Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious URL Blocked - svchost.exe


  • This topic is locked This topic is locked
14 replies to this topic

#1 sefnerr

sefnerr

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 PM

Posted 24 July 2012 - 05:01 PM

Google Chrome and IE browser were being redirected when searching. MS Security Essentials would not start it's service. Windows firewall is not functioning. I installed Avast and uninstalled MS Security Essentials. Avast detected numerous Trojans and malware. I installed (and have since uninstalled) rkill, malwarebytes, and super anti-spyware. Both malwarebytes and super anti-spyware found and removed numerous malware infections. Avast is constantly detecting malicious URL attempts in the background happening under process c:\windows\system32\svchost.exe Avast also is also warning of blocking a Trojan horse(win64:Sirefef-A[Trj]) from process c:\windows\system32\services.exe as well as various other Trojan warnings... I could not run dds.scr or gmer.exe from the desktop. Windows threw up an error "A device attached to the system is not functioning." I copied both files to root (C:\) and executed from an elevated command prompt. I saved the logs to a flash drive. Thanks for assistance.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Donna at 14:10:14 on 2012-07-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.2033 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SBC\update\SST.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070807
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070807
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: ArcadeCandy Games: {ab6bd08c-db6b-4f02-8a22-4bd343e990ff} - c:\users\donna\appdata\local\arcadecandy\candyEX.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Playfin: {d30bc29f-19f6-40b3-a91f-d4707048ade6} - c:\program files\playfin_1t\bar\1.bin\1tbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} - c:\program files\gamingwonderland\bar\1.bin\gtbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {C53FE659-316A-4F56-A194-A5BE491BE866} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [APN] rundll32.exe "c:\users\donna\appdata\local\apple\apn\pjyywcyeo.dll",CreateInstance
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100458 -Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET CLR 1.1.4322; AskTbPGL/5.14.1.20007)
mRun: [SBC_McciTrayApp] c:\program files\sbc\update\SST.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{933A7058-99CD-41FF-A6F7-648E01DF6C5C} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F1F6D811-9ACA-4C16-9104-76B842DBAC47} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-23 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-23 353688]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-23 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-23 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-23 44808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-5 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-23 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-23 40776]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-25 541800]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
.
=============== Created Last 30 ================
.
2012-07-24 21:09:00 607260 ------r- C:\dds.scr
2012-07-24 02:37:03 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-24 02:37:00 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-24 02:36:34 41224 ----a-w- c:\windows\avastSS.scr
2012-07-24 02:36:17 -------- d-----w- c:\programdata\AVAST Software
2012-07-24 02:36:17 -------- d-----w- c:\program files\AVAST Software
2012-07-24 01:20:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-24 01:11:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 10:03:13 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:38:34 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 12:38:33 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 12:38:33 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 12:38:32 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 12:38:31 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 12:38:31 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-30 17:17:25 -------- d-----w- c:\programdata\Oberon Media
2012-06-30 17:17:14 -------- d-----w- c:\users\donna\appdata\local\ArcadeCandy
2012-06-28 00:22:34 -------- d-----w- c:\users\donna\appdata\local\Deployment
.
==================== Find3M ====================
.
2012-07-24 01:11:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-10 17:59:22 454 ----a-w- c:\program files\031020129592255.bat
.
============= FINISH: 14:11:39.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 PM

Posted 26 July 2012 - 02:50 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sefnerr

sefnerr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 PM

Posted 27 July 2012 - 08:18 PM

Thank you Gringo. I had to run securitycheck and combofix from the command prompt. I was getting an error "A device attached to the system is not functioning." when trying to run them directly from the desktop. I am still experiencing this error. Avast is still blocking malicious URL Internet Explorer and Google Chrome have their search results from Google(default search engine) being redirected. The results of the search are fine, but when you click on one of the results Avast blocks the action. FYI, Microsoft Security Essentials is no longer installed on the computer, but I see that it is still showing in the logs.

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Google Chrome 17.0.963.56
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


ComboFix 12-07-27.03 - Donna 07/27/2012 17:32:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.2105 [GMT -7:00]
Running from: c:\users\Donna\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Donna\AppData\Local\Apple\APN\pjyywcyeo.dll
c:\users\Donna\AppData\Local\I Want This
c:\users\Donna\AppData\Roaming\.#
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 00:41 . 2012-07-28 00:45 -------- d-----w- c:\users\Donna\AppData\Local\temp
2012-07-28 00:41 . 2012-07-28 00:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 21:27 . 2012-07-24 20:31 302592 ----a-w- C:\gmer.exe
2012-07-24 21:09 . 2012-07-24 20:29 607260 ------r- C:\dds.scr
2012-07-24 02:37 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-24 02:37 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-24 02:37 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-24 02:37 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-24 02:37 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-24 02:37 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-24 02:36 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-24 02:36 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-24 02:36 . 2012-07-24 02:36 -------- d-----w- c:\programdata\AVAST Software
2012-07-24 02:36 . 2012-07-24 02:36 -------- d-----w- c:\program files\AVAST Software
2012-07-24 01:20 . 2012-07-24 01:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-24 01:11 . 2012-07-24 01:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 10:03 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:38 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 12:38 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 12:38 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 12:38 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 12:38 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 12:38 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-30 17:17 . 2012-06-30 17:17 -------- d-----w- c:\programdata\Oberon Media
2012-06-30 17:17 . 2012-06-30 17:17 -------- d-----w- c:\users\Donna\AppData\Local\ArcadeCandy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 01:11 . 2012-02-27 20:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-22 17:18 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 17:18 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 17:18 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 17:18 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 17:18 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 17:18 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 17:18 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 17:18 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-22 17:18 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-05-01 14:03 . 2012-06-12 23:39 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-10 17:59 . 2012-03-10 17:59 454 ----a-w- c:\program files\031020129592255.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBC_McciTrayApp"="c:\program files\SBC\update\SST.exe" [2007-02-28 1011200]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 04:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 04:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" /startup
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"Google Update"="c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Weather"=c:\program files\AWS\WeatherBug\Weather.exe 1
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"RtHDVCpl"=RtHDVCpl.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"ECenter"=c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3176320566-1362754327-2260252347-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 01:11]
.
2012-07-24 c:\windows\Tasks\CandyUpdater.job
- c:\users\Donna\AppData\Local\ArcadeCandy\candyUpdater.exe [2012-06-25 22:45]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:01]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:01]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3176320566-1362754327-2260252347-1000Core.job
- c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 23:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{C53FE659-316A-4F56-A194-A5BE491BE866} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{F92A9FE4-2850-4198-B9D5-279880E49B16} - (no file)
HKCU-Run-APN - c:\users\Donna\AppData\Local\Apple\APN\pjyywcyeo.dll
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
MSConfigStartUp-wscsvc32 - c:\program files\Antivirus\wscsvc32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-27 17:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{D30BC29F-19F6-40B3-A91F-D4707048ADE6}"=hex:51,66,7a,6c,4c,1d,38,12,f1,c1,18,
d7,c4,57,dd,05,d6,09,97,30,75,16,e9,f2
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{A899079D-206F-43A6-BE6A-07E0FA648EA0}"=hex:51,66,7a,6c,4c,1d,38,12,f3,04,8a,
ac,5d,6e,c8,06,c1,7c,44,a0,ff,3a,ca,b4
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF}"=hex:51,66,7a,6c,4c,1d,38,12,e2,d3,78,
af,59,95,6c,0a,f5,34,08,93,46,b7,d4,eb
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a7,b3,01,19,dc,69,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,c1,95,f2,75,9b,47,4e,94,6c,ff,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,c1,95,f2,75,9b,47,4e,94,6c,ff,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-07-27 17:53:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 00:53
.
Pre-Run: 229,689,151,488 bytes free
Post-Run: 229,600,768,000 bytes free
.
- - End Of File - - 9C20668969850B14AD48A60D95AA199A

