40.0874 3464 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:40.0875 3464 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:32:40.0880 3464 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:40.0881 3464 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:32:40.0885 3464 NSUService ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:40.0885 3464 NSUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:32:40.0889 3464 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:40.0890 3464 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:32:40.0896 3464 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:40.0896 3464 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:32:40.0900 3464 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:40.0901 3464 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:32:40.0905 3464 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:40.0905 3464 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:32:40.0910 3464 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:40.0910 3464 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:32:40.0915 3464 VCFw ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:40.0916 3464 VCFw ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:32:40.0920 3464 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
03:32:40.0920 3464 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

Edited by jackson33, 06 July 2012 - 07:47 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 06 July 2012 - 08:11 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\BabylonToolbar
c:\program files\ClickPotatoLite

Firefox::
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\qqbizrfy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=e85eb29f00000000000000ff2a793186&tlver=1.4.19.14&instlRef=&affID=17163&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jackson33

jackson33
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 06 July 2012 - 09:33 AM

Report below. No problems and computer is running ok



ComboFix 12-07-05.04 - Andy 06/07/2012 15:02:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2938.1893 [GMT 1:00]
Running from: c:\users\Andy\Desktop\ComboFix.exe
Command switches used :: c:\users\Andy\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 14:23 . 2012-07-06 14:23 -------- d-----w- c:\users\Andy\AppData\Local\temp
2012-07-06 14:23 . 2012-07-06 14:23 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-06 14:23 . 2012-07-06 14:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 14:23 . 2012-07-06 14:23 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-07-04 14:59 . 2012-07-04 17:44 -------- d-----w- c:\programdata\CPA_VA
2012-07-04 14:23 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-04 14:23 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-07-04 14:23 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-04 14:23 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-04 14:05 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-07-04 14:05 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-07-04 14:05 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-04 14:05 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-07-04 14:05 . 2012-05-17 22:35 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-07-04 14:05 . 2012-05-17 22:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-07-04 14:04 . 2012-05-17 23:21 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-07-04 14:04 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-07-04 14:04 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-04 14:04 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-04 14:04 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-04 14:00 . 2012-07-05 12:28 -------- d-----w- c:\programdata\Comodo
2012-07-04 13:59 . 2012-07-04 15:05 -------- d-----w- c:\program files\Comodo
2012-07-04 13:55 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-07-04 13:55 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-07-04 13:55 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-07-04 13:55 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-07-04 13:55 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-07-04 13:55 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-04 13:54 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-04 13:54 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-07-04 13:54 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-07-04 13:54 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-07-04 13:54 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-07-04 13:54 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-04 13:54 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-07-04 13:54 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-04 13:54 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 13:52 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-04 13:52 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-04 13:28 . 2012-07-04 13:28 -------- d-----w- c:\users\Andy\AppData\Local\ElevatedDiagnostics
2012-07-04 13:22 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-04 13:07 . 2012-07-05 12:33 -------- d-----w- c:\program files\Cobian Backup 11
2012-07-04 12:00 . 2009-12-30 10:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-07-04 12:00 . 2012-07-04 12:00 -------- d-----w- c:\program files\VS Revo Group
2012-07-04 11:50 . 2012-07-04 11:50 -------- d-----w- c:\program files\CodeStuff
2012-07-04 11:40 . 2012-07-04 11:40 -------- d-----w- c:\users\Andy\AppData\Local\VS Revo Group
2012-07-04 11:23 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-04 11:23 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-04 11:23 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-04 11:23 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-04 11:23 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-04 11:23 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-04 11:23 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-04 11:23 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-04 11:23 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-29 10:03 . 2012-06-29 10:03 -------- d-----w- c:\users\Guest\AppData\Roaming\IObit
2012-06-07 01:16 . 2012-06-07 01:30 -------- d-----w- c:\users\Andy\AppData\Local\ApplicationHistory
2012-06-07 01:12 . 2012-06-07 01:12 -------- d-----w- c:\program files\Mind Compression
2012-06-07 00:37 . 2012-06-07 00:37 -------- d-----w- c:\windows\system32\URTTEMP
2012-06-06 23:32 . 2012-06-06 23:32 49152 ------r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\fm2005segatest1_EC0AB585B2794A778BB564C403E43EE7.exe
2012-06-06 23:32 . 2012-06-06 23:32 49152 ------r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\editor_EC0AB585B2794A778BB564C403E43EE7.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 16:21 . 2009-01-17 15:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2009-01-17 15:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2009-01-17 15:13 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2009-01-17 15:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2009-01-17 15:13 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-09-21 15:08 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2009-01-17 15:13 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-18 12:49 . 2012-05-09 20:08 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2011-11-05 07:10 . 2011-11-21 14:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 15:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-28 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"Skytel"="Skytel.exe" [2008-07-03 1826816]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-08-14 24576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-20 6676808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 19:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ SOGOUPY.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PPLive.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PPLive.lnk
backup=c:\windows\pss\PPLive.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start Guardian.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Start Guardian.lnk
backup=c:\windows\pss\Start Guardian.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Andy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Keyboard King.lnk]
path=c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Keyboard King.lnk
backup=c:\windows\pss\Keyboard King.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Andy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-03-06 18:39 574296 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 15:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2012-07-03 16:21 4273976 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 11:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2010-09-29 11:27 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 10:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-02-01 14:49 220552 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 23:40]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 23:40]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-734840139-810832572-1079004847-1003Core.job
- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-04 19:47]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-734840139-810832572-1079004847-1003UA.job
- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-04 19:47]
.
2012-07-06 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job
- c:\program files\MATLAB\R2012a\bin\win32\MATLABStartupAccelerator.exe [2012-05-27 03:08]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: kcl.ac.uk\firepass
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - c:\users\Andy\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - c:\users\Andy\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - c:\users\Andy\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - c:\users\Andy\AppData\Local\Temp\f5tmp\f5opswati.cab
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\qqbizrfy.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-06 15:23
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-734840139-810832572-1079004847-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-734840139-810832572-1079004847-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\guard32.dll
.
Completion time: 2012-07-06 15:27:03
ComboFix-quarantined-files.txt 2012-07-06 14:27
ComboFix2.txt 2012-07-06 01:08
.
Pre-Run: 92,743,614,464 bytes free
Post-Run: 94,395,682,816 bytes free
.
- - End Of File - - 6FC4DFCC18F9E0168C66CF29C9F323D7

