Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:Sirefef-PL [Rtk]


  • This topic is locked This topic is locked
31 replies to this topic

#16 ndbleep12

ndbleep12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 09 July 2012 - 12:25 AM

Dumb question on my part...no need to reply with your schedule...thanks!!

BC AdBot (Login to Remove)

 


#17 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:59 AM

Posted 09 July 2012 - 12:32 AM

it is always better to redownload in case they have been updated


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#18 ndbleep12

ndbleep12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 09 July 2012 - 01:21 AM

Ok, tasks complete...

tdsskiller - no infected files detected, no suspicious files detected. Did not ask for reboot. Report below...

22:31:24.0243 1688 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
22:31:24.0776 1688 ============================================================
22:31:24.0776 1688 Current date / time: 2012/07/08 22:31:24.0776
22:31:24.0776 1688 SystemInfo:
22:31:24.0776 1688
22:31:24.0776 1688 OS Version: 6.0.6002 ServicePack: 2.0
22:31:24.0776 1688 Product type: Workstation
22:31:24.0776 1688 ComputerName: ST-PC
22:31:24.0776 1688 UserName: st
22:31:24.0776 1688 Windows directory: C:\Windows
22:31:24.0776 1688 System windows directory: C:\Windows
22:31:24.0776 1688 Running under WOW64
22:31:24.0776 1688 Processor architecture: Intel x64
22:31:24.0776 1688 Number of processors: 4
22:31:24.0776 1688 Page size: 0x1000
22:31:24.0777 1688 Boot type: Normal boot
22:31:24.0777 1688 ============================================================
22:31:25.0170 1688 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:31:25.0199 1688 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:31:25.0225 1688 ============================================================
22:31:25.0225 1688 \Device\Harddisk0\DR0:
22:31:25.0225 1688 MBR partitions:
22:31:25.0225 1688 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38ADE0F9
22:31:25.0225 1688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x38ADE138, BlocksNum 0x18A6B09
22:31:25.0225 1688 \Device\Harddisk1\DR1:
22:31:25.0225 1688 MBR partitions:
22:31:25.0225 1688 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
22:31:25.0225 1688 ============================================================
22:31:25.0251 1688 C: <-> \Device\Harddisk0\DR0\Partition0
22:31:25.0280 1688 E: <-> \Device\Harddisk1\DR1\Partition0
22:31:25.0334 1688 D: <-> \Device\Harddisk0\DR0\Partition1
22:31:25.0334 1688 ============================================================
22:31:25.0334 1688 Initialize success
22:31:25.0334 1688 ============================================================
22:31:28.0268 7020 ============================================================
22:31:28.0268 7020 Scan started
22:31:28.0268 7020 Mode: Manual;
22:31:28.0268 7020 ============================================================
22:31:29.0005 7020 61883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys
22:31:29.0006 7020 61883 - ok
22:31:29.0118 7020 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:31:29.0119 7020 ACDaemon - ok
22:31:29.0186 7020 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
22:31:29.0188 7020 ACPI - ok
22:31:29.0255 7020 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:31:29.0256 7020 AdobeARMservice - ok
22:31:29.0320 7020 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:31:29.0324 7020 adp94xx - ok
22:31:29.0385 7020 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:31:29.0388 7020 adpahci - ok
22:31:29.0430 7020 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:31:29.0433 7020 adpu160m - ok
22:31:29.0487 7020 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:31:29.0496 7020 adpu320 - ok
22:31:29.0527 7020 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
22:31:29.0528 7020 AeLookupSvc - ok
22:31:29.0646 7020 Afc (6ccd1135320109d6b219f1a6e04ad9f6) C:\Windows\syswow64\drivers\Afc.sys
22:31:29.0648 7020 Afc - ok
22:31:29.0725 7020 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
22:31:29.0728 7020 AFD - ok
22:31:29.0772 7020 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:31:29.0774 7020 agp440 - ok
22:31:29.0815 7020 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:31:29.0817 7020 aic78xx - ok
22:31:29.0840 7020 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
22:31:29.0841 7020 ALG - ok
22:31:29.0861 7020 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
22:31:29.0862 7020 aliide - ok
22:31:29.0876 7020 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
22:31:29.0877 7020 amdide - ok
22:31:29.0891 7020 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:31:29.0892 7020 AmdK8 - ok
22:31:29.0920 7020 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
22:31:29.0921 7020 Appinfo - ok
22:31:30.0042 7020 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:31:30.0043 7020 Apple Mobile Device - ok
22:31:30.0073 7020 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:31:30.0076 7020 arc - ok
22:31:30.0107 7020 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:31:30.0110 7020 arcsas - ok
22:31:30.0148 7020 ARCSOFTVIRTUALCAPTURE (49f9005adfbf19d09d9c465099271e7e) C:\Windows\system32\DRIVERS\ArcSoftVirtualCapture.sys
22:31:30.0150 7020 ARCSOFTVIRTUALCAPTURE - ok
22:31:30.0238 7020 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
22:31:30.0239 7020 aspnet_state - ok
22:31:30.0289 7020 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:31:30.0289 7020 AsyncMac - ok
22:31:30.0317 7020 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
22:31:30.0317 7020 atapi - ok
22:31:30.0391 7020 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
22:31:30.0395 7020 AudioEndpointBuilder - ok
22:31:30.0401 7020 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
22:31:30.0404 7020 AudioSrv - ok
22:31:30.0436 7020 Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys
22:31:30.0438 7020 Avc - ok
22:31:30.0821 7020 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
22:31:30.0854 7020 AVGIDSAgent - ok
22:31:31.0007 7020 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
22:31:31.0008 7020 AVGIDSDriver - ok
22:31:31.0074 7020 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
22:31:31.0075 7020 AVGIDSFilter - ok
22:31:31.0136 7020 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
22:31:31.0137 7020 AVGIDSHA - ok
22:31:31.0191 7020 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
22:31:31.0197 7020 Avgldx64 - ok
22:31:31.0237 7020 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
22:31:31.0239 7020 Avgmfx64 - ok
22:31:31.0271 7020 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
22:31:31.0272 7020 Avgrkx64 - ok
22:31:31.0327 7020 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
22:31:31.0356 7020 Avgtdia - ok
22:31:31.0509 7020 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:31:31.0511 7020 avgwd - ok
22:31:31.0630 7020 BBSvc (47480f4260dae9aa589bcaf924b3767a) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe
22:31:31.0632 7020 BBSvc - ok
22:31:31.0673 7020 BBUpdate (6bf743cbf3bcd09dab79245e60e1ae62) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe
22:31:31.0675 7020 BBUpdate - ok
22:31:31.0716 7020 Beep - ok
22:31:31.0789 7020 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
22:31:31.0792 7020 BFE - ok
22:31:31.0929 7020 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
22:31:31.0937 7020 BITS - ok
22:31:32.0010 7020 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:31:32.0011 7020 blbdrive - ok
22:31:32.0087 7020 BlueSoleil Hid Service (55f24e6ec983fcc7510293b05a27ceec) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
22:31:32.0089 7020 BlueSoleil Hid Service - ok
22:31:32.0246 7020 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:31:32.0249 7020 Bonjour Service - ok
22:31:32.0312 7020 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
22:31:32.0313 7020 bowser - ok
22:31:32.0341 7020 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:31:32.0342 7020 BrFiltLo - ok
22:31:32.0355 7020 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:31:32.0357 7020 BrFiltUp - ok
22:31:32.0396 7020 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
22:31:32.0398 7020 Browser - ok
22:31:32.0424 7020 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:31:32.0426 7020 Brserid - ok
22:31:32.0442 7020 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:31:32.0444 7020 BrSerWdm - ok
22:31:32.0457 7020 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:31:32.0458 7020 BrUsbMdm - ok
22:31:32.0475 7020 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:31:32.0476 7020 BrUsbSer - ok
22:31:32.0531 7020 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
22:31:32.0533 7020 BthEnum - ok
22:31:32.0549 7020 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:31:32.0550 7020 BTHMODEM - ok
22:31:32.0605 7020 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
22:31:32.0607 7020 BthPan - ok
22:31:32.0689 7020 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
22:31:32.0702 7020 BTHPORT - ok
22:31:32.0798 7020 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
22:31:32.0799 7020 BthServ - ok
22:31:32.0844 7020 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
22:31:32.0846 7020 BTHUSB - ok
22:31:33.0253 7020 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
22:31:33.0297 7020 CarboniteService - ok
22:31:33.0302 7020 catchme - ok
22:31:33.0448 7020 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:31:33.0450 7020 cdfs - ok
22:31:33.0507 7020 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
22:31:33.0508 7020 cdrom - ok
22:31:33.0561 7020 CDRPDACC (30b37c18e1725eb9f25039e9a1fb9b7e) C:\Program Files (x86)\Quintessential Player\cdrpdacc.sys
22:31:33.0562 7020 CDRPDACC - ok
22:31:33.0629 7020 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
22:31:33.0630 7020 CertPropSvc - ok
22:31:33.0640 7020 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
22:31:33.0642 7020 circlass - ok
22:31:33.0696 7020 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
22:31:33.0733 7020 CLFS - ok
22:31:33.0825 7020 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:31:33.0827 7020 clr_optimization_v2.0.50727_32 - ok
22:31:33.0865 7020 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:31:33.0867 7020 clr_optimization_v2.0.50727_64 - ok
22:31:33.0952 7020 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:31:33.0953 7020 clr_optimization_v4.0.30319_32 - ok
22:31:34.0006 7020 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:31:34.0008 7020 clr_optimization_v4.0.30319_64 - ok
22:31:34.0043 7020 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
22:31:34.0044 7020 cmdide - ok
22:31:34.0048 7020 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
22:31:34.0050 7020 Compbatt - ok
22:31:34.0054 7020 COMSysApp - ok
22:31:34.0085 7020 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:31:34.0086 7020 crcdisk - ok
22:31:34.0170 7020 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
22:31:34.0172 7020 CryptSvc - ok
22:31:34.0258 7020 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
22:31:34.0264 7020 DcomLaunch - ok
22:31:34.0308 7020 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
22:31:34.0309 7020 DfsC - ok
22:31:34.0541 7020 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
22:31:34.0563 7020 DFSR - ok
22:31:34.0733 7020 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
22:31:34.0735 7020 Dhcp - ok
22:31:34.0846 7020 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
22:31:34.0847 7020 disk - ok
22:31:34.0908 7020 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
22:31:34.0910 7020 Dnscache - ok
22:31:34.0959 7020 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
22:31:34.0960 7020 dot3svc - ok
22:31:35.0051 7020 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