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 PM

Posted 27 July 2012 - 09:40 PM

Greetings
I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sefnerr

sefnerr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 PM

Posted 27 July 2012 - 11:14 PM

aswMBR appeared to stall when it was scanning the temporarily internet folder. I "saved a log" thinking it was done and it continued scanning. I re-saved the log once it was done. It's posted below. Internet Explorer seems to be working properly, however Chrome is still being redirected when clicking on search results. Avast is no longer continuously popping up warnings.


20:25:25.0243 3156 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:25:25.0835 3156 ============================================================
20:25:25.0835 3156 Current date / time: 2012/07/27 20:25:25.0835
20:25:25.0835 3156 SystemInfo:
20:25:25.0835 3156
20:25:25.0835 3156 OS Version: 6.0.6002 ServicePack: 2.0
20:25:25.0835 3156 Product type: Workstation
20:25:25.0835 3156 ComputerName: DONNA-PC
20:25:25.0835 3156 UserName: Donna
20:25:25.0835 3156 Windows directory: C:\Windows
20:25:25.0835 3156 System windows directory: C:\Windows
20:25:25.0835 3156 Processor architecture: Intel x86
20:25:25.0835 3156 Number of processors: 2
20:25:25.0835 3156 Page size: 0x1000
20:25:25.0835 3156 Boot type: Normal boot
20:25:25.0835 3156 ============================================================
20:25:26.0381 3156 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:25:26.0381 3156 Drive \Device\Harddisk1\DR1 - Size: 0x7D00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:25:26.0381 3156 ============================================================
20:25:26.0381 3156 \Device\Harddisk0\DR0:
20:25:26.0397 3156 MBR partitions:
20:25:26.0397 3156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1400000
20:25:26.0397 3156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1414000, BlocksNum 0x2401A000
20:25:26.0397 3156 \Device\Harddisk1\DR1:
20:25:26.0397 3156 MBR partitions:
20:25:26.0397 3156 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xE, StartLBA 0x3F, BlocksNum 0x3E7C1
20:25:26.0397 3156 ============================================================
20:25:26.0428 3156 C: <-> \Device\Harddisk0\DR0\Partition1
20:25:26.0459 3156 D: <-> \Device\Harddisk0\DR0\Partition0
20:25:26.0459 3156 ============================================================
20:25:26.0459 3156 Initialize success
20:25:26.0459 3156 ============================================================
20:25:30.0765 1492 ============================================================
20:25:30.0765 1492 Scan started
20:25:30.0765 1492 Mode: Manual;
20:25:30.0765 1492 ============================================================
20:25:31.0623 1492 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:25:31.0623 1492 ACPI - ok
20:25:31.0701 1492 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:25:31.0717 1492 AdobeARMservice - ok
20:25:31.0763 1492 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:25:31.0779 1492 AdobeFlashPlayerUpdateSvc - ok
20:25:31.0841 1492 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:25:31.0904 1492 adp94xx - ok
20:25:31.0919 1492 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:25:31.0935 1492 adpahci - ok
20:25:31.0951 1492 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:25:31.0966 1492 adpu160m - ok
20:25:31.0982 1492 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:25:31.0982 1492 adpu320 - ok
20:25:32.0013 1492 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:25:32.0013 1492 AeLookupSvc - ok
20:25:32.0060 1492 AERTFilters (330a1e4df07c2e29949ed8631cd8828e) C:\Windows\system32\AERTSrv.exe
20:25:32.0060 1492 AERTFilters - ok
20:25:32.0091 1492 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:25:32.0107 1492 AFD - ok
20:25:32.0138 1492 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
20:25:32.0138 1492 agp440 - ok
20:25:32.0169 1492 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:25:32.0169 1492 aic78xx - ok
20:25:32.0200 1492 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:25:32.0200 1492 ALG - ok
20:25:32.0216 1492 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
20:25:32.0216 1492 aliide - ok
20:25:32.0231 1492 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
20:25:32.0231 1492 amdagp - ok
20:25:32.0263 1492 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
20:25:32.0263 1492 amdide - ok
20:25:32.0278 1492 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:25:32.0278 1492 AmdK7 - ok
20:25:32.0294 1492 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
20:25:32.0294 1492 AmdK8 - ok
20:25:32.0341 1492 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:25:32.0341 1492 Appinfo - ok
20:25:32.0372 1492 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:25:32.0372 1492 arc - ok
20:25:32.0403 1492 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:25:32.0403 1492 arcsas - ok
20:25:32.0465 1492 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:25:32.0481 1492 aspnet_state - ok
20:25:32.0497 1492 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
20:25:32.0497 1492 aswFsBlk - ok
20:25:32.0528 1492 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
20:25:32.0528 1492 aswMonFlt - ok
20:25:32.0575 1492 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\Windows\system32\drivers\AswRdr.sys
20:25:32.0575 1492 AswRdr - ok
20:25:32.0621 1492 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
20:25:32.0637 1492 aswSnx - ok
20:25:32.0684 1492 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
20:25:32.0684 1492 aswSP - ok
20:25:32.0715 1492 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
20:25:32.0715 1492 aswTdi - ok
20:25:32.0746 1492 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:25:32.0746 1492 AsyncMac - ok
20:25:32.0777 1492 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:25:32.0777 1492 atapi - ok
20:25:32.0809 1492 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:25:32.0824 1492 AudioEndpointBuilder - ok
20:25:32.0824 1492 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:25:32.0840 1492 Audiosrv - ok
20:25:32.0933 1492 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:25:32.0933 1492 avast! Antivirus - ok
20:25:32.0965 1492 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:25:32.0965 1492 Beep - ok
20:25:32.0996 1492 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:25:33.0011 1492 BFE - ok
20:25:33.0027 1492 blbdrive - ok
20:25:33.0074 1492 BLKWGU(Belkin) (ed910b63a75863a89aab65f2763d5b71) C:\Windows\system32\DRIVERS\BLKWGU.sys
20:25:33.0089 1492 BLKWGU(Belkin) - ok
20:25:33.0121 1492 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:25:33.0121 1492 bowser - ok
20:25:33.0152 1492 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:25:33.0152 1492 BrFiltLo - ok
20:25:33.0167 1492 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:25:33.0167 1492 BrFiltUp - ok
20:25:33.0183 1492 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:25:33.0183 1492 Browser - ok
20:25:33.0214 1492 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:25:33.0214 1492 Brserid - ok
20:25:33.0245 1492 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:25:33.0245 1492 BrSerWdm - ok
20:25:33.0261 1492 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:25:33.0261 1492 BrUsbMdm - ok
20:25:33.0277 1492 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:25:33.0277 1492 BrUsbSer - ok
20:25:33.0308 1492 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:25:33.0308 1492 BTHMODEM - ok
20:25:33.0386 1492 catchme - ok
20:25:33.0417 1492 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:25:33.0417 1492 cdfs - ok
