Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Removal help


  • This topic is locked This topic is locked
19 replies to this topic

#1 The_Stig

The_Stig

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 25 July 2012 - 08:47 AM

Referred from here: http://www.bleepingcomputer.com/forums/topic462297.html ~ OB
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Zac at 8:09:11 on 2012-07-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3922 [GMT -4:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1:9421
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: lsk_WebBlk Class: {1935e690-1ac1-4aa5-ba23-3d9d0ceb3a00} - C:\Windows\SysWOW64\Lsk_iBlk.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: The Pirate Bay Toolbar: {5b291e6c-9a74-4034-971b-a4b007a0b313} - C:\Program Files (x86)\The_Pirate_Bay\toolbar.ni.dll
BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
TB: The Pirate Bay Toolbar: {5b291e6c-9a74-4034-971b-a4b007a0b313} - C:\Program Files (x86)\The_Pirate_Bay\toolbar.ni.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
TB: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: PlayBox Toolbar: {5b291e6c-9a74-4034-971b-a4b007a0b315} -
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Adobe] rundll32.exe "C:\Users\Zac\AppData\Local\Apple Computer\Adobe\puwfrqgt.dll",CreateInstance
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [THGuard] "C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe"
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EA8713C9-52CC-42DD-A388-B7B0CCC5398B} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: lsk_WebBlk Class: {1935E690-1AC1-4AA5-BA23-3D9D0CEB3A00} - C:\Windows\SysWOW64\Lsk_iBlk.dll
BHO-X64: Internet Explorer Web Blocker - No File
BHO-X64: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: The Pirate Bay Toolbar: {5B291E6C-9A74-4034-971B-A4B007A0B313} - C:\Program Files (x86)\The_Pirate_Bay\toolbar.ni.dll
BHO-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO-X64: Somoto Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO-X64: TBSB05974 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
BHO-X64: TBSB05974 - No File
TB-X64: The Pirate Bay Toolbar: {5B291E6C-9A74-4034-971B-A4B007A0B313} - C:\Program Files (x86)\The_Pirate_Bay\toolbar.ni.dll
TB-X64: Search Toolbar: {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
TB-X64: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No File
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB-X64: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: PlayBox Toolbar: {5B291E6C-9A74-4034-971B-A4B007A0B315} -
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [THGuard] "C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe"
mRunOnce-x64: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer
mRunOnce-x64: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer
mRunOnce-x64: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
mRunOnce-x64: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
mRunOnce-x64: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
mRunOnce-x64: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 68.40.221.88 gtechnology.no-ip.org
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GAM-ASK&o=15954&locale=en_US&apn_uid=BAD420B6-C3CD-47AF-AA7B-88F5BC0DD12C&apn_ptnrs=X4&apn_sauid=7619691E-C521-4A19-B21D-BA84AC16F4F3&apn_dtid=&&q=
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_0_8\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\Engine.dll
FF - component: C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\extensions\{b80f591e-fe9a-46cf-a13e-180377240586}\components\RadioWMPCore.dll
FF - component: C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\extensions\{b80f591e-fe9a-46cf-a13e-180377240586}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
FF - component: C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Zac\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Zac\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-7-23 40384]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-7-23 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-7-23 40384]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 AppServer9PE;SunJavaSystemAppserver9PE;C:\Sun\SDK\lib\appservService.exe "\"C:\Sun\SDK\bin\asadmin.bat\" start-domain --user admin domain1" "\"C:\Sun\SDK\bin\asadmin.bat\" stop-domain domain1\" --> C:\Sun\SDK\lib\appservService.exe \C:\Sun\SDK\bin\asadmin.bat\ [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-21 250056]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys --> C:\Windows\system32\DRIVERS\motport.sys [?]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;C:\Windows\system32\DRIVERS\tinspusb.sys --> C:\Windows\system32\DRIVERS\tinspusb.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-07-24 22:05:20 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-24 11:52:49 -------- d-----w- C:\Users\Zac\AppData\Local\{7F95DE7D-CEC6-44BF-A343-798BCF482A51}
2012-07-24 11:52:36 -------- d-----w- C:\Users\Zac\AppData\Local\{1186CCF9-4E66-4324-BA93-CAA8C6AED70C}
2012-07-23 23:26:15 -------- d-----w- C:\Users\Zac\AppData\Local\{3DB365DB-DFFB-429C-8C6F-899487652C6E}
2012-07-23 23:26:02 -------- d-----w- C:\Users\Zac\AppData\Local\{BFBDA8C1-8123-46B6-8E55-C44FD4B017CA}
2012-07-23 22:10:59 -------- d-----w- C:\ProgramData\TrojanHunter
2012-07-23 22:10:57 -------- d-----w- C:\Program Files (x86)\TrojanHunter 5.5
2012-07-23 22:06:10 -------- d-----w- C:\Users\Zac\AppData\Roaming\SpeedyPC Software
2012-07-23 22:06:10 -------- d-----w- C:\Users\Zac\AppData\Roaming\DriverCure
2012-07-23 22:05:49 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-07-23 22:05:46 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-07-23 22:05:46 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
2012-07-23 21:13:05 290304 ----a-w- C:\subinacl.exe
2012-07-23 21:12:10 -------- d-----w- C:\Reg_Backup
2012-07-23 20:54:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-23 20:50:10 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-07-23 20:50:05 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-07-23 20:44:56 -------- d-----w- C:\_OTL
2012-07-23 16:50:46 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-23 16:50:28 38848 ----a-w- C:\Windows\avastSS.scr
2012-07-23 16:50:24 -------- d-----w- C:\ProgramData\Alwil Software
2012-07-23 11:17:32 -------- d-----w- C:\Users\Zac\AppData\Local\{52C395F0-0D8A-4B46-B5B0-655E42AA1F76}
2012-07-23 11:17:21 -------- d-----w- C:\Users\Zac\AppData\Local\{73A180BE-14AA-4909-A631-E14B8384F26C}
2012-07-22 23:17:07 -------- d-----w- C:\Users\Zac\AppData\Local\{E9978DAE-BD13-4EDF-91D9-B12DF0E1F605}
2012-07-22 23:16:56 -------- d-----w- C:\Users\Zac\AppData\Local\{879DCB27-4AB4-4E7B-84C9-93E8D7D88110}
2012-07-22 11:16:44 -------- d-----w- C:\Users\Zac\AppData\Local\{F21FA8DC-879F-4990-BAEB-84744DC0412A}
2012-07-22 11:16:33 -------- d-----w- C:\Users\Zac\AppData\Local\{C6DE586C-E65B-4056-B4FD-1FDAE601E225}
2012-07-21 23:08:27 -------- d-----w- C:\Users\Zac\AppData\Local\{64AA0BFB-704A-412A-9A25-9ABD992AFE7B}
2012-07-21 23:08:17 -------- d-----w- C:\Users\Zac\AppData\Local\{470ED9CF-72EC-4563-A7BA-11D8AE2B4BEB}
2012-07-21 21:21:38 -------- d-----w- C:\Users\Zac\AppData\Local\Macromedia
2012-07-21 18:20:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-21 18:20:13 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-21 11:08:04 -------- d-----w- C:\Users\Zac\AppData\Local\{05325A39-FFB6-41E9-ADB1-9930EE5DD12A}
2012-07-21 11:07:53 -------- d-----w- C:\Users\Zac\AppData\Local\{E1754A81-08B2-4732-A039-1760B3B2C9D8}
2012-07-20 19:24:43 -------- d-----w- C:\Users\Zac\AppData\Local\{77452347-64B1-4A85-A27A-C2A16FE2B4FE}
2012-07-20 19:24:32 -------- d-----w- C:\Users\Zac\AppData\Local\{CB56EC30-4D0A-4982-A917-52079F293C59}
2012-07-20 07:24:20 -------- d-----w- C:\Users\Zac\AppData\Local\{77C842B5-60CA-4D19-9B0A-3A91D7C323D0}
2012-07-20 07:24:09 -------- d-----w- C:\Users\Zac\AppData\Local\{3F9CF08A-6E29-4D63-ABAF-BD558B674EEB}
2012-07-19 17:10:28 -------- d-----w- C:\Users\Zac\AppData\Local\{6CA717CA-66D6-43EE-9C32-7EE2EF3B1F92}
2012-07-19 17:10:17 -------- d-----w- C:\Users\Zac\AppData\Local\{CEC359E0-7F77-4538-9F3C-F05467866BAD}
2012-07-18 23:48:15 -------- d-----w- C:\Users\Zac\AppData\Local\{4E80CCF6-6913-40E8-AB6E-6F758D6861D5}
2012-07-18 23:48:04 -------- d-----w- C:\Users\Zac\AppData\Local\{FBF502FB-7E55-40C3-AB61-5CDBCDCF9CDD}
2012-07-18 11:47:50 -------- d-----w- C:\Users\Zac\AppData\Local\{1FE3F2F7-9E5E-4FAC-BDFD-CFAB4EC79E1F}
2012-07-18 11:47:39 -------- d-----w- C:\Users\Zac\AppData\Local\{E614EFBA-ABA8-4FDF-95E7-BFB469BD490A}
2012-07-17 23:47:26 -------- d-----w- C:\Users\Zac\AppData\Local\{190BAEED-52DF-44ED-B01A-7E2BB128F55F}
2012-07-17 23:47:15 -------- d-----w- C:\Users\Zac\AppData\Local\{225E9FB8-8107-4826-BE93-7B20AFE36FA7}
2012-07-17 11:46:50 -------- d-----w- C:\Users\Zac\AppData\Local\{FCDB6069-BEA7-4CE5-91B7-F101731B5A26}
2012-07-17 11:46:39 -------- d-----w- C:\Users\Zac\AppData\Local\{87BBBB35-5FD6-4ADE-91DA-E589AAECDD21}
2012-07-16 14:24:00 -------- d-----w- C:\Users\Zac\AppData\Local\{E32A5F5D-201D-4FF0-9C3C-E96EE32FEBF6}
2012-07-16 14:23:48 -------- d-----w- C:\Users\Zac\AppData\Local\{67493BC8-2011-4203-A870-8A01210EE613}
2012-07-14 11:21:29 -------- d-----w- C:\Users\Zac\AppData\Local\{F538F9DB-D985-4ADE-BFCE-5C565674F907}
2012-07-14 11:21:17 -------- d-----w- C:\Users\Zac\AppData\Local\{384E8318-5251-44DF-BB6F-D604882FAECB}
2012-07-13 18:40:09 -------- d-----w- C:\Users\Zac\AppData\Local\{0C9DBFC7-98AC-4D68-9B14-66A119025263}
2012-07-13 18:39:58 -------- d-----w- C:\Users\Zac\AppData\Local\{7EA0F78B-0F12-4CE6-B9DE-E5C720E56596}
2012-07-12 14:59:17 -------- d-----w- C:\Users\Zac\AppData\Local\{C0560DD0-187B-466D-9593-E12927C34249}
2012-07-12 14:59:05 -------- d-----w- C:\Users\Zac\AppData\Local\{9448A7E9-2F8B-469D-8D65-1025BA42673B}
2012-07-12 07:01:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 02:34:33 -------- d-----w- C:\Users\Zac\AppData\Local\{118FA874-AB30-41B5-A463-FC3A699C6CF1}
2012-07-12 02:34:22 -------- d-----w- C:\Users\Zac\AppData\Local\{6333CF36-A97B-4A04-BC86-7CCED4C5679F}
2012-07-11 14:34:09 -------- d-----w- C:\Users\Zac\AppData\Local\{62EB9DB8-2DAD-422C-91DE-EE45FB0E412C}
2012-07-11 14:33:58 -------- d-----w- C:\Users\Zac\AppData\Local\{50DE5EB8-F9FE-4C7D-8220-91EFE4353207}
2012-07-10 19:22:36 -------- d-----w- C:\Users\Zac\AppData\Local\{0FB9FB2C-E368-4057-AA15-98197BDCD869}
2012-07-10 19:22:24 -------- d-----w- C:\Users\Zac\AppData\Local\{98CB6F85-DE7C-4EEA-80B5-D85C1BB38309}
2012-07-06 14:10:26 -------- d-----w- C:\Users\Zac\AppData\Local\{07A5DE78-ADD8-42EC-9DFA-CD9F07E747BA}
2012-07-06 14:10:15 -------- d-----w- C:\Users\Zac\AppData\Local\{426DE23A-2DF2-4BB1-83A4-E72954073C71}
2012-07-05 15:53:59 -------- d-----w- C:\Users\Zac\AppData\Local\{1D6D835F-002A-493E-A6B0-8FA7F67C5077}
2012-07-05 15:53:45 -------- d-----w- C:\Users\Zac\AppData\Local\{494364A4-52D3-4CCC-9590-CA335DE231A0}
2012-06-29 23:12:31 -------- d-----w- C:\Users\Zac\AppData\Local\{A14C948A-C904-4D22-9B86-2B137C5F8A42}
2012-06-29 23:12:19 -------- d-----w- C:\Users\Zac\AppData\Local\{7B4747DD-2A8C-4A1A-847B-568F82D05D14}
2012-06-29 11:12:06 -------- d-----w- C:\Users\Zac\AppData\Local\{5471A7CB-FEF9-4CA9-B778-D7E9A60525EC}
2012-06-29 11:11:55 -------- d-----w- C:\Users\Zac\AppData\Local\{EA36D5DA-EEA2-4AD8-B5EC-58AB81F61ABB}
2012-06-28 17:37:24 -------- d-----w- C:\Users\Zac\AppData\Local\{68192B83-6B61-46F4-A49C-0CC19B2DC62D}
2012-06-28 17:37:13 -------- d-----w- C:\Users\Zac\AppData\Local\{39F9475D-8407-46D5-9AAC-D02BA69C1120}
2012-06-27 23:49:58 -------- d-----w- C:\Users\Zac\AppData\Local\{60A092C5-86D6-451F-B261-DFF0779972D5}
2012-06-27 23:49:47 -------- d-----w- C:\Users\Zac\AppData\Local\{A2285830-3BE2-4D5A-B4CA-F40D26852814}
2012-06-27 11:49:33 -------- d-----w- C:\Users\Zac\AppData\Local\{B3620008-3AD9-4E0B-AFE7-56B1E1FD42DE}
2012-06-27 11:49:22 -------- d-----w- C:\Users\Zac\AppData\Local\{BB9412D6-C718-442E-8A51-6C01738717A5}
2012-06-26 14:56:57 -------- d-----w- C:\Users\Zac\AppData\Local\{3F7C64CB-9788-4F6D-B869-96CFFDBAFFED}
2012-06-26 14:56:45 -------- d-----w- C:\Users\Zac\AppData\Local\{CB75518E-A5B6-4DD0-8DC1-7957519CDC29}
2012-06-26 02:56:33 -------- d-----w- C:\Users\Zac\AppData\Local\{7A2C2D53-437C-4C54-B6A1-EECC1CF632FE}
2012-06-26 02:56:22 -------- d-----w- C:\Users\Zac\AppData\Local\{A3D5F23B-C400-4773-B07E-DA648C4D2B8D}
2012-06-25 14:56:09 -------- d-----w- C:\Users\Zac\AppData\Local\{0B5272FF-9A07-458D-AABF-313C446BF5A4}
2012-06-25 14:55:58 -------- d-----w- C:\Users\Zac\AppData\Local\{D701A869-5EEC-467E-BA24-704610B8147F}
2012-06-25 14:53:03 -------- d-----w- C:\Windows\en
2012-06-25 14:49:28 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b8aacb501cd52e101\DSETUP.dll
2012-06-25 14:49:28 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b8aacb501cd52e101\DXSETUP.exe
2012-06-25 14:49:28 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b8aacb501cd52e101\dsetup32.dll
2012-06-25 14:48:51 -------- d-----w- C:\Users\Zac\AppData\Local\{42556C43-4C30-4A17-9EA0-13C1C35816EE}
2012-06-25 14:48:40 -------- d-----w- C:\Users\Zac\AppData\Local\{A938A935-B279-44B9-BB3E-E2D9AF6B30B6}
.
==================== Find3M ====================
.
2012-07-21 19:53:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
============= FINISH: 8:11:16.24 ===============