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 06 July 2012 - 02:00 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jackson33

jackson33
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 06 July 2012 - 08:35 PM

32 Bit HP CIO Components Installer
7-Zip 4.65
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
Advanced SystemCare 5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 2
Aspell 0.6 Dictionary (Language: en)
Aspell Data (Installed for Current User)
µTorrent
avast! Free Antivirus
B110
BIG-IP Edge Client Components (All Users)
BitLord 1.2
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Bonjour
BT Broadband Desktop Help
BufferChm
Business Contact Manager for Outlook 2007 SP2
CCleaner
Championship Manager 01-02
Civilization II Ultimate Classic Collection
Click to Disc
Click to Disc Editor
CM3 Series SaveGame Editor 4.0 Build 4000
CM4
Cobian Backup 11 Gravity
CodeStuff Starter
Comodo Dragon
COMODO GeekBuddy
COMODO Internet Security
Compatibility Pack for the 2007 Office system
D-Box 2.3
D3DX10
DAEMON Tools Lite
Destinations
DeviceDiscovery
DivX Setup
DVDVideoSoftTB Toolbar
Firefox Preloader
FM Modifier 2.0
Football Manager 2005
Football Manager 2006
FoxTab PDF Converter
Free Audio CD Burner version 1.4.7
Free Studio version 5.5.0
Free YouTube Download 3 version 3.0.12.804
Free YouTube to iPod Converter version 3.2
Free YouTube to MP3 Converter version 3.9.35.324
FXCM Trading Station
getPlus® for Adobe
Google Chrome
Google Talk (remove only)
Google Update Helper
GoToAssist Corporate
GPBaseService2
GPL Ghostscript 8.60
GPL Ghostscript Fonts
GSview 4.9
GTK2-Runtime
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
HP Solution Center 14.0
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software
IObit Malware Fighter
iTunes
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 26
Junk Mail filter update
LyX 1.6.8-2 (Installed for Current User)
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
MATLAB R2012a
MBT Desktop
MBT MetaTrader 4.00
MCFM 05
Media Player Codec Pack 3.9.1
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Small Business Connectivity Components
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 6.0 Enterprise Edition
MiKTeX 2.7
MobileMe Control Panel
MotioninJoy ds3 driver version 0.6.0003
Mozilla Firefox 8.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
Network
NinjaTrader 6.5
NinjaTrader 7
OpenMG Secure Module 5.1.00
OpenOffice.org 3.3
Out of the Park 8
PDF24 Creator 2.9.1
Picasa 2
Pocket UFO V1.26 PC
PokerStars
Primo
PS_AIO_07_B110_SW_Min
QuickTime
QuickTransfer
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.5.8
Rosetta Stone Version 3
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Segoe UI
Setting Utility Series
Shop for HP Supplies
Skype™ 4.1
Smart Defrag 2
Sogou Pinyin 4.1 Final Version
SolutionCenter
Sony Picture Utility
Sony Video Shared Library
SopCast 3.0.3
Spotify
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
TWS (903)
TWS Demo
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Uplink
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Guide 
VAIO Launcher
VAIO Marketing Tools
VAIO Media plus
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO Original Function Setting
VAIO Power Management
VAIO Presentation Support
VAIO Smart Network
VAIO Update 4
VAIO Wallpaper Contents
VC80CRTRedist - 8.0.50727.4053
VirtualCloneDrive
VLC media player 1.0.1
VoipDiscount
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinDVD for VAIO
WinEdt
WinRAR archiver