20:25:33.0448 1492 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:25:33.0464 1492 cdrom - ok
20:25:33.0495 1492 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:25:33.0495 1492 CertPropSvc - ok
20:25:33.0511 1492 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:25:33.0511 1492 circlass - ok
20:25:33.0557 1492 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:25:33.0573 1492 CLFS - ok
20:25:33.0635 1492 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:25:33.0635 1492 clr_optimization_v2.0.50727_32 - ok
20:25:33.0713 1492 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:25:33.0745 1492 clr_optimization_v4.0.30319_32 - ok
20:25:33.0760 1492 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
20:25:33.0760 1492 cmdide - ok
20:25:33.0776 1492 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
20:25:33.0776 1492 Compbatt - ok
20:25:33.0791 1492 COMSysApp - ok
20:25:33.0791 1492 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:25:33.0791 1492 crcdisk - ok
20:25:33.0807 1492 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:25:33.0807 1492 Crusoe - ok
20:25:33.0869 1492 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
20:25:33.0885 1492 CryptSvc - ok
20:25:33.0932 1492 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:25:33.0963 1492 DcomLaunch - ok
20:25:33.0994 1492 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:25:33.0994 1492 DfsC - ok
20:25:34.0088 1492 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:25:34.0150 1492 DFSR - ok
20:25:34.0259 1492 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:25:34.0275 1492 Dhcp - ok
20:25:34.0306 1492 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:25:34.0322 1492 disk - ok
20:25:34.0353 1492 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:25:34.0353 1492 Dnscache - ok
20:25:34.0384 1492 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:25:34.0400 1492 dot3svc - ok
20:25:34.0431 1492 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
20:25:34.0447 1492 Dot4 - ok
20:25:34.0478 1492 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:25:34.0478 1492 Dot4Print - ok
20:25:34.0493 1492 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
20:25:34.0493 1492 dot4usb - ok
20:25:34.0525 1492 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:25:34.0540 1492 DPS - ok
20:25:34.0556 1492 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:25:34.0556 1492 drmkaud - ok
20:25:34.0634 1492 DSBrokerService (245f62a2aa67f4a61f10174bf1017327) C:\Program Files\DellSupport\brkrsvc.exe
20:25:34.0649 1492 DSBrokerService - ok
20:25:34.0681 1492 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
20:25:34.0681 1492 DSproct - ok
20:25:34.0681 1492 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
20:25:34.0681 1492 dsunidrv - ok
20:25:34.0743 1492 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:25:34.0743 1492 DXGKrnl - ok
20:25:34.0805 1492 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
20:25:34.0805 1492 e1express - ok
20:25:34.0837 1492 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:25:34.0837 1492 E1G60 - ok
20:25:34.0852 1492 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:25:34.0868 1492 EapHost - ok
20:25:34.0915 1492 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:25:34.0915 1492 Ecache - ok
20:25:34.0961 1492 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:25:34.0977 1492 ehRecvr - ok
20:25:35.0008 1492 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:25:35.0008 1492 ehSched - ok
20:25:35.0024 1492 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:25:35.0024 1492 ehstart - ok
20:25:35.0071 1492 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:25:35.0071 1492 elxstor - ok
20:25:35.0133 1492 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:25:35.0149 1492 EMDMgmt - ok
20:25:35.0195 1492 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:25:35.0195 1492 EventSystem - ok
20:25:35.0242 1492 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:25:35.0242 1492 exfat - ok
20:25:35.0258 1492 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:25:35.0273 1492 fastfat - ok
20:25:35.0289 1492 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:25:35.0289 1492 fdc - ok
20:25:35.0320 1492 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:25:35.0320 1492 fdPHost - ok
20:25:35.0414 1492 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:25:35.0429 1492 FDResPub - ok
20:25:35.0554 1492 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:25:35.0554 1492 FileInfo - ok
20:25:35.0585 1492 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:25:35.0585 1492 Filetrace - ok
20:25:35.0617 1492 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:25:35.0617 1492 flpydisk - ok
20:25:35.0648 1492 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:25:35.0663 1492 FltMgr - ok
20:25:35.0726 1492 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:25:35.0757 1492 FontCache - ok
20:25:35.0819 1492 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:25:35.0819 1492 FontCache3.0.0.0 - ok
20:25:35.0851 1492 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:25:35.0851 1492 Fs_Rec - ok
20:25:35.0882 1492 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:25:35.0897 1492 gagp30kx - ok
20:25:35.0960 1492 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:25:35.0991 1492 gpsvc - ok
20:25:36.0116 1492 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:25:36.0116 1492 gupdate - ok
20:25:36.0147 1492 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:25:36.0147 1492 gupdatem - ok
20:25:36.0178 1492 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:25:36.0194 1492 gusvc - ok
20:25:36.0241 1492 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:25:36.0256 1492 HDAudBus - ok
20:25:36.0272 1492 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:25:36.0272 1492 HidBth - ok
20:25:36.0287 1492 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:25:36.0287 1492 HidIr - ok
20:25:36.0319 1492 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
20:25:36.0319 1492 hidserv - ok
20:25:36.0334 1492 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:25:36.0334 1492 HidUsb - ok
20:25:36.0365 1492 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:25:36.0365 1492 hkmsvc - ok
20:25:36.0381 1492 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:25:36.0381 1492 HpCISSs - ok
20:25:36.0443 1492 hpqcxs08 (fcb563b0a23643e5f80b6ff1e60f610f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:25:36.0459 1492 hpqcxs08 - ok
20:25:36.0475 1492 hpqddsvc (25e443e27165c652723a92d9bdfd4649) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:25:36.0475 1492 hpqddsvc - ok
20:25:36.0521 1492 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:25:36.0537 1492 HTTP - ok
20:25:36.0553 1492 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:25:36.0553 1492 i2omp - ok
20:25:36.0599 1492 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:25:36.0599 1492 i8042prt - ok
20:25:36.0662 1492 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
20:25:36.0677 1492 iaStor - ok
20:25:36.0709 1492 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:25:36.0724 1492 iaStorV - ok
20:25:36.0802 1492 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:25:36.0802 1492 IDriverT - ok
20:25:36.0911 1492 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:25:36.0958 1492 idsvc - ok
20:25:37.0083 1492 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:25:37.0145 1492 igfx - ok
20:25:37.0239 1492 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:25:37.0239 1492 iirsp - ok
20:25:37.0286 1492 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:25:37.0301 1492 IKEEXT - ok