Attached Files


Edited by Orange Blossom, 25 July 2012 - 07:39 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:52 PM

Posted 27 July 2012 - 01:08 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 The_Stig

The_Stig
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 27 July 2012 - 05:04 PM

ComboFix 12-07-27.03 - Zac 07/27/2012 16:52:12.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4279 [GMT -4:00]
Running from: c:\users\Zac\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\basis.xml
c:\program files (x86)\Search Toolbar\bg.bmp
c:\program files (x86)\Search Toolbar\bing_logo.png
c:\program files (x86)\Search Toolbar\celebrity.png
c:\program files (x86)\Search Toolbar\drop_images.png
c:\program files (x86)\Search Toolbar\drop_maps.png
c:\program files (x86)\Search Toolbar\drop_news.png
c:\program files (x86)\Search Toolbar\drop_videos.png
c:\program files (x86)\Search Toolbar\drop_web.png
c:\program files (x86)\Search Toolbar\facebook.png
c:\program files (x86)\Search Toolbar\favicon.png
c:\program files (x86)\Search Toolbar\games.png
c:\program files (x86)\Search Toolbar\hotmail.png
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\images.png
c:\program files (x86)\Search Toolbar\include.xml
c:\program files (x86)\Search Toolbar\info.txt
c:\program files (x86)\Search Toolbar\lifestyle.png
c:\program files (x86)\Search Toolbar\maps.png
c:\program files (x86)\Search Toolbar\messenger.png
c:\program files (x86)\Search Toolbar\msn.png
c:\program files (x86)\Search Toolbar\news.png
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\tbcore3.dll
c:\program files (x86)\Search Toolbar\tbhelper.dll
c:\program files (x86)\Search Toolbar\twitter.png
c:\program files (x86)\Search Toolbar\uninstall.exe
c:\program files (x86)\Search Toolbar\update.exe
c:\program files (x86)\Search Toolbar\version.txt
c:\program files (x86)\Search Toolbar\video.png
c:\program files (x86)\Search Toolbar\videos.png
c:\program files (x86)\Search Toolbar\weather.png
c:\program files (x86)\Search Toolbar\web.png
c:\program files (x86)\somototoolbar\vmNTemplatex.dll
c:\users\Zac\AppData\Local\Apple Computer\Adobe\puwfrqgt.dll
c:\users\Zac\AppData\Local\assembly\tmp
c:\users\Zac\AppData\Local\TempDIR
c:\users\Zac\AppData\Roaming\6ad5bb60c75b4ccde42fd0a36026cffc_c68827fd-c27b-4547-9594-982fb91d1c77.gpg
c:\users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\extensions\{13d19e97-a3b3-4b04-b6a6-ed8b28774592}
c:\users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\extensions\{13d19e97-a3b3-4b04-b6a6-ed8b28774592}\chrome\xulcache.jar
c:\users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\extensions\{13d19e97-a3b3-4b04-b6a6-ed8b28774592}\defaults\preferences\xulcache.js
c:\users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\extensions\{13d19e97-a3b3-4b04-b6a6-ed8b28774592}\install.rdf
c:\windows\Installer\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}\@
c:\windows\Installer\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}\L\00000004.@
c:\windows\Installer\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}\L\201d3dde
c:\windows\Installer\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}\U\80000000.@
c:\windows\SysWow64\MSMAsk32.ocx
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 21:06 . 2012-07-27 21:06 -------- d-----w- c:\users\Mcx1-ZAC-PC\AppData\Local\temp
2012-07-27 21:06 . 2012-07-27 21:06 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-07-27 21:06 . 2012-07-27 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 20:29 . 2012-07-27 20:30 -------- d-----w- c:\program files (x86)\MagicDisc
2012-07-27 20:29 . 2009-02-24 22:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-07-27 20:29 . 2009-02-24 22:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-07-24 22:05 . 2012-07-24 22:05 -------- d-----w- c:\program files (x86)\ESET
2012-07-23 22:10 . 2012-07-23 22:11 -------- d-----w- c:\programdata\TrojanHunter
2012-07-23 22:10 . 2012-07-23 23:35 -------- d-----w- c:\program files (x86)\TrojanHunter 5.5
2012-07-23 22:06 . 2012-07-23 22:06 -------- d-----w- c:\users\Zac\AppData\Roaming\SpeedyPC Software
2012-07-23 22:06 . 2012-07-23 22:06 -------- d-----w- c:\users\Zac\AppData\Roaming\DriverCure
2012-07-23 22:05 . 2012-07-23 22:05 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-07-23 22:05 . 2012-07-23 22:05 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-23 22:05 . 2012-07-23 22:05 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-07-23 21:13 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-07-23 21:12 . 2012-07-23 21:12 -------- d-----w- C:\Reg_Backup
2012-07-23 21:12 . 2012-07-23 21:24 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-07-23 20:54 . 2012-07-23 20:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-23 20:50 . 2012-07-23 21:24 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-07-23 20:50 . 2012-07-23 20:50 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-07-23 20:44 . 2012-07-23 20:44 -------- d-----w- C:\_OTL
2012-07-23 16:50 . 2010-06-28 20:37 121936 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-23 16:50 . 2010-06-28 20:32 20048 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-23 16:50 . 2010-06-28 20:33 28752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-23 16:50 . 2010-06-28 20:37 51280 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-23 16:50 . 2010-06-28 20:33 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-23 16:50 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2012-07-23 16:50 . 2010-06-28 20:57 165032 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-23 16:50 . 2012-07-23 16:50 -------- d-----w- c:\programdata\Alwil Software
2012-07-23 16:50 . 2012-07-23 16:50 -------- d-----w- c:\program files\Alwil Software
2012-07-21 21:21 . 2012-07-21 21:21 -------- d-----w- c:\users\Zac\AppData\Local\Macromedia
2012-07-21 18:20 . 2012-07-27 18:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-21 18:20 . 2012-07-21 18:20 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-21 18:20 . 2012-07-21 18:20 -------- d-----w- c:\windows\system32\Macromed
2012-07-12 07:01 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 18:53 . 2011-08-12 20:37 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2012-01-14 18:15 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-19 12:31 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 12:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 12:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 12:32 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 12:31 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 12:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 12:31 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 12:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 12:31 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 01:48 . 2012-06-02 01:48 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-02 01:48 . 2012-06-02 01:48 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-02 01:47 . 2012-06-02 01:47 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-15 04:01 . 2012-06-12 23:15 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-12 23:15 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-12 23:15 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-11 02:41 . 2009-11-15 18:16 57848688 ----a-w- c:\windows\system32\MRT.exe
2012-05-04 11:06 . 2012-06-12 23:15 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 23:15 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 23:15 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 23:15 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 15:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 01:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-12 244480]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-06-13 202256]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"THGuard"="c:\program files (x86)\TrojanHunter 5.5\THGuard.exe" [2011-12-06 1088280]
.
c:\users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-7-27 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AppServer9PE;SunJavaSystemAppserver9PE;c:\sun\SDK\lib\appservService.exe [2009-11-15 26826]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-02-10 35840]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-14 144896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2009-10-27 30208]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2009-07-29 717312]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2009-08-29 49152]
R3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 142848]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 61008]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-16 2249000]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 18:53]
.
2012-07-25 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 23:17]
.
2012-07-26 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-07-27 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2012-07-24 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GAM-ASK&o=15954&locale=en_US&apn_uid=BAD420B6-C3CD-47AF-AA7B-88F5BC0DD12C&apn_ptnrs=X4&apn_sauid=7619691E-C521-4A19-B21D-BA84AC16F4F3&apn_dtid=&&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files (x86)\Search Toolbar\tbcore3.dll
Toolbar-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Wow6432Node-HKCU-Run-Adobe - c:\users\Zac\AppData\Local\Apple Computer\Adobe\puwfrqgt.dll
SafeBoot-07311848.sys
Toolbar-Locked - (no file)
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-Windows 7 - Codec Pack - c:\windows\SysWOW64\C2MP\Uninst.exe
AddRemove-Guild Wars - c:\users\Zac\Desktop\Guild Wars\Gw.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"3\" oldDevice=\"\" timeDiff=\"1\" expireTime=\"1316752923\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"195\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />\0a"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2012-07-27 17:18:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-27 21:18
.
Pre-Run: 461,628,329,984 bytes free
Post-Run: 464,782,938,112 bytes free
.
- - End Of File - - 3773C6C388D7F8F06D76FA620D604F86