22:31:35.0053 7020 DPS - ok
22:31:35.0089 7020 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:31:35.0090 7020 drmkaud - ok
22:31:35.0184 7020 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
22:31:35.0195 7020 DXGKrnl - ok
22:31:35.0284 7020 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:31:35.0295 7020 E1G60 - ok
22:31:35.0318 7020 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
22:31:35.0320 7020 EapHost - ok
22:31:35.0394 7020 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
22:31:35.0396 7020 Ecache - ok
22:31:35.0458 7020 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
22:31:35.0461 7020 ehRecvr - ok
22:31:35.0479 7020 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
22:31:35.0480 7020 ehSched - ok
22:31:35.0489 7020 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
22:31:35.0490 7020 ehstart - ok
22:31:35.0535 7020 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:31:35.0547 7020 elxstor - ok
22:31:35.0606 7020 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
22:31:35.0609 7020 EMDMgmt - ok
22:31:35.0625 7020 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
22:31:35.0627 7020 ErrDev - ok
22:31:35.0683 7020 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
22:31:35.0686 7020 EventSystem - ok
22:31:35.0745 7020 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
22:31:35.0748 7020 exfat - ok
22:31:35.0792 7020 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
22:31:35.0793 7020 fastfat - ok
22:31:35.0806 7020 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:31:35.0807 7020 fdc - ok
22:31:35.0824 7020 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
22:31:35.0825 7020 fdPHost - ok
22:31:35.0837 7020 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
22:31:35.0838 7020 FDResPub - ok
22:31:35.0849 7020 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:31:35.0850 7020 FileInfo - ok
22:31:35.0869 7020 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:31:35.0870 7020 Filetrace - ok
22:31:35.0881 7020 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:31:35.0883 7020 flpydisk - ok
22:31:35.0940 7020 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
22:31:35.0942 7020 FltMgr - ok
22:31:36.0079 7020 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
22:31:36.0086 7020 FontCache - ok
22:31:36.0176 7020 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:31:36.0177 7020 FontCache3.0.0.0 - ok
22:31:36.0241 7020 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
22:31:36.0242 7020 Fs_Rec - ok
22:31:36.0261 7020 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:31:36.0262 7020 gagp30kx - ok
22:31:36.0340 7020 GameConsoleService (cc1c8068b05283d63ec5fe782d2d3946) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
22:31:36.0350 7020 GameConsoleService - ok
22:31:36.0395 7020 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:31:36.0395 7020 GEARAspiWDM - ok
22:31:36.0470 7020 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
22:31:36.0475 7020 gpsvc - ok
22:31:36.0594 7020 gupdate1ca3da46f8580 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:31:36.0595 7020 gupdate1ca3da46f8580 - ok
22:31:36.0622 7020 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:31:36.0623 7020 gupdatem - ok
22:31:36.0741 7020 HCW85BDA (98405343d7dcd330fe1b08c8f4c3900c) C:\Windows\system32\drivers\HCW85BDA.sys
22:31:36.0780 7020 HCW85BDA - ok
22:31:36.0973 7020 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:31:36.0985 7020 HDAudBus - ok
22:31:37.0047 7020 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:31:37.0048 7020 HidBth - ok
22:31:37.0078 7020 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
22:31:37.0079 7020 HidIr - ok
22:31:37.0116 7020 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
22:31:37.0117 7020 hidserv - ok
22:31:37.0162 7020 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
22:31:37.0162 7020 HidUsb - ok
22:31:37.0187 7020 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
22:31:37.0189 7020 hkmsvc - ok
22:31:37.0287 7020 HP Health Check Service (a3a30438c48d2d71556e120c9c7ba7a0) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
22:31:37.0288 7020 HP Health Check Service - ok
22:31:37.0362 7020 HPBtnSrv (deb82af183f1cd06813d91ed104c645c) c:\hp\HPEZBTN\HPBtnSrv.exe
22:31:37.0364 7020 HPBtnSrv - ok
22:31:37.0394 7020 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:31:37.0395 7020 HpCISSs - ok
22:31:37.0504 7020 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:31:37.0505 7020 hpqcxs08 - ok
22:31:37.0570 7020 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:31:37.0571 7020 hpqddsvc - ok
22:31:37.0660 7020 HPSLPSVC (d972f48d0ce396759b788693cd665926) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:31:37.0667 7020 HPSLPSVC - ok
22:31:37.0818 7020 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
22:31:37.0822 7020 HTTP - ok
22:31:37.0868 7020 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:31:37.0869 7020 i2omp - ok
22:31:37.0897 7020 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:31:37.0898 7020 i8042prt - ok
22:31:37.0984 7020 IAANTMON (5b19dfc29a9563a5da5ca559bed83aa8) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
22:31:37.0987 7020 IAANTMON - ok
22:31:38.0056 7020 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys
22:31:38.0059 7020 iaStor - ok
22:31:38.0121 7020 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:31:38.0128 7020 iaStorV - ok
22:31:38.0247 7020 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:31:38.0249 7020 IDriverT - ok
22:31:38.0393 7020 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:31:38.0409 7020 idsvc - ok
22:31:38.0480 7020 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:31:38.0481 7020 iirsp - ok
22:31:38.0561 7020 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
22:31:38.0572 7020 IKEEXT - ok
22:31:38.0684 7020 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
22:31:38.0696 7020 IntcAzAudAddService - ok
22:31:38.0775 7020 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
22:31:38.0776 7020 intelide - ok
22:31:38.0793 7020 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:31:38.0794 7020 intelppm - ok
22:31:38.0827 7020 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
22:31:38.0828 7020 IPBusEnum - ok
22:31:38.0883 7020 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:38.0885 7020 IpFilterDriver - ok
22:31:38.0938 7020 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
22:31:38.0940 7020 iphlpsvc - ok
22:31:38.0944 7020 IpInIp - ok
22:31:38.0990 7020 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:31:38.0991 7020 IPMIDRV - ok
22:31:39.0021 7020 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:31:39.0023 7020 IPNAT - ok
22:31:39.0147 7020 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
22:31:39.0153 7020 iPod Service - ok
22:31:39.0165 7020 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:31:39.0167 7020 IRENUM - ok
22:31:39.0195 7020 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:31:39.0196 7020 isapnp - ok
22:31:39.0245 7020 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
22:31:39.0246 7020 iScsiPrt - ok
22:31:39.0266 7020 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:31:39.0267 7020 iteatapi - ok
22:31:39.0292 7020 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:31:39.0293 7020 iteraid - ok
22:31:39.0311 7020 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:31:39.0312 7020 kbdclass - ok
22:31:39.0364 7020 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
22:31:39.0365 7020 kbdhid - ok
22:31:39.0409 7020 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
22:31:39.0410 7020 KeyIso - ok
22:31:39.0441 7020 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
22:31:39.0447 7020 KSecDD - ok
22:31:39.0461 7020 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:31:39.0463 7020 ksthunk - ok
22:31:39.0516 7020 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
22:31:39.0527 7020 KtmRm - ok
22:31:39.0588 7020 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
22:31:39.0591 7020 LanmanServer - ok
22:31:39.0655 7020 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
22:31:39.0658 7020 LanmanWorkstation - ok
22:31:39.0759 7020 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:31:39.0760 7020 LightScribeService - ok
22:31:39.0769 7020 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:31:39.0770 7020 lltdio - ok
22:31:39.0814 7020 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
22:31:39.0820 7020 lltdsvc - ok
22:31:39.0825 7020 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
22:31:39.0826 7020 lmhosts - ok
22:31:39.0851 7020 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:31:39.0863 7020 LSI_FC - ok
22:31:39.0884 7020 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:31:39.0886 7020 LSI_SAS - ok
22:31:39.0913 7020 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:31:39.0915 7020 LSI_SCSI - ok
22:31:39.0952 7020 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:31:39.0953 7020 luafv - ok
22:31:39.0957 7020 MacDrive - ok
22:31:39.0977 7020 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
22:31:39.0980 7020 Mcx2Svc - ok
22:31:40.0000 7020 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:31:40.0001 7020 megasas - ok
22:31:40.0040 7020 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:31:40.0050 7020 MegaSR - ok
22:31:40.0194 7020 MgiSvr (db330d9bdaeae4a198d6ef4d15fa5101) C:\Program Files (x86)\ArcSoft\Magic-i 3\uMgiSvr.exe
22:31:40.0195 7020 MgiSvr - ok
22:31:40.0211 7020 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:31:40.0213 7020 MMCSS - ok
22:31:40.0233 7020 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:31:40.0234 7020 Modem - ok
22:31:40.0289 7020 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:31:40.0290 7020 monitor - ok
22:31:40.0300 7020 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:31:40.0301 7020 mouclass - ok
22:31:40.0325 7020 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:31:40.0327 7020 mouhid - ok
22:31:40.0334 7020 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:31:40.0335 7020 MountMgr - ok
22:31:40.0432 7020 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:31:40.0444 7020 MozillaMaintenance - ok
22:31:40.0470 7020 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:31:40.0474 7020 mpio - ok
22:31:40.0490 7020 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:31:40.0492 7020 mpsdrv - ok
22:31:40.0573 7020 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
22:31:40.0586 7020 MpsSvc - ok
22:31:40.0601 7020 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:31:40.0602 7020 Mraid35x - ok
22:31:40.0672 7020 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
22:31:40.0673 7020 MRxDAV - ok
22:31:40.0727 7020 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:31:40.0728 7020 mrxsmb - ok
22:31:40.0743 7020 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:31:40.0745 7020 mrxsmb10 - ok
22:31:40.0759 7020 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:31:40.0760 7020 mrxsmb20 - ok
22:31:40.0781 7020 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
22:31:40.0782 7020 msahci - ok
22:31:40.0797 7020 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:31:40.0801 7020 msdsm - ok
22:31:40.0819 7020 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
22:31:40.0823 7020 MSDTC - ok
22:31:40.0887 7020 MSDV (df674ba7da5a4753d839a905b66d2fd9) C:\Windows\system32\DRIVERS\msdv.sys
22:31:40.0889 7020 MSDV - ok
22:31:40.0903 7020 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:31:40.0904 7020 Msfs - ok
22:31:40.0930 7020 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
22:31:40.0931 7020 msisadrv - ok
22:31:40.0977 7020 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
22:31:40.0988 7020 MSiSCSI - ok
22:31:40.0992 7020 msiserver - ok