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 06 July 2012 - 11:50 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
µTorrent
BitLord 1.2
Java™ 6 Update 22
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jackson33

jackson33
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 07 July 2012 - 12:13 PM

In Uninstalling BitLord, Revo stated "running the applications uninstaller failed! Possible invalid uninstall command!"

I tried a second time and it worked.

On HiJackThis, there was no option to install as you mentioned, it just ran immediately. Logs of MBAM and HiJackThis below.





Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.07.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Andy :: HOME [administrator]

07/07/2012 17:24:06
mbam-log-2012-07-07 (17-24-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260749
Time elapsed: 14 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)









Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:11:18, on 07/07/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Andy\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://firepass.kcl.ac.uk
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} (OPSWAT AntiViruses Class) - C:\Users\Andy\AppData\Local\Temp\f5tmp\f5opswati.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - C:\Users\Andy\AppData\Local\Temp\f5tmp\urxvpn.cab
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} (OPSWAT FireWalls Class) - C:\Users\Andy\AppData\Local\Temp\f5tmp\f5opswati.cab
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - C:\Users\Andy\AppData\Local\Temp\f5tmp\f5tunsrv.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\Users\Andy\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} (OPSWAT ProcessesScanner Class) - C:\Users\Andy\AppData\Local\Temp\f5tmp\f5opswati.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - C:\Users\Andy\AppData\Local\Temp\f5tmp\f5InspectionHost.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - C:\Users\Andy\AppData\Local\Temp\f5tmp\urxshost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:\Users\Andy\AppData\Local\Temp\f5tmp\urxhost.cab
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} (F5 Networks OPSWAT Helper Control) - C:\Users\Andy\AppData\Local\Temp\f5tmp\f5opswati.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = kcl.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\..\{2A793186-82E3-4AFF-931C-DA6AD4ECD741}: NameServer = 10.64.8.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{2A793186-82E3-4AFF-931C-DA6AD4ECD741}: NameServer = 10.48.8.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{2A793186-82E3-4AFF-931C-DA6AD4ECD741}: NameServer = 10.48.8.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{2A793186-82E3-4AFF-931C-DA6AD4ECD741}: NameServer = 10.26.16.1
O17 - HKLM\System\CS6\Services\Tcpip\..\{2A793186-82E3-4AFF-931C-DA6AD4ECD741}: NameServer = 10.26.16.1
O17 - HKLM\System\CS7\Services\Tcpip\..\{2A793186-82E3-4AFF-931C-DA6AD4ECD741}: NameServer = 10.61.80.1
O17 - HKLM\System\CS8\Services\Tcpip\..\{2A793186-82E3-4AFF-931C-DA6AD4ECD741}: NameServer = 10.61.80.1
O17 - HKLM\System\CS9\Services\Tcpip\..\{2A793186-82E3-4AFF-931C-DA6AD4ECD741}: NameServer = 10.42.8.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = kcl.ac.uk
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 11\cbVSCService11.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13518 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 07 July 2012 - 09:30 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jackson33

jackson33
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 08 July 2012 - 05:14 PM