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:52 PM

Posted 27 July 2012 - 05:33 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 The_Stig

The_Stig
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 28 July 2012 - 03:05 PM

Ok, I have the logs and will post them in a minute, but why am I having to run things as administrator now to get them to work? After I ran the program you told me to certain things don't work. How do I go about fixing that issue?


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-28 15:39:02
-----------------------------
15:39:02.357 OS Version: Windows x64 6.1.7601 Service Pack 1
15:39:02.357 Number of processors: 2 586 0x170A
15:39:02.357 ComputerName: ZAC-PC UserName: Zac
15:39:04.650 Initialize success
15:39:04.728 AVAST engine defs: 12072800
15:39:15.804 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:39:15.820 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
15:39:15.882 Disk 0 MBR read successfully
15:39:15.882 Disk 0 MBR scan
15:39:15.898 Disk 0 Windows 7 default MBR code
15:39:15.929 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
15:39:15.929 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
15:39:15.976 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938407 MB offset 31664128
15:39:16.241 Disk 0 scanning C:\Windows\system32\drivers
15:39:40.827 Service scanning
15:40:04.626 Modules scanning
15:40:04.626 Disk 0 trace - called modules:
15:40:04.689 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:40:05.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006485060]
15:40:05.203 3 CLASSPNP.SYS[fffff88001ba843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8005eeb050]
15:40:07.481 AVAST engine scan C:\Windows
15:40:58.587 AVAST engine scan C:\Windows\system32
15:43:26.406 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:43:28.956 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:45:31.486 AVAST engine scan C:\Windows\system32\drivers
15:45:43.236 AVAST engine scan C:\Users\Zac
15:46:05.686 File: C:\Users\Zac\AppData\Local\Akamai\netsession_win.exe **INFECTED** Win32:Malware-gen
15:58:47.287 Disk 0 MBR has been saved successfully to "C:\Users\Zac\Desktop\MBR.dat"
15:58:47.302 The log file has been saved successfully to "C:\Users\Zac\Desktop\aswMBR.txt"