22:31:41.0013 7020 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:31:41.0014 7020 MSKSSRV - ok
22:31:41.0039 7020 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:31:41.0040 7020 MSPCLOCK - ok
22:31:41.0059 7020 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:31:41.0059 7020 MSPQM - ok
22:31:41.0116 7020 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
22:31:41.0131 7020 MsRPC - ok
22:31:41.0165 7020 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:31:41.0166 7020 mssmbios - ok
22:31:41.0183 7020 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:31:41.0184 7020 MSTEE - ok
22:31:41.0208 7020 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
22:31:41.0209 7020 Mup - ok
22:31:41.0248 7020 MySQL - ok
22:31:41.0308 7020 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
22:31:41.0342 7020 napagent - ok
22:31:41.0425 7020 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
22:31:41.0426 7020 NativeWifiP - ok
22:31:41.0513 7020 NBDUpdate (cabdcf77d561774006eed29a1f421ac8) C:\Program Files\yaTimer\Updates\AutoUpdateService.exe
22:31:41.0513 7020 NBDUpdate - ok
22:31:41.0597 7020 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
22:31:41.0602 7020 NDIS - ok
22:31:41.0613 7020 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:31:41.0614 7020 NdisTapi - ok
22:31:41.0627 7020 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:31:41.0628 7020 Ndisuio - ok
22:31:41.0672 7020 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
22:31:41.0673 7020 NdisWan - ok
22:31:41.0719 7020 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:31:41.0721 7020 NDProxy - ok
22:31:41.0787 7020 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
22:31:41.0788 7020 Net Driver HPZ12 - ok
22:31:41.0794 7020 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:31:41.0796 7020 NetBIOS - ok
22:31:41.0843 7020 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
22:31:41.0867 7020 netbt - ok
22:31:41.0926 7020 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
22:31:41.0927 7020 Netlogon - ok
22:31:41.0961 7020 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
22:31:41.0964 7020 Netman - ok
22:31:41.0988 7020 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
22:31:42.0002 7020 netprofm - ok
22:31:42.0072 7020 netr7364 (b69d6bb680c85243af0263b3e01d5e77) C:\Windows\system32\DRIVERS\netr7364.sys
22:31:42.0081 7020 netr7364 - ok
22:31:42.0158 7020 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:31:42.0162 7020 NetTcpPortSharing - ok
22:31:42.0195 7020 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:31:42.0196 7020 nfrd960 - ok
22:31:42.0227 7020 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
22:31:42.0230 7020 NlaSvc - ok
22:31:42.0290 7020 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
22:31:42.0291 7020 Npfs - ok
22:31:42.0321 7020 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
22:31:42.0322 7020 nsi - ok
22:31:42.0327 7020 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:31:42.0329 7020 nsiproxy - ok
22:31:42.0456 7020 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
22:31:42.0466 7020 Ntfs - ok
22:31:42.0592 7020 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
22:31:42.0593 7020 NuidFltr - ok
22:31:42.0597 7020 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:31:42.0598 7020 Null - ok
22:31:43.0279 7020 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:31:43.0368 7020 nvlddmkm - ok
22:31:43.0490 7020 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:31:43.0492 7020 nvraid - ok
22:31:43.0512 7020 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:31:43.0513 7020 nvstor - ok
22:31:43.0602 7020 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
22:31:43.0609 7020 nvsvc - ok
22:31:43.0794 7020 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:31:43.0808 7020 nvUpdatusService - ok
22:31:43.0877 7020 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:31:43.0880 7020 nv_agp - ok
22:31:43.0883 7020 NwlnkFlt - ok
22:31:43.0888 7020 NwlnkFwd - ok
22:31:43.0964 7020 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
22:31:43.0965 7020 ohci1394 - ok
22:31:44.0059 7020 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:31:44.0062 7020 ose - ok
22:31:44.0422 7020 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:31:44.0451 7020 osppsvc - ok
22:31:44.0583 7020 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:31:44.0589 7020 p2pimsvc - ok
22:31:44.0598 7020 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:31:44.0604 7020 p2psvc - ok
22:31:44.0646 7020 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
22:31:44.0648 7020 Parport - ok
22:31:44.0690 7020 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
22:31:44.0692 7020 partmgr - ok
22:31:44.0722 7020 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
22:31:44.0724 7020 PcaSvc - ok
22:31:44.0775 7020 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
22:31:44.0784 7020 pci - ok
22:31:44.0797 7020 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
22:31:44.0798 7020 pciide - ok
22:31:44.0819 7020 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:31:44.0829 7020 pcmcia - ok
22:31:44.0927 7020 PDFProFiltSrv (f5f62ac0f051f2c80529aa5eeb7aaf92) C:\Program Files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe
22:31:44.0929 7020 PDFProFiltSrv - ok
22:31:44.0996 7020 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:31:45.0007 7020 PEAUTH - ok
22:31:45.0119 7020 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
22:31:45.0121 7020 PerfHost - ok
22:31:45.0262 7020 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
22:31:45.0271 7020 pla - ok
22:31:45.0399 7020 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
22:31:45.0402 7020 PlugPlay - ok
22:31:45.0447 7020 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
22:31:45.0449 7020 Pml Driver HPZ12 - ok
22:31:45.0533 7020 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:31:45.0539 7020 PNRPAutoReg - ok
22:31:45.0548 7020 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:31:45.0554 7020 PNRPsvc - ok
22:31:45.0605 7020 Point64 (f69344f62a3dc83d2bd03e5626a16b1c) C:\Windows\system32\DRIVERS\point64k.sys
22:31:45.0606 7020 Point64 - ok
22:31:45.0664 7020 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
22:31:45.0680 7020 PolicyAgent - ok
22:31:45.0820 7020 ppped (d483893aa28f060d2b2cdb69586d1cdb) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
22:31:45.0827 7020 ppped - ok
22:31:45.0901 7020 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
22:31:45.0903 7020 PptpMiniport - ok
22:31:45.0937 7020 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
22:31:45.0938 7020 Processor - ok
22:31:45.0980 7020 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
22:31:45.0982 7020 ProfSvc - ok
22:31:46.0025 7020 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
22:31:46.0027 7020 ProtectedStorage - ok
22:31:46.0065 7020 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
22:31:46.0066 7020 Ps2 - ok
22:31:46.0113 7020 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
22:31:46.0114 7020 PSched - ok
22:31:46.0194 7020 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:31:46.0247 7020 ql2300 - ok
22:31:46.0279 7020 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:31:46.0282 7020 ql40xx - ok
22:31:46.0325 7020 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
22:31:46.0329 7020 QWAVE - ok
22:31:46.0371 7020 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:31:46.0372 7020 QWAVEdrv - ok
22:31:46.0384 7020 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:31:46.0385 7020 RasAcd - ok
22:31:46.0417 7020 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
22:31:46.0419 7020 RasAuto - ok
22:31:46.0438 7020 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:31:46.0449 7020 Rasl2tp - ok
22:31:46.0477 7020 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
22:31:46.0480 7020 RasMan - ok
22:31:46.0534 7020 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
22:31:46.0535 7020 RasPppoe - ok
22:31:46.0589 7020 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
22:31:46.0590 7020 RasSstp - ok
22:31:46.0644 7020 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
22:31:46.0651 7020 rdbss - ok
22:31:46.0656 7020 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:31:46.0658 7020 RDPCDD - ok
22:31:46.0702 7020 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
22:31:46.0716 7020 rdpdr - ok
22:31:46.0720 7020 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:31:46.0721 7020 RDPENCDD - ok
22:31:46.0754 7020 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
22:31:46.0756 7020 RDPWD - ok
22:31:46.0788 7020 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
22:31:46.0790 7020 RemoteAccess - ok
22:31:46.0854 7020 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
22:31:46.0857 7020 RemoteRegistry - ok
22:31:46.0922 7020 RetroLauncher (6fb9b33d20a2aac7c89884246a0e25fb) C:\Program Files (x86)\Dantz\Retrospect\retrorun.exe
22:31:46.0923 7020 RetroLauncher - ok
22:31:46.0937 7020 RetroWDSvc (6f5386267113fe4e0f87a882de48c577) C:\PROGRA~2\Dantz\RETROS~1\wdsvc.exe
22:31:46.0938 7020 RetroWDSvc - ok
22:31:47.0006 7020 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
22:31:47.0015 7020 RFCOMM - ok
22:31:47.0041 7020 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
22:31:47.0043 7020 RpcLocator - ok
22:31:47.0124 7020 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
22:31:47.0130 7020 RpcSs - ok
22:31:47.0141 7020 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:31:47.0142 7020 rspndr - ok
22:31:47.0200 7020 RTL8169 (170a66dfaaa22358e08d6f4b38c8f3df) C:\Windows\system32\DRIVERS\Rtlh64.sys
22:31:47.0209 7020 RTL8169 - ok
22:31:47.0259 7020 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
22:31:47.0260 7020 SamSs - ok
22:31:47.0285 7020 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:31:47.0287 7020 sbp2port - ok
22:31:47.0381 7020 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:31:47.0388 7020 SBSDWSCService - ok
22:31:47.0519 7020 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
22:31:47.0521 7020 SCardSvr - ok
22:31:47.0621 7020 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
22:31:47.0627 7020 Schedule - ok
22:31:47.0679 7020 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
22:31:47.0679 7020 SCPolicySvc - ok
22:31:47.0710 7020 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
22:31:47.0712 7020 SDRSVC - ok
22:31:47.0741 7020 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:31:47.0742 7020 secdrv - ok
22:31:47.0759 7020 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
22:31:47.0760 7020 seclogon - ok
22:31:47.0772 7020 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
22:31:47.0774 7020 SENS - ok
22:31:47.0799 7020 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
22:31:47.0800 7020 Serenum - ok
22:31:47.0821 7020 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
22:31:47.0823 7020 Serial - ok
22:31:47.0855 7020 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:31:47.0856 7020 sermouse - ok
22:31:47.0880 7020 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
22:31:47.0882 7020 SessionEnv - ok
22:31:47.0898 7020 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
22:31:47.0899 7020 sffdisk - ok
22:31:47.0914 7020 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:31:47.0915 7020 sffp_mmc - ok
22:31:47.0928 7020 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
22:31:47.0929 7020 sffp_sd - ok
22:31:47.0936 7020 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:31:47.0938 7020 sfloppy - ok
22:31:47.0991 7020 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
22:31:48.0004 7020 SharedAccess - ok
22:31:48.0059 7020 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
22:31:48.0062 7020 ShellHWDetection - ok
22:31:48.0095 7020 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:31:48.0096 7020 SiSRaid2 - ok