20:25:37.0411 1492 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
20:25:37.0426 1492 IntcAzAudAddService - ok
20:25:37.0473 1492 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\DRIVERS\intelide.sys
20:25:37.0473 1492 intelide - ok
20:25:37.0504 1492 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:25:37.0504 1492 intelppm - ok
20:25:37.0535 1492 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:25:37.0535 1492 IPBusEnum - ok
20:25:37.0551 1492 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:25:37.0567 1492 IpFilterDriver - ok
20:25:37.0598 1492 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:25:37.0613 1492 iphlpsvc - ok
20:25:37.0613 1492 IpInIp - ok
20:25:37.0660 1492 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:25:37.0660 1492 IPMIDRV - ok
20:25:37.0691 1492 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:25:37.0691 1492 IPNAT - ok
20:25:37.0707 1492 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:25:37.0723 1492 IRENUM - ok
20:25:37.0738 1492 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
20:25:37.0738 1492 isapnp - ok
20:25:37.0769 1492 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:25:37.0769 1492 iScsiPrt - ok
20:25:37.0801 1492 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:25:37.0801 1492 iteatapi - ok
20:25:37.0832 1492 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:25:37.0832 1492 iteraid - ok
20:25:37.0847 1492 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:25:37.0863 1492 kbdclass - ok
20:25:37.0879 1492 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:25:37.0879 1492 kbdhid - ok
20:25:37.0894 1492 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:25:37.0894 1492 KeyIso - ok
20:25:37.0941 1492 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
20:25:37.0957 1492 KSecDD - ok
20:25:38.0003 1492 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:25:38.0019 1492 KtmRm - ok
20:25:38.0050 1492 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:25:38.0066 1492 LanmanServer - ok
20:25:38.0097 1492 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:25:38.0113 1492 LanmanWorkstation - ok
20:25:38.0144 1492 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:25:38.0144 1492 lltdio - ok
20:25:38.0191 1492 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:25:38.0206 1492 lltdsvc - ok
20:25:38.0222 1492 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:25:38.0237 1492 lmhosts - ok
20:25:38.0253 1492 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:25:38.0269 1492 LSI_FC - ok
20:25:38.0284 1492 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:25:38.0284 1492 LSI_SAS - ok
20:25:38.0300 1492 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:25:38.0300 1492 LSI_SCSI - ok
20:25:38.0331 1492 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:25:38.0331 1492 luafv - ok
20:25:38.0362 1492 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
20:25:38.0362 1492 MBAMSwissArmy - ok
20:25:38.0440 1492 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
20:25:38.0440 1492 McciCMService - ok
20:25:38.0456 1492 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:25:38.0471 1492 Mcx2Svc - ok
20:25:38.0503 1492 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:25:38.0503 1492 megasas - ok
20:25:38.0518 1492 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:25:38.0518 1492 MMCSS - ok
20:25:38.0549 1492 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:25:38.0549 1492 Modem - ok
20:25:38.0581 1492 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:25:38.0596 1492 monitor - ok
20:25:38.0612 1492 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:25:38.0612 1492 mouclass - ok
20:25:38.0627 1492 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:25:38.0627 1492 mouhid - ok
20:25:38.0659 1492 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:25:38.0659 1492 MountMgr - ok
20:25:38.0690 1492 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:25:38.0690 1492 mpio - ok
20:25:38.0721 1492 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:25:38.0721 1492 mpsdrv - ok
20:25:38.0783 1492 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:25:38.0799 1492 MpsSvc - ok
20:25:38.0815 1492 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:25:38.0815 1492 Mraid35x - ok
20:25:38.0893 1492 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
20:25:38.0893 1492 MREMP50 - ok
20:25:38.0893 1492 MREMPR5 - ok
20:25:38.0908 1492 MRENDIS5 - ok
20:25:38.0924 1492 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
20:25:38.0939 1492 MRESP50 - ok
20:25:38.0971 1492 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:25:38.0971 1492 MRxDAV - ok
20:25:38.0986 1492 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:25:39.0002 1492 mrxsmb - ok
20:25:39.0033 1492 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:25:39.0049 1492 mrxsmb10 - ok
20:25:39.0064 1492 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:25:39.0064 1492 mrxsmb20 - ok
20:25:39.0080 1492 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
20:25:39.0080 1492 msahci - ok
20:25:39.0111 1492 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:25:39.0111 1492 msdsm - ok
20:25:39.0142 1492 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:25:39.0158 1492 MSDTC - ok
20:25:39.0205 1492 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:25:39.0205 1492 Msfs - ok
20:25:39.0220 1492 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:25:39.0220 1492 msisadrv - ok
20:25:39.0283 1492 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:25:39.0329 1492 MSiSCSI - ok
20:25:39.0329 1492 msiserver - ok
20:25:39.0361 1492 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:25:39.0376 1492 MSKSSRV - ok
20:25:39.0392 1492 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:25:39.0392 1492 MSPCLOCK - ok
20:25:39.0423 1492 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:25:39.0423 1492 MSPQM - ok
20:25:39.0454 1492 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:25:39.0470 1492 MsRPC - ok
20:25:39.0485 1492 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:25:39.0485 1492 mssmbios - ok
20:25:39.0501 1492 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:25:39.0501 1492 MSTEE - ok
20:25:39.0517 1492 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:25:39.0517 1492 Mup - ok
20:25:39.0579 1492 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:25:39.0595 1492 napagent - ok
20:25:39.0641 1492 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:25:39.0641 1492 NativeWifiP - ok
20:25:39.0704 1492 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:25:39.0719 1492 NDIS - ok
20:25:39.0735 1492 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:25:39.0735 1492 NdisTapi - ok
20:25:39.0751 1492 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:25:39.0751 1492 Ndisuio - ok
20:25:39.0782 1492 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:25:39.0782 1492 NdisWan - ok
20:25:39.0813 1492 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:25:39.0813 1492 NDProxy - ok
20:25:39.0844 1492 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
20:25:39.0844 1492 Net Driver HPZ12 - ok
20:25:39.0860 1492 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:25:39.0860 1492 NetBIOS - ok
20:25:39.0891 1492 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:25:39.0891 1492 netbt - ok
20:25:39.0907 1492 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:25:39.0907 1492 Netlogon - ok
20:25:39.0938 1492 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:25:39.0953 1492 Netman - ok
20:25:39.0985 1492 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:25:40.0000 1492 netprofm - ok