13:34:26.0029 3380 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:34:26.0329 3380 ============================================================
13:34:26.0329 3380 Current date / time: 2012/07/28 13:34:26.0329
13:34:26.0329 3380 SystemInfo:
13:34:26.0329 3380
13:34:26.0329 3380 OS Version: 6.1.7601 ServicePack: 1.0
13:34:26.0329 3380 Product type: Workstation
13:34:26.0329 3380 ComputerName: ZAC-PC
13:34:26.0329 3380 UserName: Zac
13:34:26.0329 3380 Windows directory: C:\Windows
13:34:26.0329 3380 System windows directory: C:\Windows
13:34:26.0329 3380 Running under WOW64
13:34:26.0329 3380 Processor architecture: Intel x64
13:34:26.0329 3380 Number of processors: 2
13:34:26.0329 3380 Page size: 0x1000
13:34:26.0329 3380 Boot type: Normal boot
13:34:26.0329 3380 ============================================================
13:34:26.0649 3380 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:34:26.0669 3380 ============================================================
13:34:26.0669 3380 \Device\Harddisk0\DR0:
13:34:26.0669 3380 MBR partitions:
13:34:26.0669 3380 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
13:34:26.0669 3380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x728D3800
13:34:26.0669 3380 ============================================================
13:34:26.0719 3380 C: <-> \Device\Harddisk0\DR0\Partition1
13:34:26.0719 3380 ============================================================
13:34:26.0719 3380 Initialize success
13:34:26.0719 3380 ============================================================
13:34:41.0549 2176 ============================================================
13:34:41.0549 2176 Scan started
13:34:41.0549 2176 Mode: Manual;
13:34:41.0549 2176 ============================================================
13:34:42.0139 2176 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:34:42.0149 2176 1394ohci - ok
13:34:42.0199 2176 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:34:42.0209 2176 ACPI - ok
13:34:42.0249 2176 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:34:42.0249 2176 AcpiPmi - ok
13:34:42.0359 2176 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:34:42.0359 2176 AdobeFlashPlayerUpdateSvc - ok
13:34:42.0419 2176 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:34:42.0439 2176 adp94xx - ok
13:34:42.0459 2176 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:34:42.0469 2176 adpahci - ok
13:34:42.0489 2176 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:34:42.0489 2176 adpu320 - ok
13:34:42.0529 2176 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:34:42.0529 2176 AeLookupSvc - ok
13:34:42.0599 2176 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:34:42.0609 2176 AFD - ok
13:34:42.0639 2176 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:34:42.0649 2176 agp440 - ok
13:34:42.0679 2176 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:34:42.0679 2176 ALG - ok
13:34:42.0719 2176 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:34:42.0719 2176 aliide - ok
13:34:42.0779 2176 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
13:34:42.0789 2176 AMD External Events Utility - ok
13:34:42.0799 2176 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:34:42.0799 2176 amdide - ok
13:34:42.0839 2176 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:34:42.0839 2176 AmdK8 - ok
13:34:43.0299 2176 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:34:43.0399 2176 amdkmdag - ok
13:34:43.0529 2176 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
13:34:43.0529 2176 amdkmdap - ok
13:34:43.0549 2176 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:34:43.0549 2176 AmdPPM - ok
13:34:43.0599 2176 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:34:43.0609 2176 amdsata - ok
13:34:43.0629 2176 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:34:43.0639 2176 amdsbs - ok
13:34:43.0649 2176 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:34:43.0649 2176 amdxata - ok
13:34:43.0729 2176 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
13:34:43.0729 2176 AppHostSvc - ok
13:34:43.0789 2176 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:34:43.0789 2176 AppID - ok
13:34:43.0809 2176 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:34:43.0819 2176 AppIDSvc - ok
13:34:43.0859 2176 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:34:43.0859 2176 Appinfo - ok
13:34:43.0979 2176 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
13:34:43.0979 2176 Apple Mobile Device - ok
13:34:44.0059 2176 AppServer9PE - ok
13:34:44.0099 2176 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:34:44.0099 2176 arc - ok
13:34:44.0119 2176 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:34:44.0129 2176 arcsas - ok
13:34:44.0269 2176 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:34:44.0279 2176 aspnet_state - ok
13:34:44.0319 2176 aswFsBlk (e8184039d57365bee3eaa750375c44ad) C:\Windows\system32\drivers\aswFsBlk.sys
13:34:44.0319 2176 aswFsBlk - ok
13:34:44.0349 2176 aswMonFlt (c671e9548d3d1b4cd15d0b164d9d01c7) C:\Windows\system32\drivers\aswMonFlt.sys
13:34:44.0349 2176 aswMonFlt - ok
13:34:44.0369 2176 aswRdr (dee012d532c3f62ca099961505f41cf6) C:\Windows\system32\drivers\aswRdr.sys
13:34:44.0369 2176 aswRdr - ok
13:34:44.0399 2176 aswSP (56bbd39753b9f7461c4de03c3217249d) C:\Windows\system32\drivers\aswSP.sys
13:34:44.0399 2176 aswSP - ok
13:34:44.0419 2176 aswTdi (193691b35598642a328d880483dc0ed9) C:\Windows\system32\drivers\aswTdi.sys
13:34:44.0419 2176 aswTdi - ok
13:34:44.0449 2176 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:34:44.0449 2176 AsyncMac - ok
13:34:44.0489 2176 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:34:44.0489 2176 atapi - ok
13:34:44.0579 2176 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:34:44.0619 2176 AudioEndpointBuilder - ok
13:34:44.0629 2176 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:34:44.0639 2176 AudioSrv - ok
13:34:44.0739 2176 avast! Antivirus (b2386a8e66891f7cfec9f5a03f0f1210) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:34:44.0739 2176 avast! Antivirus - ok
13:34:44.0739 2176 avast! Mail Scanner (b2386a8e66891f7cfec9f5a03f0f1210) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:34:44.0739 2176 avast! Mail Scanner - ok
13:34:44.0749 2176 avast! Web Scanner (b2386a8e66891f7cfec9f5a03f0f1210) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:34:44.0749 2176 avast! Web Scanner - ok
13:34:44.0799 2176 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:34:44.0799 2176 AxInstSV - ok
13:34:44.0859 2176 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:34:44.0879 2176 b06bdrv - ok
13:34:44.0919 2176 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:34:44.0919 2176 b57nd60a - ok
13:34:45.0079 2176 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
13:34:45.0079 2176 BBSvc - ok
13:34:45.0119 2176 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
13:34:45.0119 2176 BBUpdate - ok
13:34:45.0149 2176 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:34:45.0149 2176 BDESVC - ok
13:34:45.0169 2176 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:34:45.0169 2176 Beep - ok
13:34:45.0249 2176 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:34:45.0299 2176 BFE - ok
13:34:45.0349 2176 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:34:45.0349 2176 blbdrive - ok
13:34:45.0419 2176 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
13:34:45.0419 2176 Bonjour Service - ok
13:34:45.0459 2176 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:34:45.0459 2176 bowser - ok
13:34:45.0479 2176 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:34:45.0479 2176 BrFiltLo - ok
13:34:45.0489 2176 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:34:45.0499 2176 BrFiltUp - ok
13:34:45.0509 2176 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:34:45.0519 2176 BridgeMP - ok
13:34:45.0549 2176 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:34:45.0549 2176 Browser - ok
13:34:45.0579 2176 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:34:45.0579 2176 Brserid - ok
13:34:45.0609 2176 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:34:45.0619 2176 BrSerWdm - ok
13:34:45.0619 2176 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:34:45.0619 2176 BrUsbMdm - ok
13:34:45.0629 2176 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:34:45.0629 2176 BrUsbSer - ok
13:34:45.0639 2176 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:34:45.0639 2176 BTHMODEM - ok
13:34:45.0669 2176 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:34:45.0669 2176 bthserv - ok
13:34:45.0729 2176 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
13:34:45.0739 2176 BVRPMPR5a64 - ok
13:34:45.0749 2176 catchme - ok
13:34:45.0769 2176 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:34:45.0769 2176 cdfs - ok
13:34:45.0839 2176 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:34:45.0839 2176 cdrom - ok
13:34:45.0889 2176 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:34:45.0889 2176 CertPropSvc - ok
13:34:45.0899 2176 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:34:45.0899 2176 circlass - ok
13:34:45.0929 2176 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:34:45.0929 2176 CLFS - ok
13:34:46.0009 2176 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:34:46.0019 2176 clr_optimization_v2.0.50727_32 - ok
13:34:46.0039 2176 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:34:46.0039 2176 clr_optimization_v2.0.50727_64 - ok
13:34:46.0139 2176 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:34:46.0139 2176 clr_optimization_v4.0.30319_32 - ok
13:34:46.0179 2176 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:34:46.0179 2176 clr_optimization_v4.0.30319_64 - ok
13:34:46.0209 2176 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:34:46.0209 2176 CmBatt - ok
13:34:46.0239 2176 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:34:46.0249 2176 cmdide - ok
13:34:46.0299 2176 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
13:34:46.0319 2176 CNG - ok
13:34:46.0329 2176 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:34:46.0329 2176 Compbatt - ok
13:34:46.0389 2176 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:34:46.0389 2176 CompositeBus - ok
13:34:46.0399 2176 COMSysApp - ok
13:34:46.0399 2176 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:34:46.0399 2176 crcdisk - ok
13:34:46.0449 2176 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:34:46.0459 2176 CryptSvc - ok
13:34:46.0509 2176 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
13:34:46.0509 2176 dc3d - ok
13:34:46.0569 2176 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:34:46.0579 2176 DcomLaunch - ok
13:34:46.0669 2176 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:34:46.0669 2176 defragsvc - ok
13:34:46.0709 2176 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:34:46.0709 2176 DfsC - ok
13:34:46.0769 2176 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:34:46.0769 2176 Dhcp - ok
13:34:46.0779 2176 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:34:46.0779 2176 discache - ok
13:34:46.0799 2176 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:34:46.0809 2176 Disk - ok
13:34:46.0849 2176 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:34:46.0859 2176 Dnscache - ok
13:34:46.0899 2176 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:34:46.0909 2176 dot3svc - ok
13:34:46.0979 2176 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:34:46.0979 2176 Dot4 - ok
13:34:47.0029 2176 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:34:47.0029 2176 Dot4Print - ok
13:34:47.0039 2176 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:34:47.0039 2176 dot4usb - ok
13:34:47.0069 2176 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:34:47.0079 2176 DPS - ok
13:34:47.0089 2176 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:34:47.0089 2176 drmkaud - ok
13:34:47.0169 2176 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:34:47.0179 2176 DXGKrnl - ok
13:34:47.0219 2176 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
13:34:47.0219 2176 e1yexpress - ok
13:34:47.0249 2176 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:34:47.0259 2176 EapHost - ok
13:34:47.0429 2176 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:34:47.0489 2176 ebdrv - ok
13:34:47.0609 2176 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:34:47.0609 2176 EFS - ok
13:34:47.0659 2176 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:34:47.0669 2176 ehRecvr - ok
13:34:47.0699 2176 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:34:47.0699 2176 ehSched - ok
13:34:47.0759 2176 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:34:47.0769 2176 elxstor - ok