22:31:48.0130 7020 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:31:48.0132 7020 SiSRaid4 - ok
22:31:48.0271 7020 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:31:48.0272 7020 SkypeUpdate - ok
22:31:48.0433 7020 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
22:31:48.0450 7020 slsvc - ok
22:31:48.0571 7020 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
22:31:48.0573 7020 SLUINotify - ok
22:31:48.0626 7020 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
22:31:48.0628 7020 Smb - ok
22:31:48.0652 7020 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
22:31:48.0654 7020 SNMPTRAP - ok
22:31:48.0709 7020 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
22:31:48.0710 7020 spldr - ok
22:31:48.0769 7020 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
22:31:48.0772 7020 Spooler - ok
22:31:48.0848 7020 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
22:31:48.0851 7020 srv - ok
22:31:48.0908 7020 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
22:31:48.0909 7020 srv2 - ok
22:31:48.0962 7020 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
22:31:48.0963 7020 srvnet - ok
22:31:48.0987 7020 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
22:31:48.0989 7020 SSDPSRV - ok
22:31:49.0006 7020 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
22:31:49.0009 7020 SstpSvc - ok
22:31:49.0084 7020 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
22:31:49.0085 7020 StillCam - ok
22:31:49.0158 7020 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
22:31:49.0163 7020 stisvc - ok
22:31:49.0183 7020 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
22:31:49.0184 7020 swenum - ok
22:31:49.0246 7020 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
22:31:49.0250 7020 swprv - ok
22:31:49.0268 7020 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:31:49.0269 7020 Symc8xx - ok
22:31:49.0284 7020 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:31:49.0285 7020 Sym_hi - ok
22:31:49.0302 7020 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:31:49.0304 7020 Sym_u3 - ok
22:31:49.0389 7020 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
22:31:49.0396 7020 SysMain - ok
22:31:49.0406 7020 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
22:31:49.0408 7020 TabletInputService - ok
22:31:49.0464 7020 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
22:31:49.0468 7020 TapiSrv - ok
22:31:49.0485 7020 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
22:31:49.0487 7020 TBS - ok
22:31:49.0630 7020 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
22:31:49.0639 7020 Tcpip - ok
22:31:49.0794 7020 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
22:31:49.0803 7020 Tcpip6 - ok
22:31:49.0890 7020 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
22:31:49.0891 7020 tcpipreg - ok
22:31:49.0905 7020 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:31:49.0906 7020 TDPIPE - ok
22:31:49.0926 7020 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:31:49.0927 7020 TDTCP - ok
22:31:49.0980 7020 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
22:31:49.0981 7020 tdx - ok
22:31:50.0024 7020 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
22:31:50.0025 7020 TermDD - ok
22:31:50.0109 7020 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
22:31:50.0113 7020 TermService - ok
22:31:50.0175 7020 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
22:31:50.0179 7020 Themes - ok
22:31:50.0210 7020 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:31:50.0212 7020 THREADORDER - ok
22:31:50.0374 7020 TivoBeacon2 (d4bb308e148bea35bdb861f2a8dec977) C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe
22:31:50.0400 7020 TivoBeacon2 - ok
22:31:50.0427 7020 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
22:31:50.0429 7020 TrkWks - ok
22:31:50.0502 7020 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
22:31:50.0503 7020 TrustedInstaller - ok
22:31:50.0527 7020 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:31:50.0528 7020 tssecsrv - ok
22:31:50.0546 7020 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:31:50.0547 7020 tunmp - ok
22:31:50.0612 7020 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
22:31:50.0614 7020 tunnel - ok
22:31:50.0636 7020 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:31:50.0638 7020 uagp35 - ok
22:31:50.0681 7020 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
22:31:50.0687 7020 udfs - ok
22:31:50.0728 7020 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
22:31:50.0729 7020 UI0Detect - ok
22:31:50.0750 7020 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:31:50.0752 7020 uliagpkx - ok
22:31:50.0783 7020 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:31:50.0790 7020 uliahci - ok
22:31:50.0809 7020 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:31:50.0820 7020 UlSata - ok
22:31:50.0836 7020 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:31:50.0846 7020 ulsata2 - ok
22:31:50.0863 7020 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:31:50.0865 7020 umbus - ok
22:31:50.0874 7020 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
22:31:50.0875 7020 UMPass - ok
22:31:50.0900 7020 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
22:31:50.0904 7020 upnphost - ok
22:31:50.0981 7020 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:31:50.0982 7020 USBAAPL64 - ok
22:31:51.0030 7020 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
22:31:51.0032 7020 usbaudio - ok
22:31:51.0070 7020 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
22:31:51.0072 7020 usbccgp - ok
22:31:51.0081 7020 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
22:31:51.0083 7020 usbcir - ok
22:31:51.0111 7020 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
22:31:51.0113 7020 usbehci - ok
22:31:51.0154 7020 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
22:31:51.0161 7020 usbhub - ok
22:31:51.0198 7020 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
22:31:51.0200 7020 usbohci - ok
22:31:51.0212 7020 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
22:31:51.0213 7020 usbprint - ok
22:31:51.0236 7020 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:31:51.0238 7020 USBSTOR - ok
22:31:51.0255 7020 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
22:31:51.0256 7020 usbuhci - ok
22:31:51.0334 7020 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
22:31:51.0344 7020 usbvideo - ok
22:31:51.0410 7020 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
22:31:51.0412 7020 UxSms - ok
22:31:51.0416 7020 VcommMgr - ok
22:31:51.0507 7020 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
22:31:51.0511 7020 vds - ok
22:31:51.0569 7020 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:31:51.0571 7020 vga - ok
22:31:51.0590 7020 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:31:51.0591 7020 VgaSave - ok
22:31:51.0608 7020 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
22:31:51.0610 7020 viaide - ok
22:31:51.0630 7020 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
22:31:51.0631 7020 volmgr - ok
22:31:51.0687 7020 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
22:31:51.0693 7020 volmgrx - ok
22:31:51.0716 7020 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
22:31:51.0724 7020 volsnap - ok
22:31:51.0751 7020 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:31:51.0754 7020 vsmraid - ok
22:31:51.0857 7020 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
22:31:51.0866 7020 VSS - ok
22:31:52.0027 7020 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
22:31:52.0031 7020 W32Time - ok
22:31:52.0073 7020 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:31:52.0075 7020 WacomPen - ok
22:31:52.0126 7020 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:52.0128 7020 Wanarp - ok
22:31:52.0132 7020 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:52.0133 7020 Wanarpv6 - ok
22:31:52.0169 7020 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
22:31:52.0175 7020 wcncsvc - ok
22:31:52.0198 7020 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
22:31:52.0200 7020 WcsPlugInService - ok
22:31:52.0216 7020 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:31:52.0217 7020 Wd - ok
22:31:52.0280 7020 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
22:31:52.0295 7020 Wdf01000 - ok
22:31:52.0314 7020 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:31:52.0316 7020 WdiServiceHost - ok
22:31:52.0320 7020 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:31:52.0322 7020 WdiSystemHost - ok
22:31:52.0345 7020 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
22:31:52.0348 7020 WebClient - ok
22:31:52.0417 7020 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
22:31:52.0420 7020 Wecsvc - ok
22:31:52.0436 7020 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
22:31:52.0438 7020 wercplsupport - ok
22:31:52.0453 7020 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
22:31:52.0456 7020 WerSvc - ok
22:31:52.0508 7020 WinDefend - ok
22:31:52.0515 7020 WinHttpAutoProxySvc - ok
22:31:52.0588 7020 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
22:31:52.0590 7020 Winmgmt - ok
22:31:52.0733 7020 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
22:31:52.0747 7020 WinRM - ok
22:31:52.0897 7020 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
22:31:52.0902 7020 Wlansvc - ok
22:31:53.0074 7020 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:31:53.0088 7020 wlidsvc - ok
22:31:53.0163 7020 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
22:31:53.0163 7020 WmiAcpi - ok
22:31:53.0231 7020 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
22:31:53.0233 7020 wmiApSrv - ok
22:31:53.0267 7020 WMPNetworkSvc - ok
22:31:53.0299 7020 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
22:31:53.0302 7020 WPCSvc - ok
22:31:53.0355 7020 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
22:31:53.0357 7020 WPDBusEnum - ok
22:31:53.0407 7020 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
22:31:53.0408 7020 WpdUsb - ok
22:31:53.0537 7020 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:31:53.0543 7020 WPFFontCache_v0400 - ok
22:31:53.0573 7020 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:31:53.0574 7020 ws2ifsl - ok
22:31:53.0628 7020 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
22:31:53.0630 7020 wscsvc - ok
22:31:53.0694 7020 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:31:53.0695 7020 WSDPrintDevice - ok
22:31:53.0699 7020 WSearch - ok
22:31:53.0868 7020 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:31:53.0884 7020 wuauserv - ok
22:31:54.0011 7020 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:31:54.0013 7020 WUDFRd - ok
22:31:54.0035 7020 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
22:31:54.0037 7020 wudfsvc - ok
22:31:54.0077 7020 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
22:31:54.0464 7020 \Device\Harddisk0\DR0 - ok
22:31:54.0498 7020 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
22:31:54.0500 7020 \Device\Harddisk1\DR1 - ok
22:31:54.0504 7020 Boot (0x1200) (42af3a7b0f3430e1da0ea798cc6bd6f9) \Device\Harddisk0\DR0\Partition0
22:31:54.0505 7020 \Device\Harddisk0\DR0\Partition0 - ok
22:31:54.0509 7020 Boot (0x1200) (803e4d301c164d24d97def3b41543b67) \Device\Harddisk0\DR0\Partition1
22:31:54.0511 7020 \Device\Harddisk0\DR0\Partition1 - ok
22:31:54.0516 7020 Boot (0x1200) (e9ba549dcaf646a85c01b0cf8c74862a) \Device\Harddisk1\DR1\Partition0
22:31:54.0518 7020 \Device\Harddisk1\DR1\Partition0 - ok
22:31:54.0518 7020 ============================================================
22:31:54.0518 7020 Scan finished
22:31:54.0518 7020 ============================================================
22:31:54.0531 7112 Detected object count: 0
22:31:54.0531 7112 Actual detected object count: 0
22:32:03.0920 5768 Deinitialize success