20:25:40.0047 1492 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:25:40.0047 1492 NetTcpPortSharing - ok
20:25:40.0078 1492 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:25:40.0078 1492 nfrd960 - ok
20:25:40.0109 1492 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:25:40.0125 1492 NlaSvc - ok
20:25:40.0156 1492 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:25:40.0156 1492 Npfs - ok
20:25:40.0172 1492 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:25:40.0172 1492 nsi - ok
20:25:40.0203 1492 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:25:40.0203 1492 nsiproxy - ok
20:25:40.0265 1492 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:25:40.0297 1492 Ntfs - ok
20:25:40.0312 1492 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:25:40.0312 1492 ntrigdigi - ok
20:25:40.0328 1492 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:25:40.0328 1492 Null - ok
20:25:40.0359 1492 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:25:40.0390 1492 nvraid - ok
20:25:40.0421 1492 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:25:40.0421 1492 nvstor - ok
20:25:40.0437 1492 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
20:25:40.0453 1492 nv_agp - ok
20:25:40.0453 1492 NwlnkFlt - ok
20:25:40.0468 1492 NwlnkFwd - ok
20:25:40.0499 1492 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:25:40.0499 1492 ohci1394 - ok
20:25:40.0687 1492 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:25:40.0733 1492 ose - ok
20:25:40.0796 1492 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:25:40.0827 1492 p2pimsvc - ok
20:25:40.0843 1492 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:25:40.0858 1492 p2psvc - ok
20:25:40.0889 1492 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:25:40.0889 1492 Parport - ok
20:25:40.0921 1492 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
20:25:40.0921 1492 partmgr - ok
20:25:40.0952 1492 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:25:40.0952 1492 Parvdm - ok
20:25:40.0983 1492 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:25:40.0983 1492 PcaSvc - ok
20:25:41.0014 1492 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:25:41.0030 1492 pci - ok
20:25:41.0045 1492 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:25:41.0045 1492 pciide - ok
20:25:41.0092 1492 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:25:41.0092 1492 pcmcia - ok
20:25:41.0155 1492 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:25:41.0186 1492 PEAUTH - ok
20:25:41.0295 1492 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:25:41.0357 1492 pla - ok
20:25:41.0451 1492 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:25:41.0467 1492 PlugPlay - ok
20:25:41.0498 1492 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
20:25:41.0498 1492 Pml Driver HPZ12 - ok
20:25:41.0545 1492 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:25:41.0560 1492 PNRPAutoReg - ok
20:25:41.0560 1492 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:25:41.0576 1492 PNRPsvc - ok
20:25:41.0607 1492 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:25:41.0638 1492 PolicyAgent - ok
20:25:41.0685 1492 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:25:41.0685 1492 PptpMiniport - ok
20:25:41.0701 1492 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:25:41.0701 1492 Processor - ok
20:25:41.0747 1492 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:25:41.0763 1492 ProfSvc - ok
20:25:41.0794 1492 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:25:41.0794 1492 ProtectedStorage - ok
20:25:41.0825 1492 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:25:41.0825 1492 PSched - ok
20:25:41.0857 1492 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
20:25:41.0872 1492 PxHelp20 - ok
20:25:41.0919 1492 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:25:41.0966 1492 ql2300 - ok
20:25:41.0997 1492 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:25:41.0997 1492 ql40xx - ok
20:25:42.0028 1492 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:25:42.0044 1492 QWAVE - ok
20:25:42.0059 1492 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:25:42.0059 1492 QWAVEdrv - ok
20:25:42.0169 1492 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
20:25:42.0247 1492 R300 - ok
20:25:42.0356 1492 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:25:42.0356 1492 RasAcd - ok
20:25:42.0371 1492 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:25:42.0387 1492 RasAuto - ok
20:25:42.0418 1492 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:25:42.0418 1492 Rasl2tp - ok
20:25:42.0465 1492 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:25:42.0481 1492 RasMan - ok
20:25:42.0496 1492 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:25:42.0512 1492 RasPppoe - ok
20:25:42.0543 1492 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:25:42.0543 1492 RasSstp - ok
20:25:42.0574 1492 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:25:42.0574 1492 rdbss - ok
20:25:42.0590 1492 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:25:42.0590 1492 RDPCDD - ok
20:25:42.0621 1492 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
20:25:42.0637 1492 rdpdr - ok
20:25:42.0652 1492 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:25:42.0652 1492 RDPENCDD - ok
20:25:42.0683 1492 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
20:25:42.0699 1492 RDPWD - ok
20:25:42.0730 1492 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:25:42.0746 1492 RemoteAccess - ok
20:25:42.0777 1492 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:25:42.0793 1492 RemoteRegistry - ok
20:25:42.0808 1492 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:25:42.0824 1492 RpcLocator - ok
20:25:42.0855 1492 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:25:42.0871 1492 RpcSs - ok
20:25:42.0902 1492 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:25:42.0902 1492 rspndr - ok
20:25:42.0949 1492 RTL8192su (0797877413d3225700d94488f06273a8) C:\Windows\system32\DRIVERS\RTL8192su.sys
20:25:42.0980 1492 RTL8192su - ok
20:25:42.0995 1492 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:25:42.0995 1492 SamSs - ok
20:25:43.0027 1492 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:25:43.0042 1492 sbp2port - ok
20:25:43.0073 1492 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:25:43.0089 1492 SCardSvr - ok
20:25:43.0151 1492 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:25:43.0183 1492 Schedule - ok
20:25:43.0183 1492 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:25:43.0198 1492 SCPolicySvc - ok
20:25:43.0229 1492 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:25:43.0245 1492 SDRSVC - ok
20:25:43.0261 1492 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:25:43.0261 1492 secdrv - ok
20:25:43.0292 1492 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:25:43.0307 1492 seclogon - ok
20:25:43.0323 1492 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:25:43.0339 1492 SENS - ok
20:25:43.0354 1492 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:25:43.0370 1492 Serenum - ok
20:25:43.0385 1492 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:25:43.0401 1492 Serial - ok
20:25:43.0432 1492 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:25:43.0432 1492 sermouse - ok
20:25:43.0479 1492 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:25:43.0495 1492 SessionEnv - ok
20:25:43.0510 1492 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
20:25:43.0510 1492 sffdisk - ok
20:25:43.0526 1492 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:25:43.0526 1492 sffp_mmc - ok
20:25:43.0541 1492 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
20:25:43.0541 1492 sffp_sd - ok