13:34:47.0809 2176 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:34:47.0809 2176 ErrDev - ok
13:34:47.0859 2176 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:34:47.0859 2176 EventSystem - ok
13:34:47.0879 2176 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:34:47.0889 2176 exfat - ok
13:34:47.0909 2176 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:34:47.0909 2176 fastfat - ok
13:34:47.0979 2176 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:34:47.0989 2176 Fax - ok
13:34:47.0999 2176 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:34:47.0999 2176 fdc - ok
13:34:48.0019 2176 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:34:48.0029 2176 fdPHost - ok
13:34:48.0039 2176 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:34:48.0039 2176 FDResPub - ok
13:34:48.0059 2176 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:34:48.0059 2176 FileInfo - ok
13:34:48.0069 2176 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:34:48.0069 2176 Filetrace - ok
13:34:48.0169 2176 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:34:48.0179 2176 FLEXnet Licensing Service - ok
13:34:48.0189 2176 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:34:48.0189 2176 flpydisk - ok
13:34:48.0229 2176 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:34:48.0239 2176 FltMgr - ok
13:34:48.0269 2176 Folding@home-CPU-[1] - ok
13:34:48.0279 2176 Folding@home-CPU-[2] - ok
13:34:48.0369 2176 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:34:48.0389 2176 FontCache - ok
13:34:48.0479 2176 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:34:48.0479 2176 FontCache3.0.0.0 - ok
13:34:48.0499 2176 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:34:48.0499 2176 FsDepends - ok
13:34:48.0529 2176 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:34:48.0529 2176 Fs_Rec - ok
13:34:48.0589 2176 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:34:48.0589 2176 fvevol - ok
13:34:48.0609 2176 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:34:48.0609 2176 gagp30kx - ok
13:34:48.0669 2176 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
13:34:48.0679 2176 GameConsoleService - ok
13:34:48.0709 2176 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:34:48.0709 2176 GEARAspiWDM - ok
13:34:48.0779 2176 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:34:48.0809 2176 gpsvc - ok
13:34:48.0929 2176 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
13:34:48.0939 2176 Greg_Service - ok
13:34:49.0069 2176 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
13:34:49.0069 2176 hamachi - ok
13:34:49.0089 2176 Hardlock - ok
13:34:49.0109 2176 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:34:49.0119 2176 hcw85cir - ok
13:34:49.0179 2176 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:34:49.0179 2176 HdAudAddService - ok
13:34:49.0209 2176 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:34:49.0209 2176 HDAudBus - ok
13:34:49.0219 2176 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:34:49.0219 2176 HidBatt - ok
13:34:49.0239 2176 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:34:49.0239 2176 HidBth - ok
13:34:49.0259 2176 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:34:49.0259 2176 HidIr - ok
13:34:49.0299 2176 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:34:49.0299 2176 hidserv - ok
13:34:49.0319 2176 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:34:49.0319 2176 HidUsb - ok
13:34:49.0369 2176 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:34:49.0369 2176 hkmsvc - ok
13:34:49.0409 2176 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:34:49.0419 2176 HomeGroupListener - ok
13:34:49.0449 2176 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:34:49.0459 2176 HomeGroupProvider - ok
13:34:49.0489 2176 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:34:49.0499 2176 HpSAMD - ok
13:34:49.0659 2176 HPSLPSVC (1be48b0542c91487bb8a94bf2278f55d) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:34:49.0669 2176 HPSLPSVC - ok
13:34:49.0819 2176 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:34:49.0829 2176 HTTP - ok
13:34:49.0859 2176 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:34:49.0859 2176 hwpolicy - ok
13:34:49.0909 2176 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:34:49.0909 2176 i8042prt - ok
13:34:49.0959 2176 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
13:34:49.0959 2176 iaStor - ok
13:34:50.0019 2176 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:34:50.0029 2176 iaStorV - ok
13:34:50.0139 2176 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:34:50.0139 2176 IDriverT - ok
13:34:50.0259 2176 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:34:50.0269 2176 idsvc - ok
13:34:50.0829 2176 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:34:50.0929 2176 igfx - ok
13:34:51.0019 2176 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:34:51.0029 2176 iirsp - ok
13:34:51.0099 2176 IISADMIN (ab55b8a9b13130f638546881ce4425f8) C:\Windows\system32\inetsrv\inetinfo.exe
13:34:51.0099 2176 IISADMIN - ok
13:34:51.0189 2176 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:34:51.0199 2176 IKEEXT - ok
13:34:51.0319 2176 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
13:34:51.0329 2176 IntcAzAudAddService - ok
13:34:51.0409 2176 IntcHdmiAddService (b3b15f6c195299982c8cc8ee0fb945fa) C:\Windows\system32\drivers\IntcHdmi.sys
13:34:51.0419 2176 IntcHdmiAddService - ok
13:34:51.0449 2176 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:34:51.0449 2176 intelide - ok
13:34:51.0469 2176 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:34:51.0479 2176 intelppm - ok
13:34:51.0519 2176 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:34:51.0529 2176 IPBusEnum - ok
13:34:51.0559 2176 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:34:51.0559 2176 IpFilterDriver - ok
13:34:51.0639 2176 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:34:51.0649 2176 iphlpsvc - ok
13:34:51.0689 2176 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:34:51.0689 2176 IPMIDRV - ok
13:34:51.0719 2176 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:34:51.0719 2176 IPNAT - ok
13:34:51.0809 2176 iPod Service (1475a1a0a1fdb9894dce7d0ee7eda58a) C:\Program Files\iPod\bin\iPodService.exe
13:34:51.0809 2176 iPod Service - ok
13:34:51.0829 2176 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:34:51.0829 2176 IRENUM - ok
13:34:51.0869 2176 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:34:51.0869 2176 isapnp - ok
13:34:51.0919 2176 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:34:51.0919 2176 iScsiPrt - ok
13:34:51.0969 2176 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:34:51.0969 2176 kbdclass - ok
13:34:52.0009 2176 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:34:52.0009 2176 kbdhid - ok
13:34:52.0039 2176 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:34:52.0039 2176 KeyIso - ok
13:34:52.0079 2176 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
13:34:52.0089 2176 KSecDD - ok
13:34:52.0119 2176 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
13:34:52.0129 2176 KSecPkg - ok
13:34:52.0149 2176 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:34:52.0149 2176 ksthunk - ok
13:34:52.0199 2176 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:34:52.0209 2176 KtmRm - ok
13:34:52.0239 2176 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:34:52.0249 2176 LanmanServer - ok
13:34:52.0289 2176 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:34:52.0299 2176 LanmanWorkstation - ok
13:34:52.0319 2176 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:34:52.0319 2176 lltdio - ok
13:34:52.0359 2176 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:34:52.0359 2176 lltdsvc - ok
13:34:52.0369 2176 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:34:52.0379 2176 lmhosts - ok
13:34:52.0399 2176 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:34:52.0399 2176 LSI_FC - ok
13:34:52.0429 2176 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:34:52.0429 2176 LSI_SAS - ok
13:34:52.0449 2176 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:34:52.0449 2176 LSI_SAS2 - ok
13:34:52.0459 2176 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:34:52.0469 2176 LSI_SCSI - ok
13:34:52.0499 2176 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:34:52.0499 2176 luafv - ok
13:34:52.0539 2176 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
13:34:52.0539 2176 MBAMProtector - ok
13:34:52.0639 2176 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:34:52.0649 2176 MBAMService - ok
13:34:52.0709 2176 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
13:34:52.0719 2176 mcdbus - ok
13:34:52.0749 2176 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:34:52.0759 2176 Mcx2Svc - ok
13:34:52.0779 2176 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:34:52.0779 2176 megasas - ok
13:34:52.0809 2176 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:34:52.0809 2176 MegaSR - ok
13:34:52.0879 2176 Microsoft SharePoint Workspace Audit Service - ok
13:34:52.0919 2176 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:34:52.0929 2176 MMCSS - ok
13:34:52.0939 2176 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:34:52.0939 2176 Modem - ok
13:34:52.0979 2176 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:34:52.0979 2176 monitor - ok
13:34:53.0019 2176 motccgp (338ba6b7170111edc2e43b5b4eaf17df) C:\Windows\system32\DRIVERS\motccgp.sys
13:34:53.0029 2176 motccgp - ok
13:34:53.0039 2176 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
13:34:53.0039 2176 motccgpfl - ok
13:34:53.0069 2176 motmodem (e90aba3c6f01be2c456c4aa857b28646) C:\Windows\system32\DRIVERS\motmodem.sys
13:34:53.0069 2176 motmodem - ok
13:34:53.0079 2176 motport (e90aba3c6f01be2c456c4aa857b28646) C:\Windows\system32\DRIVERS\motport.sys
13:34:53.0089 2176 motport - ok
13:34:53.0129 2176 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:34:53.0129 2176 mouclass - ok
13:34:53.0149 2176 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:34:53.0149 2176 mouhid - ok
13:34:53.0199 2176 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:34:53.0199 2176 mountmgr - ok
13:34:53.0279 2176 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:34:53.0279 2176 MozillaMaintenance - ok
13:34:53.0319 2176 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:34:53.0329 2176 mpio - ok
13:34:53.0349 2176 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:34:53.0349 2176 mpsdrv - ok
13:34:53.0419 2176 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:34:53.0429 2176 MpsSvc - ok
13:34:53.0479 2176 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:34:53.0489 2176 MRxDAV - ok
13:34:53.0529 2176 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:34:53.0539 2176 mrxsmb - ok
13:34:53.0589 2176 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:34:53.0599 2176 mrxsmb10 - ok
13:34:53.0639 2176 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:34:53.0639 2176 mrxsmb20 - ok
13:34:53.0669 2176 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:34:53.0669 2176 msahci - ok
13:34:53.0689 2176 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:34:53.0689 2176 msdsm - ok
13:34:53.0729 2176 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:34:53.0739 2176 MSDTC - ok
13:34:53.0769 2176 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:34:53.0769 2176 Msfs - ok
13:34:53.0779 2176 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:34:53.0789 2176 mshidkmdf - ok
13:34:53.0819 2176 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:34:53.0819 2176 msisadrv - ok
13:34:53.0859 2176 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:34:53.0869 2176 MSiSCSI - ok
13:34:53.0869 2176 msiserver - ok
13:34:53.0899 2176 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:34:53.0899 2176 MSKSSRV - ok
13:34:53.0919 2176 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:34:53.0929 2176 MSPCLOCK - ok
13:34:53.0939 2176 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:34:53.0939 2176 MSPQM - ok
13:34:53.0989 2176 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:34:53.0989 2176 MsRPC - ok
13:34:54.0009 2176 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:34:54.0009 2176 mssmbios - ok
13:34:54.0099 2176 MSSQL$SQLEXPRESS - ok
13:34:54.0169 2176 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:34:54.0179 2176 MSSQLServerADHelper100 - ok
13:34:54.0189 2176 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:34:54.0189 2176 MSTEE - ok
13:34:54.0209 2176 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:34:54.0209 2176 MTConfig - ok
13:34:54.0239 2176 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:34:54.0239 2176 Mup - ok