----------- aswMBR, ran successfully, no issues, log file below...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-08 22:34:41
-----------------------------
22:34:41.467 OS Version: Windows x64 6.0.6002 Service Pack 2
22:34:41.467 Number of processors: 4 586 0x1707
22:34:41.468 ComputerName: ST-PC UserName: st
22:34:42.951 Initialize success
22:35:32.365 AVAST engine defs: 12070801
22:37:01.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:37:01.064 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 8
22:37:01.066 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
22:37:01.069 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 8
22:37:01.084 Disk 0 MBR read successfully
22:37:01.087 Disk 0 MBR scan
22:37:01.092 Disk 0 unknown MBR code
22:37:01.096 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 464316 MB offset 63
22:37:01.135 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12621 MB offset 950919480
22:37:01.179 Disk 0 scanning C:\Windows\system32\drivers
22:37:11.821 Service scanning
22:37:36.882 Modules scanning
22:37:36.888 Disk 0 trace - called modules:
22:37:36.907 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
22:37:36.911 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80083bf790]
22:37:36.916 3 CLASSPNP.SYS[fffffa6000fd0c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006135050]
22:37:39.016 AVAST engine scan C:\Windows
22:37:46.200 AVAST engine scan C:\Windows\system32
22:41:46.653 AVAST engine scan C:\Windows\system32\drivers
22:42:03.918 AVAST engine scan C:\Users\st
23:00:15.733 AVAST engine scan C:\ProgramData
23:07:01.340 Scan finished successfully
23:07:17.718 Disk 0 MBR has been saved successfully to "C:\Users\st\Desktop\MBR.dat"
23:07:17.722 The log file has been saved successfully to "C:\Users\st\Desktop\aswMBR.txt"