20:25:43.0557 1492 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:25:43.0557 1492 sfloppy - ok
20:25:43.0588 1492 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:25:43.0604 1492 SharedAccess - ok
20:25:43.0635 1492 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:25:43.0651 1492 ShellHWDetection - ok
20:25:43.0666 1492 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
20:25:43.0682 1492 sisagp - ok
20:25:43.0697 1492 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:25:43.0697 1492 SiSRaid2 - ok
20:25:43.0713 1492 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:25:43.0713 1492 SiSRaid4 - ok
20:25:43.0869 1492 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:25:43.0963 1492 slsvc - ok
20:25:44.0041 1492 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:25:44.0056 1492 SLUINotify - ok
20:25:44.0087 1492 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:25:44.0087 1492 Smb - ok
20:25:44.0119 1492 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:25:44.0119 1492 SNMPTRAP - ok
20:25:44.0150 1492 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:25:44.0150 1492 spldr - ok
20:25:44.0181 1492 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:25:44.0197 1492 Spooler - ok
20:25:44.0259 1492 sprtsvc_dellsupportcenter - ok
20:25:44.0290 1492 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:25:44.0306 1492 srv - ok
20:25:44.0337 1492 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:25:44.0353 1492 srv2 - ok
20:25:44.0368 1492 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:25:44.0368 1492 srvnet - ok
20:25:44.0384 1492 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:25:44.0399 1492 SSDPSRV - ok
20:25:44.0446 1492 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:25:44.0462 1492 SstpSvc - ok
20:25:44.0509 1492 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:25:44.0524 1492 stisvc - ok
20:25:44.0540 1492 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:25:44.0555 1492 swenum - ok
20:25:44.0587 1492 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:25:44.0602 1492 swprv - ok
20:25:44.0633 1492 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:25:44.0633 1492 Symc8xx - ok
20:25:44.0649 1492 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:25:44.0665 1492 Sym_hi - ok
20:25:44.0665 1492 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:25:44.0680 1492 Sym_u3 - ok
20:25:44.0711 1492 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:25:44.0743 1492 SysMain - ok
20:25:44.0758 1492 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:25:44.0774 1492 TabletInputService - ok
20:25:44.0805 1492 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:25:44.0821 1492 TapiSrv - ok
20:25:44.0836 1492 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:25:44.0852 1492 TBS - ok
20:25:44.0914 1492 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
20:25:44.0930 1492 Tcpip - ok
20:25:44.0945 1492 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
20:25:44.0945 1492 Tcpip6 - ok
20:25:44.0961 1492 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
20:25:44.0961 1492 tcpipreg - ok
20:25:44.0992 1492 tdizx.sys - ok
20:25:45.0023 1492 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:25:45.0023 1492 TDPIPE - ok
20:25:45.0039 1492 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:25:45.0055 1492 TDTCP - ok
20:25:45.0070 1492 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:25:45.0070 1492 tdx - ok
20:25:45.0101 1492 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:25:45.0101 1492 TermDD - ok
20:25:45.0133 1492 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:25:45.0164 1492 TermService - ok
20:25:45.0195 1492 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:25:45.0195 1492 Themes - ok
20:25:45.0226 1492 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:25:45.0226 1492 THREADORDER - ok
20:25:45.0257 1492 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:25:45.0273 1492 TrkWks - ok
20:25:45.0304 1492 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:25:45.0304 1492 TrustedInstaller - ok
20:25:45.0335 1492 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:25:45.0335 1492 tssecsrv - ok
20:25:45.0351 1492 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:25:45.0351 1492 tunmp - ok
20:25:45.0382 1492 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:25:45.0382 1492 tunnel - ok
20:25:45.0413 1492 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:25:45.0413 1492 uagp35 - ok
20:25:45.0429 1492 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:25:45.0445 1492 udfs - ok
20:25:45.0491 1492 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:25:45.0507 1492 UI0Detect - ok
20:25:45.0523 1492 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
20:25:45.0523 1492 uliagpkx - ok
20:25:45.0554 1492 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:25:45.0554 1492 uliahci - ok
20:25:45.0585 1492 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:25:45.0601 1492 UlSata - ok
20:25:45.0616 1492 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:25:45.0616 1492 ulsata2 - ok
20:25:45.0647 1492 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:25:45.0647 1492 umbus - ok
20:25:45.0679 1492 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:25:45.0710 1492 upnphost - ok
20:25:45.0725 1492 USBAAPL - ok
20:25:45.0866 1492 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:25:45.0866 1492 usbccgp - ok
20:25:45.0959 1492 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:25:46.0115 1492 usbcir - ok
20:25:46.0131 1492 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:25:46.0131 1492 usbehci - ok
20:25:46.0193 1492 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:25:46.0209 1492 usbhub - ok
20:25:46.0225 1492 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:25:46.0240 1492 usbohci - ok
20:25:46.0240 1492 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:25:46.0256 1492 usbprint - ok
20:25:46.0287 1492 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:25:46.0287 1492 usbscan - ok
20:25:46.0303 1492 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:25:46.0318 1492 USBSTOR - ok
20:25:46.0349 1492 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:25:46.0349 1492 usbuhci - ok
20:25:46.0381 1492 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:25:46.0396 1492 UxSms - ok
20:25:46.0427 1492 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:25:46.0443 1492 vds - ok
20:25:46.0474 1492 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:25:46.0474 1492 vga - ok
20:25:46.0505 1492 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:25:46.0505 1492 VgaSave - ok
20:25:46.0521 1492 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
20:25:46.0537 1492 viaagp - ok
20:25:46.0552 1492 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:25:46.0552 1492 ViaC7 - ok
20:25:46.0583 1492 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
20:25:46.0583 1492 viaide - ok
20:25:46.0615 1492 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:25:46.0615 1492 volmgr - ok
20:25:46.0646 1492 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:25:46.0661 1492 volmgrx - ok
20:25:46.0693 1492 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:25:46.0708 1492 volsnap - ok
20:25:46.0739 1492 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:25:46.0755 1492 vsmraid - ok
20:25:46.0833 1492 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:25:46.0864 1492 VSS - ok
20:25:46.0895 1492 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:25:46.0911 1492 W32Time - ok
20:25:46.0958 1492 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:25:46.0958 1492 WacomPen - ok