13:34:54.0299 2176 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:34:54.0309 2176 napagent - ok
13:34:54.0359 2176 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:34:54.0369 2176 NativeWifiP - ok
13:34:54.0449 2176 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:34:54.0449 2176 NDIS - ok
13:34:54.0469 2176 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:34:54.0469 2176 NdisCap - ok
13:34:54.0489 2176 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:34:54.0489 2176 NdisTapi - ok
13:34:54.0529 2176 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:34:54.0529 2176 Ndisuio - ok
13:34:54.0569 2176 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:34:54.0579 2176 NdisWan - ok
13:34:54.0609 2176 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:34:54.0609 2176 NDProxy - ok
13:34:54.0719 2176 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
13:34:54.0749 2176 Nero BackItUp Scheduler 4.0 - ok
13:34:54.0809 2176 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
13:34:54.0809 2176 Net Driver HPZ12 - ok
13:34:54.0819 2176 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:34:54.0819 2176 NetBIOS - ok
13:34:54.0869 2176 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:34:54.0869 2176 NetBT - ok
13:34:54.0909 2176 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:34:54.0909 2176 Netlogon - ok
13:34:54.0969 2176 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:34:54.0979 2176 Netman - ok
13:34:55.0079 2176 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:34:55.0079 2176 NetMsmqActivator - ok
13:34:55.0089 2176 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:34:55.0089 2176 NetPipeActivator - ok
13:34:55.0119 2176 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:34:55.0139 2176 netprofm - ok
13:34:55.0209 2176 netr7364 (7b3a86cda73b3e89fd69666c4329c3b7) C:\Windows\system32\DRIVERS\netr7364.sys
13:34:55.0239 2176 netr7364 - ok
13:34:55.0259 2176 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:34:55.0259 2176 NetTcpActivator - ok
13:34:55.0259 2176 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:34:55.0259 2176 NetTcpPortSharing - ok
13:34:55.0279 2176 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:34:55.0279 2176 nfrd960 - ok
13:34:55.0319 2176 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:34:55.0319 2176 NlaSvc - ok
13:34:55.0339 2176 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:34:55.0339 2176 Npfs - ok
13:34:55.0349 2176 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:34:55.0349 2176 nsi - ok
13:34:55.0359 2176 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:34:55.0359 2176 nsiproxy - ok
13:34:55.0459 2176 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:34:55.0479 2176 Ntfs - ok
13:34:55.0559 2176 NTI IScheduleSvc (bd691091ac7d9713d8f0b07c6b099e6c) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
13:34:55.0559 2176 NTI IScheduleSvc - ok
13:34:55.0639 2176 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
13:34:55.0639 2176 NTIDrvr - ok
13:34:55.0649 2176 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:34:55.0649 2176 Null - ok
13:34:55.0709 2176 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:34:55.0709 2176 nvraid - ok
13:34:55.0749 2176 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:34:55.0749 2176 nvstor - ok
13:34:55.0789 2176 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:34:55.0799 2176 nv_agp - ok
13:34:55.0829 2176 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:34:55.0829 2176 ohci1394 - ok
13:34:55.0899 2176 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:34:55.0909 2176 ose64 - ok
13:34:56.0189 2176 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:34:56.0239 2176 osppsvc - ok
13:34:56.0339 2176 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:34:56.0349 2176 p2pimsvc - ok
13:34:56.0379 2176 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:34:56.0399 2176 p2psvc - ok
13:34:56.0429 2176 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:34:56.0439 2176 Parport - ok
13:34:56.0479 2176 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:34:56.0479 2176 partmgr - ok
13:34:56.0499 2176 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:34:56.0509 2176 PcaSvc - ok
13:34:56.0549 2176 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:34:56.0559 2176 pci - ok
13:34:56.0589 2176 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:34:56.0599 2176 pciide - ok
13:34:56.0619 2176 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:34:56.0629 2176 pcmcia - ok
13:34:56.0639 2176 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:34:56.0639 2176 pcw - ok
13:34:56.0679 2176 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:34:56.0689 2176 PEAUTH - ok
13:34:56.0769 2176 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:34:56.0769 2176 PerfHost - ok
13:34:56.0909 2176 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:34:56.0939 2176 pla - ok
13:34:57.0059 2176 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:34:57.0069 2176 PlugPlay - ok
13:34:57.0139 2176 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
13:34:57.0139 2176 Pml Driver HPZ12 - ok
13:34:57.0179 2176 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:34:57.0179 2176 PNRPAutoReg - ok
13:34:57.0209 2176 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:34:57.0209 2176 PNRPsvc - ok
13:34:57.0269 2176 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
13:34:57.0269 2176 Point64 - ok
13:34:57.0309 2176 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:34:57.0319 2176 PolicyAgent - ok
13:34:57.0339 2176 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:34:57.0339 2176 Power - ok
13:34:57.0379 2176 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:34:57.0379 2176 PptpMiniport - ok
13:34:57.0409 2176 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:34:57.0419 2176 Processor - ok
13:34:57.0449 2176 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
13:34:57.0459 2176 ProfSvc - ok
13:34:57.0499 2176 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:34:57.0499 2176 ProtectedStorage - ok
13:34:57.0539 2176 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:34:57.0539 2176 Psched - ok
13:34:57.0619 2176 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:34:57.0649 2176 ql2300 - ok
13:34:57.0739 2176 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:34:57.0739 2176 ql40xx - ok
13:34:57.0769 2176 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:34:57.0779 2176 QWAVE - ok
13:34:57.0789 2176 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:34:57.0789 2176 QWAVEdrv - ok
13:34:57.0799 2176 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:34:57.0809 2176 RasAcd - ok
13:34:57.0839 2176 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:34:57.0839 2176 RasAgileVpn - ok
13:34:57.0859 2176 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:34:57.0859 2176 RasAuto - ok
13:34:57.0899 2176 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:34:57.0899 2176 Rasl2tp - ok
13:34:57.0949 2176 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:34:57.0959 2176 RasMan - ok
13:34:57.0979 2176 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:34:57.0979 2176 RasPppoe - ok
13:34:57.0999 2176 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:34:57.0999 2176 RasSstp - ok
13:34:58.0049 2176 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:34:58.0049 2176 rdbss - ok
13:34:58.0069 2176 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:34:58.0069 2176 rdpbus - ok
13:34:58.0079 2176 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:34:58.0079 2176 RDPCDD - ok
13:34:58.0109 2176 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:34:58.0109 2176 RDPENCDD - ok
13:34:58.0129 2176 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:34:58.0129 2176 RDPREFMP - ok
13:34:58.0169 2176 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
13:34:58.0169 2176 RDPWD - ok
13:34:58.0219 2176 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:34:58.0219 2176 rdyboost - ok
13:34:58.0269 2176 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:34:58.0279 2176 RemoteAccess - ok
13:34:58.0299 2176 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:34:58.0299 2176 RemoteRegistry - ok
13:34:58.0339 2176 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:34:58.0349 2176 RimUsb - ok
13:34:58.0389 2176 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
13:34:58.0389 2176 RimVSerPort - ok
13:34:58.0409 2176 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
13:34:58.0409 2176 ROOTMODEM - ok
13:34:58.0429 2176 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:34:58.0429 2176 RpcEptMapper - ok
13:34:58.0459 2176 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:34:58.0459 2176 RpcLocator - ok
13:34:58.0519 2176 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
13:34:58.0529 2176 RpcSs - ok
13:34:58.0589 2176 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
13:34:58.0589 2176 RsFx0103 - ok
13:34:58.0609 2176 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:34:58.0619 2176 rspndr - ok
13:34:58.0649 2176 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:34:58.0649 2176 SamSs - ok
13:34:58.0699 2176 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:34:58.0709 2176 sbp2port - ok
13:34:58.0729 2176 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:34:58.0729 2176 SCardSvr - ok
13:34:58.0759 2176 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:34:58.0759 2176 scfilter - ok
13:34:58.0849 2176 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:34:58.0859 2176 Schedule - ok
13:34:58.0899 2176 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:34:58.0899 2176 SCPolicySvc - ok
13:34:58.0939 2176 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:34:58.0949 2176 SDRSVC - ok
13:34:59.0009 2176 SecDrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
13:34:59.0009 2176 SecDrv - ok
13:34:59.0049 2176 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:34:59.0049 2176 seclogon - ok
13:34:59.0069 2176 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:34:59.0069 2176 SENS - ok
13:34:59.0089 2176 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:34:59.0089 2176 SensrSvc - ok
13:34:59.0119 2176 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:34:59.0119 2176 Serenum - ok
13:34:59.0139 2176 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:34:59.0139 2176 Serial - ok
13:34:59.0169 2176 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:34:59.0179 2176 sermouse - ok
13:34:59.0219 2176 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:34:59.0229 2176 SessionEnv - ok
13:34:59.0259 2176 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:34:59.0269 2176 sffdisk - ok
13:34:59.0279 2176 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:34:59.0279 2176 sffp_mmc - ok
13:34:59.0289 2176 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:34:59.0289 2176 sffp_sd - ok
13:34:59.0319 2176 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:34:59.0319 2176 sfloppy - ok
13:34:59.0379 2176 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:34:59.0379 2176 SharedAccess - ok
13:34:59.0429 2176 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:34:59.0439 2176 ShellHWDetection - ok
13:34:59.0439 2176 simptcp (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe
13:34:59.0449 2176 simptcp - ok
13:34:59.0489 2176 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:34:59.0489 2176 SiSRaid2 - ok
13:34:59.0509 2176 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:34:59.0509 2176 SiSRaid4 - ok
13:34:59.0609 2176 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:34:59.0609 2176 SkypeUpdate - ok
13:34:59.0629 2176 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:34:59.0629 2176 Smb - ok
13:34:59.0669 2176 SNMP (ca62ae004e98374bf7f082cd765eea02) C:\Windows\System32\snmp.exe
13:34:59.0669 2176 SNMP - ok
13:34:59.0689 2176 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:34:59.0699 2176 SNMPTRAP - ok
13:34:59.0709 2176 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:34:59.0709 2176 spldr - ok
13:34:59.0749 2176 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:34:59.0759 2176 Spooler - ok
13:34:59.0959 2176 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:34:59.0999 2176 sppsvc - ok
13:35:00.0079 2176 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:35:00.0079 2176 sppuinotify - ok
13:35:00.0209 2176 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
13:35:00.0219 2176 SQLAgent$SQLEXPRESS - ok
13:35:00.0309 2176 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:35:00.0309 2176 SQLBrowser - ok