#19 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:59 AM

Posted 09 July 2012 - 01:28 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

RegNull::
[HKEY_USERS\S-1-5-21-1528118550-3384070800-3959885862-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB61FE6-A140-AB00-5A02-EF0F7FD4F4AC}*]
[HKEY_USERS\S-1-5-21-1528118550-3384070800-3959885862-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A3622A7C-DD09-5519-6FEF-252C177D087B}*]

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#20 ndbleep12

ndbleep12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 09 July 2012 - 02:03 AM

Hi Gringo, No problems running the script. Computer responding normally. Results of ComboFix report below... Brilliant!!

---------------------

ComboFix 12-07-08.01 - st 07/08/2012 23:43:30.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.3360 [GMT -7:00]
Running from: c:\users\st\Desktop\ComboFix.exe
Command switches used :: c:\users\st\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\AcRemoteUpdate.exe
c:\program files (x86)\AutocompletePro\AutocompletePro.dll
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf
c:\program files (x86)\AutocompletePro\TaskScheduler.dll
c:\program files (x86)\AutocompletePro\unins000.dat
c:\program files (x86)\AutocompletePro\unins000.exe
c:\users\st\AppData\Local\._Revolution_
c:\users\st\WINDOWS
c:\windows\SysWow64\Cache
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 06:53 . 2012-07-09 06:53 -------- d-----w- c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
2012-07-09 06:53 . 2012-07-09 06:53 -------- d-----w- c:\windows\ServiceProfiles\LocalService\AppData\Local\temp
2012-07-09 06:53 . 2012-07-09 06:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-09 06:53 . 2012-07-09 06:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-09 06:53 . 2012-07-09 06:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-09 06:53 . 2012-07-09 06:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-08 05:51 . 2012-07-08 05:52 -------- d-----w- C:\FRST
2012-07-07 19:17 . 2012-07-07 19:17 -------- d-----w- c:\program files (x86)\ESET
2012-07-07 06:59 . 2012-07-07 06:59 -------- d-----w- c:\users\st\AppData\Roaming\DriverCure
2012-07-07 06:59 . 2012-07-07 06:59 -------- d-----w- c:\users\st\AppData\Roaming\SpeedyPC Software
2012-07-07 06:58 . 2012-07-07 06:58 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-07-07 06:58 . 2012-07-07 06:58 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-07 06:58 . 2012-07-07 06:58 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-07-06 22:45 . 2012-07-06 22:45 -------- d-----w- c:\users\st\AppData\Roaming\Malwarebytes
2012-07-06 22:45 . 2012-07-06 22:45 -------- d-----w- c:\programdata\Malwarebytes
2012-07-06 22:45 . 2012-07-06 22:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-06 22:45 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 19:33 . 2012-06-29 19:33 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-26 17:34 . 2012-06-26 17:34 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-26 17:34 . 2012-06-26 17:34 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-23 19:49 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 19:49 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 19:49 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 19:49 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 19:49 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-22 16:51 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 16:51 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-22 16:51 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 16:51 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-22 16:51 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 16:51 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 16:51 . 2012-06-02 22:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-22 16:51 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 16:51 . 2012-06-02 22:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-21 15:38 . 2012-06-21 15:38 -------- d-----w- c:\users\st\AppData\Roaming\TeamViewer
2012-06-14 01:08 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 01:08 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 01:08 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 01:08 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 01:08 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 01:08 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 01:08 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-14 01:08 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 19:22 . 2012-05-07 05:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 19:22 . 2011-08-12 17:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 11:50 . 2012-04-19 11:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] .. c:\windows\SysWOW64\appmgmts.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] .. c:\windows\SysWOW64\msgsvc.dll
.
[-] 2005-01-28 21:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] .. c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 21:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] .. c:\windows\SysWOW64\MsPMSNSv.dll
[-] 2005-01-28 21:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] .. c:\windows\SysWOW64\dllcache\mspmsnsv.dll
[-] 2004-08-04 08:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] .. c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2002-11-27 03:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] .. c:\windows\RegisteredPackages\{A0000BA0-97AD-43FB-8A05-3542C3AB99CD}\mspmsnsv.dll
.
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] .. c:\windows\SysWOW64\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] .. c:\windows\SysWOW64\dllcache\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] .. c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntkrnlpa.exe
[-] 2006-12-19 . 1D659BFB788ED2BA45075624B748D249 . 2057600 . . [5.1.2600.3051] .. c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntkrnlpa.exe
.
[-] 2008-04-14 01:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] .. c:\windows\SysWOW64\ntmssvc.dll
.
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] .. c:\windows\SysWOW64\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] .. c:\windows\SysWOW64\dllcache\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] .. c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntoskrnl.exe
[-] 2006-12-19 . 8F0DEAB1F81FB83F9C5995853CE48B9F . 2180352 . . [5.1.2600.3051] .. c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] .. c:\windows\SysWOW64\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] .. c:\windows\SysWOW64\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] .. c:\windows\SysWOW64\wiaservc.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-07-09_04.07.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-30 21:29 . 2012-07-09 04:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-30 21:29 . 2012-07-09 03:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-30 21:29 . 2012-07-09 03:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-30 21:29 . 2012-07-09 04:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-30 21:29 . 2012-07-09 03:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-30 21:29 . 2012-07-09 04:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 12:46 . 2012-07-09 04:13 667118 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-07-09 03:41 667118 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-07-09 04:13 129118 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-07-09 03:41 129118 c:\windows\system32\perfc009.dat
- 2008-01-21 03:20 . 2012-07-09 03:35 5931008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-07-09 04:06 5931008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-07-09 03:35 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-07-09 04:06 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 04:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 04:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 04:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"googletalk"="c:\users\st\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2009-11-02 2195160]
"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2009-11-02 604888]
"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2009-11-02 430808]
"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2009-11-02 856280]
"RayV"="c:\program files (x86)\RayV\RayV\RayV.exe" [2010-06-28 2561320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"MDShell"="c:\program files (x86)\Mediafour\MacDrive\MDShell.exe" [2000-04-19 77824]
"Omnipage"="c:\program files (x86)\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"PDF Maker Pilot (demo) printing agent"="c:\program files (x86)\PDF Maker Pilot Demo\pmpagentd.exe" [2007-06-19 90112]
"SoundMan"="SOUNDMAN.EXE" [2002-10-28 47104]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"IgfxTray"="c:\windows\SysWOW64\igfxtray.exe" [2002-10-16 155648]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"PDFHook"="c:\program files (x86)\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-07-31 795936]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 5\RegistryController.exe" [2008-07-31 58656]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
"Nuance PDF Professional 5-reminder"="c:\program files (x86)\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2007-08-31 328992]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-07-20 80384]
"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-04-10 316864]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\st\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smartsync.lnk - c:\program files (x86)\Smartsync WM100\Smartsync.exe [2006-5-26 2031616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
HP Button Manager.lnk - c:\program files (x86)\HP\Button Manager\BM.exe [2009-9-24 249856]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Magic-i.lnk - c:\program files (x86)\ArcSoft\Magic-i 3\Magic-i.exe [2009-9-24 530944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 66961062
*Deregistered* - 66961062
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-25 05:49]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-25 05:49]
.
2012-07-09 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2012-06-01 18:22]
.
2012-07-08 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-07-07 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2012-07-08 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 03:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 03:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 03:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-11 178712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1659816]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append the content of the link to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Download with Xilisoft YouTube to iPod Converter - c:\program files (x86)\Xilisoft\YouTube to iPod Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 5.11 - c:\program files (x86)\Nuance\PDF Professional 5\cnvres_eng.dll /100
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: providence.org\email
Trusted Zone: providence.org\vendoraccess
Trusted Zone: providence.org\vendors
Trusted Zone: providence.org\www
TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
DPF: {55E515F7-0FA2-4610-874E-028107E766A3} - hxxp://www.providence.org/eprsup/eWebEditPro2/ewebeditpro3.cab
DPF: {7B1A430D-F9B9-11D3-A435-0050DA5D9D44} - hxxp://www.providence.org/eprsup/eWebEditPro/eWebEditPro.CAB
DPF: {E43DF60D-D6FA-42AB-921C-FE0A023C5BE1} - hxxp://www.ektron.com/ewebeditpro2/ewebeditpro.cab
DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} - hxxp://store.valueweb.com/storeadmin/utilities/pssbedit.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\st\AppData\Roaming\Mozilla\Firefox\Profiles\7sc0d3zs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AutocompletePro2_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files (x86)\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"c:\program files (x86)\MySQL\MySQL Server 4.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\ProgID]
@Denied: (A) (Everyone)
@="{E3C0C89F-CF5D-4100-8E0E-1881E7E2FF00}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\Version]
@Denied: (A) (Everyone)
@="{E3C0C89F-CF5D-4100-8E0E-1881E7E2FF00}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
@="{8D8763AB-E93B-4812-964E-F04E0008FD50}"
"{21701DD0-9D7E-43f7-A1B2-E92ED6E90A51}"=hex:7c,0a,c1,fe,56,62,a6,c8,7a,7e,9a,
75,cd,7b,16,9e,42,29,2c,b3,40,64,47,57,b5,07,c7,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
Completion time: 2012-07-08 23:57:04
ComboFix-quarantined-files.txt 2012-07-09 06:57
ComboFix2.txt 2012-07-09 04:23
.
Pre-Run: 282,274,983,936 bytes free
Post-Run: 282,348,560,384 bytes free
.
- - End Of File - - 8FDAD3EA52EE30EA6EC28D04C0868C92