Wow, this looks like a lot of problems

ESET SCAN:

C:\Program Files\Varengold Fox\LiveUpdate.exe a variant of Win32/Packed.NiceProtect.A application
C:\Program Files\Varengold Fox\MetaLang.exe a variant of Win32/Packed.NiceProtect.A application
C:\Program Files\Varengold Fox\terminal.exe a variant of Win32/Packed.NiceProtect.A application
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar67.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar67.zip Win32/Bagle.gen.zip worm
C:\Users\Andy\AppData\Local\{01064406-7379-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Users\Andy\Documents\Downloads\media.player.codec.pack.v3.9.1.setup.exe Win32/Toolbar.Widgi application
C:\Users\Andy\Documents\Mus\FreeYouTubeToiPodConverter.exe Win32/OpenCandy application
C:\Users\Andy\Documents\Mus\FreeYouTubeToMp3Converter.exe Win32/OpenCandy application
C:\Users\Andy\Downloads\class.exe Win32/Agent.ONQ trojan
C:\Users\Andy\Downloads\cnet_DTLite4413-0173_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Andy\Downloads\cnet_vp3Preview_3217_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Andy\Downloads\FreeStudio.exe Win32/OpenCandy application
C:\Users\Andy\Downloads\HSS-1.31-install-anchorfree-76-conduit.exe a variant of Win32/HotSpotShield application
C:\Users\Andy\Downloads\PDFConverterSetup.exe a variant of Win32/SweetIM.B application
C:\Users\Andy\Downloads\Railroad_Tycoon_2_Gold.exe Win32/Agent.ONQ trojan
C:\Users\Andy\Downloads\tycoon2.gold\class.exe Win32/Agent.ONQ trojan
C:\Users\Andy\Downloads\tycoon2.gold\Railroad_Tycoon_2_Gold.exe Win32/Agent.ONQ trojan

Edited by jackson33, 08 July 2012 - 05:15 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 08 July 2012 - 06:26 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Program Files\Varengold Fox\LiveUpdate.exe"
    del /f /s /q "C:\Program Files\Varengold Fox\MetaLang.exe"
    del /f /s /q "C:\Program Files\Varengold Fox\terminal.exe"
    del /f /s /q "C:\Users\Andy\AppData\Local\{01064406-7379-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul"
    del /f /s /q "C:\Users\Andy\Documents\Downloads\media.player.codec.pack.v3.9.1.setup.exe"
    del /f /s /q "C:\Users\Andy\Documents\Mus\FreeYouTubeToiPodConverter.exe"
    del /f /s /q "C:\Users\Andy\Documents\Mus\FreeYouTubeToMp3Converter.exe"
    del /f /s /q "C:\Users\Andy\Downloads\class.exe"
    del /f /s /q "C:\Users\Andy\Downloads\cnet_DTLite4413-0173_exe.exe"
    del /f /s /q "C:\Users\Andy\Downloads\cnet_vp3Preview_3217_exe.exe"
    del /f /s /q "C:\Users\Andy\Downloads\FreeStudio.exe"
    del /f /s /q "C:\Users\Andy\Downloads\HSS-1.31-install-anchorfree-76-conduit.exe"
    del /f /s /q "C:\Users\Andy\Downloads\PDFConverterSetup.exe"
    del /f /s /q "C:\Users\Andy\Downloads\Railroad_Tycoon_2_Gold.exe"
    del /f /s /q "C:\Users\Andy\Downloads\tycoon2.gold\class.exe"
    del /f /s /q "C:\Users\Andy\Downloads\tycoon2.gold\Railroad_Tycoon_2_Gold.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jackson33

jackson33
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 09 July 2012 - 03:16 AM

Gringo many thanks for this, you're a star :)

I'm having a little problem downloading OTCleanIt. The link seems to be down. Is there an alternative link I can use?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users