13:35:00.0369 2176 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:35:00.0369 2176 SQLWriter - ok
13:35:00.0439 2176 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:35:00.0449 2176 srv - ok
13:35:00.0499 2176 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:35:00.0509 2176 srv2 - ok
13:35:00.0529 2176 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:35:00.0529 2176 srvnet - ok
13:35:00.0569 2176 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:35:00.0569 2176 SSDPSRV - ok
13:35:00.0589 2176 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:35:00.0589 2176 SstpSvc - ok
13:35:00.0739 2176 StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
13:35:00.0739 2176 StarWindServiceAE - ok
13:35:00.0769 2176 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:35:00.0769 2176 stexstor - ok
13:35:00.0819 2176 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
13:35:00.0819 2176 StillCam - ok
13:35:00.0879 2176 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:35:00.0909 2176 stisvc - ok
13:35:00.0949 2176 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:35:00.0949 2176 swenum - ok
13:35:01.0049 2176 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:35:01.0059 2176 SwitchBoard - ok
13:35:01.0099 2176 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:35:01.0109 2176 swprv - ok
13:35:01.0239 2176 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:35:01.0269 2176 SysMain - ok
13:35:01.0379 2176 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:35:01.0389 2176 TabletInputService - ok
13:35:01.0429 2176 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:35:01.0429 2176 TapiSrv - ok
13:35:01.0449 2176 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:35:01.0449 2176 TBS - ok
13:35:01.0589 2176 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:35:01.0609 2176 Tcpip - ok
13:35:01.0769 2176 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:35:01.0789 2176 TCPIP6 - ok
13:35:01.0859 2176 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:35:01.0859 2176 tcpipreg - ok
13:35:01.0889 2176 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:35:01.0889 2176 TDPIPE - ok
13:35:01.0929 2176 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:35:01.0929 2176 TDTCP - ok
13:35:01.0969 2176 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:35:01.0969 2176 tdx - ok
13:35:02.0169 2176 TeamViewer6 (9ab083a4304adc80938b95cafdffbcdc) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
13:35:02.0189 2176 TeamViewer6 - ok
13:35:02.0249 2176 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:35:02.0259 2176 TermDD - ok
13:35:02.0319 2176 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:35:02.0329 2176 TermService - ok
13:35:02.0369 2176 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:35:02.0369 2176 Themes - ok
13:35:02.0399 2176 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:35:02.0399 2176 THREADORDER - ok
13:35:02.0459 2176 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
13:35:02.0459 2176 TIEHDUSB - ok
13:35:02.0489 2176 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:35:02.0499 2176 TrkWks - ok
13:35:02.0539 2176 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:35:02.0539 2176 TrustedInstaller - ok
13:35:02.0579 2176 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:35:02.0579 2176 tssecsrv - ok
13:35:02.0619 2176 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:35:02.0619 2176 TsUsbFlt - ok
13:35:02.0669 2176 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:35:02.0679 2176 tunnel - ok
13:35:02.0699 2176 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:35:02.0699 2176 uagp35 - ok
13:35:02.0739 2176 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
13:35:02.0739 2176 UBHelper - ok
13:35:02.0779 2176 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:35:02.0779 2176 udfs - ok
13:35:02.0799 2176 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:35:02.0809 2176 UI0Detect - ok
13:35:02.0849 2176 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:35:02.0849 2176 uliagpkx - ok
13:35:02.0889 2176 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:35:02.0889 2176 umbus - ok
13:35:02.0919 2176 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:35:02.0919 2176 UmPass - ok
13:35:02.0969 2176 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
13:35:02.0969 2176 Updater Service - ok
13:35:03.0009 2176 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:35:03.0019 2176 upnphost - ok
13:35:03.0039 2176 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
13:35:03.0039 2176 USBAAPL64 - ok
13:35:03.0069 2176 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:35:03.0069 2176 usbaudio - ok
13:35:03.0119 2176 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:35:03.0119 2176 usbccgp - ok
13:35:03.0149 2176 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:35:03.0159 2176 usbcir - ok
13:35:03.0169 2176 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:35:03.0169 2176 usbehci - ok
13:35:03.0209 2176 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:35:03.0219 2176 usbhub - ok
13:35:03.0259 2176 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:35:03.0259 2176 usbohci - ok
13:35:03.0289 2176 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:35:03.0289 2176 usbprint - ok
13:35:03.0339 2176 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:35:03.0339 2176 usbscan - ok
13:35:03.0369 2176 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:35:03.0369 2176 USBSTOR - ok
13:35:03.0419 2176 USBTINSP (c44d96b1cdde705b23f55ab423cca73d) C:\Windows\system32\DRIVERS\tinspusb.sys
13:35:03.0419 2176 USBTINSP - ok
13:35:03.0459 2176 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
13:35:03.0459 2176 usbuhci - ok
13:35:03.0509 2176 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
13:35:03.0509 2176 usbvideo - ok
13:35:03.0539 2176 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:35:03.0549 2176 UxSms - ok
13:35:03.0589 2176 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:35:03.0589 2176 VaultSvc - ok
13:35:03.0629 2176 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:35:03.0629 2176 vdrvroot - ok
13:35:03.0689 2176 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:35:03.0729 2176 vds - ok
13:35:03.0749 2176 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:35:03.0749 2176 vga - ok
13:35:03.0779 2176 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:35:03.0779 2176 VgaSave - ok
13:35:03.0829 2176 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:35:03.0829 2176 vhdmp - ok
13:35:03.0859 2176 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:35:03.0859 2176 viaide - ok
13:35:03.0899 2176 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:35:03.0899 2176 volmgr - ok
13:35:03.0959 2176 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:35:03.0959 2176 volmgrx - ok
13:35:04.0009 2176 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:35:04.0019 2176 volsnap - ok
13:35:04.0049 2176 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:35:04.0049 2176 vsmraid - ok
13:35:04.0219 2176 VSPerfDrv100 (ca64a8838b4674d14bdf88aba2f253ea) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
13:35:04.0219 2176 VSPerfDrv100 - ok
13:35:04.0329 2176 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:35:04.0349 2176 VSS - ok
13:35:04.0449 2176 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:35:04.0449 2176 vwifibus - ok
13:35:04.0469 2176 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:35:04.0469 2176 vwififlt - ok
13:35:04.0529 2176 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:35:04.0539 2176 W32Time - ok
13:35:04.0639 2176 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
13:35:04.0639 2176 W3SVC - ok
13:35:04.0659 2176 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:35:04.0659 2176 WacomPen - ok
13:35:04.0699 2176 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:35:04.0709 2176 WANARP - ok
13:35:04.0709 2176 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:35:04.0709 2176 Wanarpv6 - ok
13:35:04.0749 2176 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
13:35:04.0749 2176 WAS - ok
13:35:04.0849 2176 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:35:04.0879 2176 WatAdminSvc - ok
13:35:05.0049 2176 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:35:05.0059 2176 wbengine - ok
13:35:05.0139 2176 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:35:05.0139 2176 WbioSrvc - ok
13:35:05.0189 2176 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:35:05.0199 2176 wcncsvc - ok
13:35:05.0219 2176 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:35:05.0229 2176 WcsPlugInService - ok
13:35:05.0259 2176 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:35:05.0259 2176 Wd - ok
13:35:05.0319 2176 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:35:05.0349 2176 Wdf01000 - ok
13:35:05.0369 2176 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:35:05.0369 2176 WdiServiceHost - ok
13:35:05.0369 2176 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:35:05.0369 2176 WdiSystemHost - ok
13:35:05.0409 2176 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:35:05.0419 2176 WebClient - ok
13:35:05.0439 2176 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:35:05.0449 2176 Wecsvc - ok
13:35:05.0459 2176 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:35:05.0459 2176 wercplsupport - ok
13:35:05.0489 2176 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:35:05.0489 2176 WerSvc - ok
13:35:05.0519 2176 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:35:05.0519 2176 WfpLwf - ok
13:35:05.0529 2176 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:35:05.0529 2176 WIMMount - ok
13:35:05.0599 2176 WinDefend - ok
13:35:05.0619 2176 WinHttpAutoProxySvc - ok
13:35:05.0669 2176 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:35:05.0669 2176 Winmgmt - ok
13:35:05.0799 2176 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:35:05.0849 2176 WinRM - ok
13:35:05.0999 2176 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:35:06.0009 2176 WinUsb - ok
13:35:06.0079 2176 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:35:06.0099 2176 Wlansvc - ok
13:35:06.0279 2176 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:35:06.0299 2176 wlidsvc - ok
13:35:06.0369 2176 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:35:06.0369 2176 WmiAcpi - ok
13:35:06.0439 2176 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:35:06.0439 2176 wmiApSrv - ok
13:35:06.0469 2176 WMPNetworkSvc - ok
13:35:06.0589 2176 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
13:35:06.0599 2176 WMZuneComm - ok
13:35:06.0609 2176 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:35:06.0619 2176 WPCSvc - ok
13:35:06.0659 2176 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:35:06.0659 2176 WPDBusEnum - ok
13:35:06.0689 2176 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:35:06.0689 2176 ws2ifsl - ok
13:35:06.0719 2176 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:35:06.0719 2176 wscsvc - ok
13:35:06.0729 2176 WSearch - ok
13:35:06.0899 2176 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:35:06.0929 2176 wuauserv - ok
13:35:07.0049 2176 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:35:07.0049 2176 WudfPf - ok
13:35:07.0079 2176 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:35:07.0089 2176 WUDFRd - ok
13:35:07.0119 2176 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:35:07.0129 2176 wudfsvc - ok
13:35:07.0159 2176 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:35:07.0169 2176 WwanSvc - ok
13:35:07.0209 2176 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
13:35:07.0209 2176 xusb21 - ok
13:35:07.0669 2176 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
13:35:07.0759 2176 ZuneNetworkSvc - ok
13:35:07.0829 2176 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
13:35:07.0829 2176 ZuneWlanCfgSvc - ok
13:35:07.0869 2176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:35:08.0039 2176 \Device\Harddisk0\DR0 - ok
13:35:08.0039 2176 Boot (0x1200) (8fcb913565d613fe1464800fdd93ca5a) \Device\Harddisk0\DR0\Partition0
13:35:08.0039 2176 \Device\Harddisk0\DR0\Partition0 - ok
13:35:08.0059 2176 Boot (0x1200) (1c1c0f551d0a9daa727eef0bb999d1dc) \Device\Harddisk0\DR0\Partition1
13:35:08.0059 2176 \Device\Harddisk0\DR0\Partition1 - ok
13:35:08.0059 2176 ============================================================
13:35:08.0059 2176 Scan finished
13:35:08.0059 2176 ============================================================
13:35:08.0059 4200 Detected object count: 0
13:35:08.0059 4200 Actual detected object count: 0
13:35:59.0949 4680 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:52 PM