20:25:47.0005 1492 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:25:47.0005 1492 Wanarp - ok
20:25:47.0005 1492 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:25:47.0020 1492 Wanarpv6 - ok
20:25:47.0051 1492 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:25:47.0067 1492 wcncsvc - ok
20:25:47.0098 1492 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:25:47.0098 1492 WcsPlugInService - ok
20:25:47.0114 1492 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:25:47.0114 1492 Wd - ok
20:25:47.0161 1492 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:25:47.0176 1492 Wdf01000 - ok
20:25:47.0207 1492 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:25:47.0223 1492 WdiServiceHost - ok
20:25:47.0223 1492 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:25:47.0239 1492 WdiSystemHost - ok
20:25:47.0270 1492 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:25:47.0270 1492 WebClient - ok
20:25:47.0317 1492 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:25:47.0332 1492 Wecsvc - ok
20:25:47.0348 1492 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:25:47.0363 1492 wercplsupport - ok
20:25:47.0395 1492 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:25:47.0410 1492 WerSvc - ok
20:25:47.0457 1492 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
20:25:47.0473 1492 WimFltr - ok
20:25:47.0551 1492 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:25:47.0551 1492 WinDefend - ok
20:25:47.0566 1492 WinHttpAutoProxySvc - ok
20:25:47.0629 1492 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:25:47.0644 1492 Winmgmt - ok
20:25:47.0707 1492 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:25:47.0785 1492 WinRM - ok
20:25:47.0831 1492 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:25:47.0847 1492 Wlansvc - ok
20:25:47.0894 1492 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
20:25:47.0894 1492 WmiAcpi - ok
20:25:47.0941 1492 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:25:47.0941 1492 wmiApSrv - ok
20:25:48.0034 1492 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:25:48.0065 1492 WMPNetworkSvc - ok
20:25:48.0081 1492 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:25:48.0097 1492 WPCSvc - ok
20:25:48.0128 1492 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:25:48.0143 1492 WPDBusEnum - ok
20:25:48.0159 1492 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:25:48.0175 1492 WpdUsb - ok
20:25:48.0268 1492 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:25:48.0299 1492 WPFFontCache_v0400 - ok
20:25:48.0315 1492 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:25:48.0315 1492 ws2ifsl - ok
20:25:48.0346 1492 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
20:25:48.0362 1492 wscsvc - ok
20:25:48.0362 1492 WSearch - ok
20:25:48.0471 1492 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
20:25:48.0533 1492 wuauserv - ok
20:25:48.0611 1492 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:25:48.0627 1492 WUDFRd - ok
20:25:48.0658 1492 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:25:48.0674 1492 wudfsvc - ok
20:25:48.0767 1492 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:25:48.0783 1492 YahooAUService - ok
20:25:48.0814 1492 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:25:48.0861 1492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:25:48.0861 1492 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:25:48.0861 1492 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
20:25:48.0939 1492 \Device\Harddisk1\DR1 - ok
20:25:48.0955 1492 Boot (0x1200) (cf0850cbdf6dd72d21137579a7ef6cb6) \Device\Harddisk0\DR0\Partition0
20:25:48.0955 1492 \Device\Harddisk0\DR0\Partition0 - ok
20:25:48.0955 1492 Boot (0x1200) (c5c3ec5b2306b89c65739c5032fa6c26) \Device\Harddisk0\DR0\Partition1
20:25:48.0955 1492 \Device\Harddisk0\DR0\Partition1 - ok
20:25:48.0970 1492 Boot (0x1200) (91cf500402824860ce140cfbcd8e3510) \Device\Harddisk1\DR1\Partition0
20:25:48.0970 1492 \Device\Harddisk1\DR1\Partition0 - ok
20:25:48.0970 1492 ============================================================
20:25:48.0970 1492 Scan finished
20:25:48.0970 1492 ============================================================
20:25:48.0986 1708 Detected object count: 1
20:25:48.0986 1708 Actual detected object count: 1
20:26:21.0184 1708 \Device\Harddisk0\DR0\# - copied to quarantine
20:26:21.0184 1708 \Device\Harddisk0\DR0 - copied to quarantine
20:26:21.0356 1708 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:26:21.0449 1708 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:26:21.0512 1708 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:26:21.0574 1708 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:26:25.0895 1708 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:26:26.0114 1708 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:26:26.0145 1708 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:26:26.0176 1708 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:26:26.0176 1708 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:26:26.0176 1708 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:26:26.0192 1708 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:26:26.0285 1708 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:26:26.0348 1708 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:26:26.0363 1708 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:26:26.0379 1708 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:26:26.0441 1708 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:26:26.0457 1708 \Device\Harddisk0\DR0 - ok
20:26:26.0473 1708 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
20:26:46.0456 3504 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-27 20:36:43
-----------------------------
20:36:43.535 OS Version: Windows 6.0.6002 Service Pack 2
20:36:43.535 Number of processors: 2 586 0xF02
20:36:43.535 ComputerName: DONNA-PC UserName: Donna
20:36:53.207 Initialize success
20:36:53.363 AVAST engine defs: 12072701
20:37:30.459 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
20:37:30.459 Disk 0 Vendor: ST3320620AS 3.ADG Size: 305245MB BusType: 3
20:37:30.506 Disk 0 MBR read successfully
20:37:30.506 Disk 0 MBR scan
20:37:30.522 Disk 0 Windows VISTA default MBR code
20:37:30.537 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:37:30.584 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 81920
20:37:30.615 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294964 MB offset 21053440
20:37:30.631 Disk 0 scanning sectors +625139712
20:37:30.709 Disk 0 scanning C:\Windows\system32\drivers
20:38:04.561 Service scanning
20:38:22.407 Modules scanning
20:38:33.733 Disk 0 trace - called modules:
20:38:33.764 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
20:38:33.780 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84fe31e8]
20:38:33.780 3 CLASSPNP.SYS[8a1a88b3] -> nt!IofCallDriver -> [0x84ef8918]
20:38:33.795 5 acpi.sys[806946bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x84f0b030]
20:38:40.597 AVAST engine scan C:\Windows
20:38:53.342 AVAST engine scan C:\Windows\system32
20:41:00.966 AVAST engine scan C:\Windows\system32\drivers
20:41:16.815 AVAST engine scan C:\Users\Donna
20:50:25.704 Disk 0 MBR has been saved successfully to "C:\Users\Donna\Desktop\MBR.dat"
20:50:25.704 The log file has been saved successfully to "C:\Users\Donna\Desktop\aswMBR.txt"
20:54:32.886 AVAST engine scan C:\ProgramData
20:56:54.019 Scan finished successfully
21:03:05.487 Disk 0 MBR has been saved successfully to "C:\Users\Donna\Desktop\MBR.dat"
21:03:05.502 The log file has been saved successfully to "C:\Users\Donna\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 PM