#21 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:59 AM

Posted 09 July 2012 - 02:12 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#22 ndbleep12

ndbleep12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 09 July 2012 - 02:26 AM

Here goes... many thanks!!

Abacast Client
ActiveCheck component for HP Active Support Library
Add-ons
Adobe Acrobat 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 11 ActiveX
Adobe Photoshop 7.0.1
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader X (10.1.3)
Advanced Network Diagramming
Advanced Network Diagramming Help
Aladdin DropStuff 5.1
Aladdin Expander 5.1
Alien Skin Eye Candy 4000 Demo
AllWebMenus PRO
Amazing Slow Downer (remove only)
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i 3
ArcSoft MediaImpression for Kodak
ArcSoft VideoImpression 2
ArcSoft WebCam Companion 2
Audible Download Manager
Audio Tag Editor
AutocompletePro
AVS Audio Tools version 4.2
Band-in-a-Box 2004
Bing Bar
Block Diagrams
Block Diagrams Help
BlueSoleil
Borders and Backgrounds
Borders and Backgrounds Help
BufferChm
BUM
C309g-m
CAD Drawing Display
Callouts and Connectors
Callouts and Connectors Help
Canon CanoScan Toolbox 4.1
Carbonite
Cards_Calendar_OrderGift_DoMorePlugout
CDex extraction audio
CHS2000 Demo
Cisco Connect
Clip Art and Symbols
Clip Art and Symbols Help
CoffeeCup Google SiteMapper
CoffeeCup HTML Editor
CoffeeCup Password Wizard
Compatibility Pack for the 2007 Office system
CP2101 USB to UART Bridge Controller
CrossFont version 5.5
Custom Properties Editor
CyberLink DVD Suite Deluxe
CyberPower PowerPanel Personal Edition 1.2.7
D3DX10
Database Design
Database Design Help
Database Wizard
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
Developing Visio Solutions Help
DeviceDiscovery
DHTML Editing Component
DHTML Menu Creator
Digital Image Tool 1.2
Directory Services
Directory Services Help
EarMaster Pro 5
Easy Thumbnails (Remove only)
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
File Renamer - Basic
Flowcharts
Flowcharts Help
FontTwister 1.3
Forms and Charts
Forms and Charts Help
Free Sound Recorder 2010 v8.2.1
Free Video Cutter 1.1
Garmin Communicator Plugin
Garmin USB Drivers
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
GoToMeeting 2.0.0.127
GPBaseService2
Graphics Filters
HamsterFreeVideoConverter
Hardware Diagnostic Tools
Help for Visio 2000 (HTML Help)
HomeSite 4.5
Homestead SiteBuilder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
HP Active Support Library
HP Button Manager
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP Photosmart Essential 2.5
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Update
HP Webcam User’s Guide
HPAsset component for HP Active Support Library
HPPhotoGadget
HPPhotoSmartPhotobookWebPack1
hpPrintProjects
HPProductAssistant
HPSSupply
HPTCSSetup
hpWLPGInstaller
Internet Diagrams
Internet Diagrams Help
iPhone Configuration Utility
Ipswitch WS_FTP LE
JAlbum
Java Auto Updater
Java™ 6 Update 29
Java™ SE Runtime Environment 6 Update 1
join.me
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Juniper Terminal Services Client
KODAK EASYSHARE Gallery Easy Upload, v2.1
LabelPrint
LightScribe System Software 1.14.17.1
LightScribeTemplateLabeler
MacDrive 2000
Macromedia Dreamweaver 4
Macromedia Extension Manager
Macromedia Fireworks 4
Macromedia FreeHand 9
Macromedia Shockwave Player
MainType 2.1.1
Malwarebytes Anti-Malware version 1.61.0.1400
Manual CanoScan LiDE 80
Maps
Maps Help
MarketResearch
Melody Assistant
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Data Access Components KB870669
Microsoft Flight Simulator X
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2010
Microsoft Office SharePoint Designer MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SharePoint Designer 2010
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visio 2000
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio Service Pack 3
Microsoft Works
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MusEdit Viewer 3.90.2
muvee autoProducer 6.1
MWSnap 3
My HP Games
MySQL Administrator 1.0
MySQL Query Browser 1.1
MySQL Server 4.1
NavStudio
Network Diagrams
Network Diagrams Help
Nikon Message Center
Notepad++
NVIDIA PhysX v8.10.13
Octoshape add-in for Adobe Flash Player
Office Layout
Office Layout Help
OmniPage SE
Organization Charts
Organization Charts Help
Page Layout Wizard
Panasonic Office Add-in
PCmover
PDF Maker Pilot Demo version 1.30
PHP 4.3.10
PHP Designer 2005 ver. 3.0.6
PictureProject
Power Tab Editor 1.7
Power2Go
PowerDirector
Program Files
Program Files Help
Program Files Professional
Program Files Professional Help
Project Schedules
Project Schedules Help
Property Reporting Wizard
PS_AIO_06_C309g-m_SW_Min
PSSWCORE
Python 2.5.2
Quicken 2008
QuickTime
Quintessential Player
ReaConverter 4.0 Pro
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Release Notes
Release Notes Professional
Retrospect 6.5
RokuRadioSnooper v2.10.06
Safari
SAPI5_Common
Save as HTML
Scan
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Segoe UI
Shape Explorer Help
Simple CSS 2.1
SkyCaddie Desktop
Skype Click to Call
Skype™ 5.8
SmartDraw 2012
Smartsync
SmartWebPrinting
Software Design
Software Design Help
SolutionCenter
Solutions
SpeedyPC Pro
SPORE Creature Creator Trial Edition
SportBrain iSync
Spybot - Search & Destroy
Status
SWiSH Max2
SWiSH Video3
SWiSHmax
SWiSHpix
TablEdit 2.65
TABVIEW2
TEFView 2.62
TiVo Desktop 2.8
Toolbox
TOPO! 4
TopStyle Lite (Version 1.5)
trailblazers
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VBA
VideoToolkit01
Visio
Visio Core Files
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Infinite Menus
Visual Studio 2008 x64 Redistributables
WebEx
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
WinZip
Xilisoft YouTube to iPod Converter
Yahoo! Toolbar


--- my note: SpeedyPC Pro is something I know nothing about, a recent addition, nor actively downloaded...