Posted 28 July 2012 - 03:07 PM

Greetings


what things are not working


we have to run as admin because we are making changes to the computer




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:52 PM

Posted 28 July 2012 - 03:13 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Zac\AppData\Roaming\SpeedyPC Software
c:\users\Zac\AppData\Roaming\DriverCure
c:\program files (x86)\Common Files\SpeedyPC Software
c:\programdata\SpeedyPC Software
c:\program files (x86)\SpeedyPC Software
c:\program files (x86)\Ask.com

File::
c:\windows\Tasks\SpeedyPC Pro.job
c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
c:\windows\Tasks\SpeedyPC Update Version3.job

Firefox::
FF - ProfilePath - c:\users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GAM-ASK&o=15954&locale=en_US&apn_uid=BAD420B6-C3CD-47AF-AA7B-88F5BC0DD12C&apn_ptnrs=X4&apn_sauid=7619691E-C521-4A19-B21D-BA84AC16F4F3&apn_dtid=&&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 The_Stig

The_Stig
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 29 July 2012 - 02:59 PM

ComboFix 12-07-29.02 - Zac 07/29/2012 15:40:06.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4469 [GMT -4:00]
Running from: c:\users\Zac\Desktop\ComboFix.exe
Command switches used :: c:\users\Zac\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\SpeedyPC Pro.job"
"c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job"
"c:\windows\Tasks\SpeedyPC Update Version3.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\Common Files\SpeedyPC Software
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\ad_generic.jpg
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close_md.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close_mo.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close_pu.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close_pu_md.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close_pu_mo.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\Logo.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\min.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\min_md.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\min_mo.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\progress_glow.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\topbar_gradient.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\LiteUnzip.dll
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\settings.xml
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll
c:\program files (x86)\SpeedyPC Software
c:\program files (x86)\SpeedyPC Software\SpeedyPC\7ZipDLL.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\colors.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\CommonLoggingExtension.pxt
c:\program files (x86)\SpeedyPC Software\SpeedyPC\CommonSpecialist.pxt
c:\program files (x86)\SpeedyPC Software\SpeedyPC\ExtensionManager.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\filecachedb.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HandleUpdate.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\0_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\1_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\15_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\2_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\30_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\5_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\container_content_bkimg.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\container_content_leftimg.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\container_content_rightimg.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\error_connect.html
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\10x10.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\10x10tile.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\contentwrapper.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\error_internet.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\footerbarfill.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\info_bubble.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\pcha_background.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\tile_footerbarbase.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\tile_subheadbarbase.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\tile_titlebarbase.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\main.css
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\main_error.css
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\package_titlebar_bkimg.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\uninstall\box_screen.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\uninstall\default_button.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\uninstall\default_button_over.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\uninstall\header_background.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\uninstall\index.html
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Audio\cancel.wav
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Audio\complete.wav
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\btn.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\btn_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_bho.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_defrag.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_file.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_generalsettings.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_ignore.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_junk.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_privacy.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_process.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_registry.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_schedule.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_startup.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\register.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\register_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\register_over_small.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\register_small.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\renew.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\renew_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\settings_button.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\settings_button_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\start.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\start_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag\c_empty.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag\c_frag.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag\c_unfrag.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag\c_unknown.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag\c_unmove.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\bottom_logo.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\close.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\dlg_title.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\logo.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\max.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\min.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\register.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\register_close.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\register_close_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\register_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\renew.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\renew_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\restore.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tab_bg.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tabactive_bg.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tabover_bg.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tfn_bg.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tfn_logo.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\title_bar.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\top_logo.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\upper_divider.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\general\collapse.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\general\delete.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\general\expand.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\general\progress_glow.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\bho.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_audio.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_doc.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_image.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_other.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_video.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\ig_drivers.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\ig_proc.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\ig_reg.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\junk.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_3rd.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_browser.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_email.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_fs.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_im.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_multi.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_office.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_other.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_windows.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_apppath.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_com.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_dll.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_empty.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_extensions.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_filepath.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_font.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_help.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_shortcut.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_startup.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_uninstall.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\startup.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_about.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_bho.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_clean.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_defrag.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_file.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_junk.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_junk_settings.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_malware.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_performance.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_privacy.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_process.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_registry.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_restore.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_settings.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_startup.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_tools.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\settings_general.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\settings_ignore.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\settings_privacy.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\settings_registry.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\settings_schedule.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Icons\info.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Icons\warning.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\other.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\process\bho.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\process\process.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\process\startup.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_malware16.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_malware24.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_malware32.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_system16.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_system24.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_system32.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unknown16.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unknown24.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unknown32.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unwanted16.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unwanted24.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unwanted32.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_userapp16.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_userapp24.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_userapp32.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\01.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\02.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\03.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\04.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\05.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\06.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\07.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\08.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\09.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\check.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage1.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage2.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage3.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage4.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage5.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage6.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\error.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\error_large.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\Fix.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\Fix_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\junk.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\malware.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\md5.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\privacy.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\process-animation.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_h.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_h_scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_l.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_l_scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_m.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_m_scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_mh.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_mh_scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_ml.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_ml_scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\registry.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\security_high.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\security_low.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\warning.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\overview.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\restore.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\settings.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\tools.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\LiteUnzip.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\LiteZip.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\LogSettings.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\MyResources.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\privacy.db
c:\program files (x86)\SpeedyPC Software\SpeedyPC\RegHookSpecialist.pxt
c:\program files (x86)\SpeedyPC Software\SpeedyPC\SandBoxer.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\settings.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
c:\program files (x86)\SpeedyPC Software\SpeedyPC\sqlite3.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\tfn.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\uninstall.exe
c:\program files (x86)\SpeedyPC Software\SpeedyPC\UNS.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Utility.pxt
c:\program files (x86)\SpeedyPC Software\SpeedyPC\whitelist.dat
c:\programdata\SpeedyPC Software
c:\programdata\SpeedyPC Software\SpeedyPC Pro\dc_db.db
c:\programdata\SpeedyPC Software\UUS3\Master.xml
c:\programdata\SpeedyPC Software\UUS3\Patch.xml
c:\programdata\SpeedyPC Software\UUS3\SpeedyPC\Database.xml
c:\programdata\SpeedyPC Software\UUS3\SpeedyPC\Master.xml
c:\programdata\SpeedyPC Software\UUS3\SpeedyPC\Patch.xml
c:\programdata\SpeedyPC Software\UUS3\SpeedyPC\Update.xml
c:\programdata\SpeedyPC Software\UUS3\Update.xml
c:\users\Zac\AppData\Roaming\DriverCure
c:\users\Zac\AppData\Roaming\DriverCure\LogFile.txt
c:\users\Zac\AppData\Roaming\SpeedyPC Software
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 19:51 . 2012-07-29 19:51 -------- d-----w- c:\users\Mcx1-ZAC-PC\AppData\Local\temp
2012-07-29 19:51 . 2012-07-29 19:51 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-07-29 19:51 . 2012-07-29 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 20:29 . 2012-07-27 20:30 -------- d-----w- c:\program files (x86)\MagicDisc
2012-07-27 20:29 . 2009-02-24 22:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-07-27 20:29 . 2009-02-24 22:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-07-24 22:05 . 2012-07-24 22:05 -------- d-----w- c:\program files (x86)\ESET
2012-07-23 22:10 . 2012-07-23 22:11 -------- d-----w- c:\programdata\TrojanHunter
2012-07-23 22:10 . 2012-07-23 23:35 -------- d-----w- c:\program files (x86)\TrojanHunter 5.5
2012-07-23 21:13 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-07-23 21:12 . 2012-07-23 21:12 -------- d-----w- C:\Reg_Backup
2012-07-23 21:12 . 2012-07-23 21:24 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-07-23 20:54 . 2012-07-23 20:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-23 20:50 . 2012-07-23 21:24 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-07-23 20:50 . 2012-07-23 20:50 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-07-23 20:44 . 2012-07-23 20:44 -------- d-----w- C:\_OTL
2012-07-23 16:50 . 2010-06-28 20:37 121936 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-23 16:50 . 2010-06-28 20:32 20048 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-23 16:50 . 2010-06-28 20:33 28752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-23 16:50 . 2010-06-28 20:37 51280 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-23 16:50 . 2010-06-28 20:33 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-23 16:50 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2012-07-23 16:50 . 2010-06-28 20:57 165032 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-23 16:50 . 2012-07-23 16:50 -------- d-----w- c:\programdata\Alwil Software
2012-07-23 16:50 . 2012-07-23 16:50 -------- d-----w- c:\program files\Alwil Software
2012-07-21 21:21 . 2012-07-21 21:21 -------- d-----w- c:\users\Zac\AppData\Local\Macromedia
2012-07-21 18:20 . 2012-07-27 18:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-21 18:20 . 2012-07-21 18:20 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-21 18:20 . 2012-07-21 18:20 -------- d-----w- c:\windows\system32\Macromed
2012-07-12 07:01 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 18:53 . 2011-08-12 20:37 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2012-01-14 18:15 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-19 12:31 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 12:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 12:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 12:32 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 12:31 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 12:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 12:31 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 12:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 12:31 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 01:48 . 2012-06-02 01:48 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-02 01:48 . 2012-06-02 01:48 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-02 01:47 . 2012-06-02 01:47 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-15 04:01 . 2012-06-12 23:15 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-12 23:15 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-12 23:15 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-11 02:41 . 2009-11-15 18:16 57848688 ----a-w- c:\windows\system32\MRT.exe
2012-05-04 11:06 . 2012-06-12 23:15 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 23:15 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 23:15 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 23:15 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-27_21.11.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-07-29 16:50 52744 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-11 23:46 . 2012-07-29 16:50 41830 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2584917866-1686359113-3787390651-1000_UserData.bin
- 2009-10-08 03:08 . 2012-07-27 18:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-08 03:08 . 2012-07-29 16:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-08 03:08 . 2012-07-27 18:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-08 03:08 . 2012-07-29 16:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-27 18:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-29 16:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-11 23:44 . 2012-07-29 19:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-11 23:44 . 2012-07-27 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-11 23:44 . 2012-07-27 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-11 23:44 . 2012-07-29 19:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-13 03:22 . 2012-07-29 16:46 5442 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-27 21:08 . 2012-07-27 21:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-29 16:47 . 2012-07-29 16:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-27 21:08 . 2012-07-27 21:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-29 16:47 . 2012-07-29 16:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-22 18:26 . 2012-07-29 16:48 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-22 18:26 . 2012-07-27 21:10 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-29 16:48 999424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-27 21:10 999424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-12 01:50 . 2012-07-29 16:44 246154 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 05:12 . 2012-07-24 21:27 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-07-29 16:51 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-07-29 16:46 530912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-27 21:06 530912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-07-29 16:48 3391488 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-27 21:10 3391488 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-13 07:20 . 2012-07-29 16:46 6763768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2584917866-1686359113-3787390651-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 15:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0C8413C1-FAD1-446C-8584-BE50576F863E}"= "c:\program files (x86)\Search Toolbar\tbcore3.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{0c8413c1-fad1-446c-8584-be50576f863e}]
[HKEY_CLASSES_ROOT\TBSB05974.TBSB05974.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB05974.TBSB05974]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-12 244480]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-06-13 202256]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"THGuard"="c:\program files (x86)\TrojanHunter 5.5\THGuard.exe" [2011-12-06 1088280]
.
c:\users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-7-27 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AppServer9PE;SunJavaSystemAppserver9PE;c:\sun\SDK\lib\appservService.exe [2009-11-15 26826]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-02-10 35840]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-14 144896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2009-10-27 30208]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2009-07-29 717312]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2009-08-29 49152]
R3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 142848]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 61008]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-16 2249000]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 18:53]
.
2012-07-28 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\tz5d2b4o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - google.com
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{604CD5A1-4520-4844-B064-A3D884B77E91} - c:\program files (x86)\SpeedyPC Software\SpeedyPC\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"3\" oldDevice=\"\" timeDiff=\"1\" expireTime=\"1316752923\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"195\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />\0a"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-07-29 15:54:47
ComboFix-quarantined-files.txt 2012-07-29 19:54
ComboFix2.txt 2012-07-27 21:18
.
Pre-Run: 465,544,400,896 bytes free
Post-Run: 465,794,641,920 bytes free
.
- - End Of File - - 00B0C1CE99692623874CFA69575E58D2



Currently no problems, I don't know if the virus is gone yet, but I will report back soon. Here is the report from ComboFix. Thanks for the help.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:52 PM

Posted 29 July 2012 - 03:22 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.5.1 MUI
Ask Toolbar
Bing Bar
BitTorrent
Conduit Engine
Java™ 6 Update 31
Java™ SE Development Kit 6 Update 17
Search Toolbar
uTorrentBar Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:52 PM

Posted 01 August 2012 - 05:51 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 The_Stig

The_Stig
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 01 August 2012 - 05:14 PM

Sorry about that, I've been busy and forgot to reply. What are the next steps again?

#12 The_Stig

The_Stig
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 01 August 2012 - 05:21 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.01.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Zac :: ZAC-PC [administrator]

8/1/2012 6:17:32 PM
mbam-log-2012-08-01 (18-17-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250215
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:15:01 PM, on 8/1/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Users\Zac\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Internet Explorer Web Blocker - {1935E690-1AC1-4AA5-BA23-3D9D0CEB3A00} - C:\Windows\SysWOW64\Lsk_iBlk.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll (file missing)
O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll (file missing)
O3 - Toolbar: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe"
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: SunJavaSystemAppserver9PE (AppServer9PE) - Unknown owner - C:\Sun\SDK\lib\appservService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folding@home-CPU-[1] - Unknown owner - C:\Folding@HomeCPU\1\Fah.exe (file missing)
O23 - Service: Folding@home-CPU-[2] - Unknown owner - C:\Folding@HomeCPU\2\Fah.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14238 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:52 PM

Posted 02 August 2012 - 09:26 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
      O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer
      O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer
      O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
      O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
      O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
      O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 The_Stig

The_Stig
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 03 August 2012 - 09:18 AM

C:\Qoobox\Quarantine\C\Users\Zac\AppData\Local\Apple Computer\Adobe\puwfrqgt.dll.vir a variant of Win32/Kryptik.AIZP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{31fb4b83-073c-0c52-27fd-c725bde1cb8f}\U\80000000.@.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:52 PM

Posted 03 August 2012 - 12:55 PM

Hello The_Stig

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


C:\Qoobox\Quarantine\<-- combofix


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users