Posted 27 July 2012 - 11:29 PM

Greetings

I want you to uninstall chrome and if asked about user data or settings then remove that also

restart the computer and reinstall chrome


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sefnerr

sefnerr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 PM

Posted 28 July 2012 - 12:14 AM

Chrome is now working as it should. Avast is not showing any more detection. I think the only thing may be a long delay when starting. The computer boots to the desktop relatively fast, but there is a noticeable delay, 2-3min before the sidebar loads. Not sure if this is related. I appreciate all your help in this. Thank you.



ComboFix 12-07-27.03 - Donna 07/27/2012 21:48:34.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.2069 [GMT -7:00]
Running from: c:\users\Donna\Desktop\ComboFix.exe
Command switches used :: c:\users\Donna\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 04:57 . 2012-07-28 04:58 -------- d-----w- c:\users\Donna\AppData\Local\temp
2012-07-28 04:57 . 2012-07-28 04:57 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-28 04:57 . 2012-07-28 04:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 03:26 . 2012-07-28 03:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-24 21:27 . 2012-07-24 20:31 302592 ----a-w- C:\gmer.exe
2012-07-24 21:09 . 2012-07-24 20:29 607260 ------r- C:\dds.scr
2012-07-24 02:37 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-24 02:37 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-24 02:37 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-24 02:37 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-24 02:37 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-24 02:37 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-24 02:36 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-24 02:36 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-24 02:36 . 2012-07-24 02:36 -------- d-----w- c:\programdata\AVAST Software
2012-07-24 02:36 . 2012-07-24 02:36 -------- d-----w- c:\program files\AVAST Software
2012-07-24 01:20 . 2012-07-24 01:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-24 01:11 . 2012-07-28 02:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 10:03 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:38 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 12:38 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 12:38 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 12:38 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 12:38 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 12:38 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-30 17:17 . 2012-06-30 17:17 -------- d-----w- c:\programdata\Oberon Media
2012-06-30 17:17 . 2012-06-30 17:17 -------- d-----w- c:\users\Donna\AppData\Local\ArcadeCandy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 02:00 . 2012-02-27 20:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-22 17:18 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 17:18 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 17:18 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 17:18 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 17:18 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 17:18 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 17:18 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 17:18 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-22 17:18 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-05-01 14:03 . 2012-06-12 23:39 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-10 17:59 . 2012-03-10 17:59 454 ----a-w- c:\program files\031020129592255.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBC_McciTrayApp"="c:\program files\SBC\update\SST.exe" [2007-02-28 1011200]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 04:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 04:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" /startup
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"Google Update"="c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Weather"=c:\program files\AWS\WeatherBug\Weather.exe 1
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"RtHDVCpl"=RtHDVCpl.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"ECenter"=c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3176320566-1362754327-2260252347-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 02:00]
.
2012-07-28 c:\windows\Tasks\CandyUpdater.job
- c:\users\Donna\AppData\Local\ArcadeCandy\candyUpdater.exe [2012-06-25 22:45]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:01]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:01]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3176320566-1362754327-2260252347-1000Core.job
- c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 23:52]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3176320566-1362754327-2260252347-1000UA.job
- c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 23:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-27 21:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{D30BC29F-19F6-40B3-A91F-D4707048ADE6}"=hex:51,66,7a,6c,4c,1d,38,12,f1,c1,18,
d7,c4,57,dd,05,d6,09,97,30,75,16,e9,f2
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{A899079D-206F-43A6-BE6A-07E0FA648EA0}"=hex:51,66,7a,6c,4c,1d,38,12,f3,04,8a,
ac,5d,6e,c8,06,c1,7c,44,a0,ff,3a,ca,b4
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF}"=hex:51,66,7a,6c,4c,1d,38,12,e2,d3,78,
af,59,95,6c,0a,f5,34,08,93,46,b7,d4,eb
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a7,b3,01,19,dc,69,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,c1,95,f2,75,9b,47,4e,94,6c,ff,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,c1,95,f2,75,9b,47,4e,94,6c,ff,\
.
Completion time: 2012-07-27 22:02:33
ComboFix-quarantined-files.txt 2012-07-28 05:02
ComboFix2.txt 2012-07-28 00:53
.
Pre-Run: 229,339,717,632 bytes free
Post-Run: 229,568,520,192 bytes free
.
- - End Of File - - 74C186D4446E351EE3AFF3890F2DC046

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 PM

Posted 28 July 2012 - 12:16 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 31 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sefnerr

sefnerr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 PM

Posted 28 July 2012 - 01:10 AM

Things seem to be working as they should now.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Donna :: DONNA-PC [administrator]

7/27/2012 10:54:23 PM
mbam-log-2012-07-27 (22-54-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198210
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\Interface\{77777777-7777-7777-7777-770077227758} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:05:24 PM, on 7/27/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SBC\update\SST.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
C:\Users\Donna\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SBC_McciTrayApp] C:\Program Files\SBC\update\SST.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5412 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 PM

Posted 28 July 2012 - 02:17 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SBC_McciTrayApp] C:\Program Files\SBC\update\SST.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [Google Update] "C:\Users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe" /c
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sefnerr

sefnerr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 PM

Posted 28 July 2012 - 04:14 PM

Looks like there are a few more baddies to deal with. I disabled some of the start-up items and the desktop does seem to load faster.


ESET Log:

C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application
C:\Qoobox\Quarantine\C\Users\Donna\AppData\Local\Apple\APN\pjyywcyeo.dll.vir a variant of Win32/Kryptik.AIGL trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win32/Sirefef.FB.Gen trojan
C:\TDSSKiller_Quarantine\27.07.2012_20.25.25\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\27.07.2012_20.25.25\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\27.07.2012_20.25.25\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\27.07.2012_20.25.25\mbr0000\tdlfs0000\tsk0009.dta a variant of Win32/Olmarik.AYI trojan

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 PM

Posted 28 July 2012 - 04:42 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\TDSSKiller_Quarantine\"
    del /f /s /q "C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sefnerr

sefnerr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 PM

Posted 28 July 2012 - 05:17 PM

Thank you Gringo. This computer seems to be working fine once again. I appreciate all your help. Please check your paypal account. :-)

- Vince

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 PM

Posted 28 July 2012 - 05:28 PM

Thank you very much and you are more than welcome



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 PM

Posted 30 July 2012 - 11:18 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users