#23 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:59 AM

Posted 09 July 2012 - 02:42 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

AutocompletePro
Java™ 6 Update 29
Java™ SE Runtime Environment 6 Update 1
SpeedyPC Pro
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#24 ndbleep12

ndbleep12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 09 July 2012 - 11:24 AM

Hi, Here are logs and report...

-----------

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
st :: ST-PC [administrator]

7/9/2012 1:36:42 AM
mbam-log-2012-07-09 (01-36-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 307733
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

-----------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:47:09 AM, on 7/9/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe
C:\Program Files (x86)\RayV\RayV\RayV.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files (x86)\PDF Maker Pilot Demo\pmpagentd.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Nuance\PDF Professional 5\PdfPro5Hook.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ArcSoft\Magic-i 3\Magic-i.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Smartsync WM100\Smartsync.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\PROGRA~2\MICROS~2\Office14\OUTLOOK.EXE
C:\Program Files (x86)\AVG\AVG2012\avgcsrvx.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\st\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [MDShell] "C:\Program Files (x86)\Mediafour\MacDrive\MDShell.exe" /S
O4 - HKLM\..\Run: [Omnipage] "C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe"
O4 - HKLM\..\Run: [PDF Maker Pilot (demo) printing agent] "C:\Program Files (x86)\PDF Maker Pilot Demo\pmpagentd.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\SysWOW64\igfxtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 5\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 5\RegistryController.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Nuance PDF Professional 5-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Professional 5\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft MediaImpression Monitor] "C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe"
O4 - HKLM\..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Carbonite Backup] "C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\st\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry
O4 - HKCU\..\Run: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
O4 - HKCU\..\Run: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe
O4 - HKCU\..\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (User '?')
O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')
O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [googletalk] C:\Users\st\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart (User '?')
O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry (User '?')
O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe (User '?')
O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify (User '?')
O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe (User '?')
O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background (User '?')
O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - S-1-5-21-1528118550-3384070800-3959885862-1000 Startup: Smartsync.lnk = C:\Program Files (x86)\Smartsync WM100\Smartsync.exe (User '?')
O4 - S-1-5-18 Startup: Smartsync.lnk = C:\Program Files (x86)\Smartsync WM100\Smartsync.exe (User '?')
O4 - .DEFAULT Startup: Smartsync.lnk = C:\Program Files (x86)\Smartsync WM100\Smartsync.exe (User 'Default user')
O4 - Startup: Smartsync.lnk = C:\Program Files (x86)\Smartsync WM100\Smartsync.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: HP Button Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Magic-i.lnk = C:\Program Files (x86)\ArcSoft\Magic-i 3\Magic-i.exe
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Create PDF file - res://C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Download with Xilisoft YouTube to iPod Converter - C:\Program Files (x86)\Xilisoft\YouTube to iPod Converter\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Nuance PDF Converter 5.11 - res://C:\Program Files (x86)\Nuance\PDF Professional 5\cnvres_eng.dll /100
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O15 - Trusted Zone: http://www.providence.org
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {55E515F7-0FA2-4610-874E-028107E766A3} (eWebEditProLibCtl3.eWebEditPro) - http://www.providence.org/eprsup/eWebEditPro2/ewebeditpro3.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7B1A430D-F9B9-11D3-A435-0050DA5D9D44} (eWebEditorPro.eWebEditPro) - http://www.providence.org/eprsup/eWebEditPro/eWebEditPro.CAB
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://premconf.webex.com/client/T25L10NSP41EP2-PREM/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E43DF60D-D6FA-42AB-921C-FE0A023C5BE1} (eWebEditProLibCtl.eWebEditPro) - http://www.ektron.com/ewebeditpro2/ewebeditpro.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://vendoraccess.providence.org/dana-cached/setup/JuniperSetup.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://vendoraccess.providence.org/dana-cached/sc/JuniperSetupClient.cab
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - http://store.valueweb.com/storeadmin/utilities/pssbedit.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Windows\SysWow64\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1ca3da46f8580) (gupdate1ca3da46f8580) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i 3\uMgiSvr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBD Tech Auto Update (NBDUpdate) - Unknown owner - C:\Program Files\yaTimer\Updates\AutoUpdateService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Cyber Power Systems, Inc. - C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files (x86)\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~2\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 21820 bytes


-- Problems
The only problem I encountered was with the removal of AutocompletePro. Upon removal, Revo gave me an error saying it could not be found for removal. I then went into Control Panel > Programs and used Windows uninstaller to remove. All went well with that procedure.

-- How the computer is now...
Everything seems to be running normally, no issues noticed!

#25 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:59 AM

Posted 09 July 2012 - 03:54 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
      O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [googletalk] C:\Users\st\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
      O4 - HKCU\..\Run: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry
      O4 - HKCU\..\Run: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
      O4 - HKCU\..\Run: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
      O4 - HKCU\..\Run: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe
      O4 - HKCU\..\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
      O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
      O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (User '?')
      O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')
      O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [googletalk] C:\Users\st\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart (User '?')
      O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry (User '?')
      O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe (User '?')
      O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify (User '?')
      O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe (User '?')
      O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1000\..\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background (User '?')
      O4 - HKUS\S-1-5-21-1528118550-3384070800-3959885862-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
      O4 - S-1-5-21-1528118550-3384070800-3959885862-1000 Startup: Smartsync.lnk = C:\Program Files (x86)\Smartsync WM100\Smartsync.exe (User '?')
      O4 - S-1-5-18 Startup: Smartsync.lnk = C:\Program Files (x86)\Smartsync WM100\Smartsync.exe (User '?')
      O4 - .DEFAULT Startup: Smartsync.lnk = C:\Program Files (x86)\Smartsync WM100\Smartsync.exe (User 'Default user')
      O4 - Startup: Smartsync.lnk = C:\Program Files (x86)\Smartsync WM100\Smartsync.exe
      O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
      O4 - Global Startup: HP Button Manager.lnk = ?
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Magic-i.lnk = C:\Program Files (x86)\ArcSoft\Magic-i 3\Magic-i.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#26 ndbleep12

ndbleep12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 10 July 2012 - 01:15 AM

Hi Gringo,

Ran startup entry removal (Hijackthis).

Had to put off the eset scan till tonight due to work schedule. Was initially disappointed as it found 3 infected files (boo!), however, the logs seem to indicate to me that they are in quarantine(Yea!)...

Log files attached...


ESET_SCAN-----------------

C:\FRST\Quarantine\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U\00000008.@ Win64/Agent.BA trojan
C:\FRST\Quarantine\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U\80000000.@ Win64/Sirefef.AE trojan
C:\FRST\Quarantine\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\{6a5acc82-cd10-0a26-3d3e-bd6b6a4e838c}\U\80000032.@ a variant of Win32/Sirefef.FD trojan


Thanks again for your efforts. Box ran well all day today.

Please recommend your favorite anit-virus tools (you don't have to list them in any particular order, thanks!) Don't think AVG Free is doing it for me, though it has been solid for years!

#27 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:59 AM

Posted 10 July 2012 - 01:24 AM

Hello

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#28 ndbleep12

ndbleep12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 10 July 2012 - 11:46 AM

Hi Gringo, Again, my sincere thanks & appreciation for your efforts!!

As per last procedures, ComboFix uninstall was successful, but OTC procedure did not remove these programs or logs as expected. Tried a couple of times, don't think it was being restricted any ways by security procedures

HijackThis
SecurityCheck
MinitoolBox
GMER

It did however, remove itself. I'm assuming I can right-click / Delete these executables as they do not appear to be system installs. Correct?

#29 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:59 AM

Posted 10 July 2012 - 10:47 PM

Greetings


you did very well and you are correct just need to delete them



You are more than welcome and glad I was able to help



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#30 ndbleep12

ndbleep12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 10 July 2012 - 11:21 PM

Ok done, think that's it.

If you ever make it to Oregon, drinks on me!!

Thanks again!

Scott




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users