Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect Virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 th29

th29

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 03 August 2012 - 03:11 PM

I have a search engine redirect virus. Have had no luck finding the infected file.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0
Run by Administrator at 10:19:57 on 2012-08-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3548.1825 [GMT -5:00]
.
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\ActiveBooks\ActiveBooksServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\Intuit\QUICKB~1\dbextclr11.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [Wisdom-soft ScreenHunter 5.1 Free] c:\program files\wisdom-soft screenhunter 5 free\ScreenHunter.exe
uRun: [InstallShield] rundll32.exe c:\users\administrator\appdata\local\installshield\ggbqdaci.dll,DllGetClassObject
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\weprin~1.lnk - c:\program files\weprint\WePrint Server.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.tscmaps.com/shared/viewer/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{51ED4BDA-3BE0-4E98-9D92-0AA46A8296C9} : DhcpNameServer = 192.168.1.254 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\tymunuwe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 MpKsl300028f2;MpKsl300028f2;c:\programdata\microsoft\microsoft antimalware\definition updates\{eade3e32-616b-45fe-bedd-b555b7f348ff}\MpKsl300028f2.sys [2012-8-3 29904]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-15 146448]
R2 ActiveBooks Server;ActiveBooks Server;c:\program files\activebooks\activebooksserver.exe -run --> c:\program files\activebooks\ActiveBooksServer.exe -run [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-8-25 13336]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [2010-7-5 45056]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-9-13 2358656]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-1-19 3027840]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2010-5-10 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-5-10 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-15 283152]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-4-4 245760]
R3 btmhsf;btmhsf;c:\windows\system32\drivers\btmhsf.sys [2011-7-19 225280]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-8-25 224424]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\drivers\iBtFltCoex.sys [2011-7-20 47104]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-7-15 497008]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-7-15 689416]
S1 djocdibu;djocdibu;c:\windows\system32\drivers\djocdibu.sys [2012-7-23 43480]
S1 uxevprkl;uxevprkl;c:\windows\system32\drivers\uxevprkl.sys [2012-7-20 43480]
S1 vaiiqrzh;vaiiqrzh;c:\windows\system32\drivers\vaiiqrzh.sys [2012-7-21 43480]
S1 wxljmnaa;wxljmnaa;c:\windows\system32\drivers\wxljmnaa.sys [2012-7-22 43480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-5 136176]
S3 ActiveBooks Agent;ActiveBooks Agent;c:\program files\activebooks\activebooksagent.exe -run --> c:\program files\activebooks\ActiveBooksAgent.exe -run [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-22 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2012-7-19 22528]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-8 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-5 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 113120]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-20 126464]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-20 19456]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [2009-11-27 75264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-10 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
SUnknown akbljeyg;akbljeyg; [x]
SUnknown gxjeqlbe;gxjeqlbe; [x]
SUnknown omrudhgo;omrudhgo; [x]
SUnknown qhponcvd;qhponcvd; [x]
SUnknown rjoibslm;rjoibslm; [x]
SUnknown skrlrkqq;skrlrkqq; [x]
SUnknown svdxmvfv;svdxmvfv; [x]
SUnknown togmsmwc;togmsmwc; [x]
SUnknown xxhcydme;xxhcydme; [x]
.
=============== Created Last 30 ================
.
2012-08-03 07:03:51 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{eade3e32-616b-45fe-bedd-b555b7f348ff}\offreg.dll
2012-08-03 07:03:51 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{eade3e32-616b-45fe-bedd-b555b7f348ff}\MpKsl300028f2.sys
2012-08-03 07:02:52 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{eade3e32-616b-45fe-bedd-b555b7f348ff}\mpengine.dll
2012-08-02 20:30:56 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-23 21:20:54 -------- d-----w- c:\users\administrator\appdata\local\InstallShield
2012-07-23 09:44:03 43480 ----a-w- c:\windows\system32\drivers\djocdibu.sys
2012-07-22 09:44:27 43480 ----a-w- c:\windows\system32\drivers\wxljmnaa.sys
2012-07-21 09:45:49 43480 ----a-w- c:\windows\system32\drivers\vaiiqrzh.sys
2012-07-20 09:52:51 43480 ----a-w- c:\windows\system32\drivers\uxevprkl.sys
2012-07-19 20:21:47 22528 ----a-w- c:\windows\system32\drivers\BthAvrcp.sys
2012-07-12 20:05:32 -------- d-----w- c:\users\administrator\appdata\local\{E7CA10B7-CC5C-11E1-8270-B8AC6F996F26}
2012-07-11 08:01:35 2345984 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-08-02 23:10:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 23:10:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 21:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-18 15:22:21 780 ----a-w- c:\users\administrator\advanced_ip_scanner_MAC.bin
.
============= FINISH: 10:20:35.72 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 06 August 2012 - 02:56 AM

Greetings and Welcome to The Forums!!


My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Trend Micro Client/Server Security Agent Antivirus
AV: Microsoft Security Essentials


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 th29

th29
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 06 August 2012 - 10:29 AM

Trend Micro Security software has been removed. Microsoft security essentials is still installed.

Checkup.txt - posted below

combofixlog - posted below

No longer getting redirects in either Firefox or IE.


_________________________________________________________________________________

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Client/Server Security Agent Antivirus
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 26
Java™ 7 Update 2
Java version out of Date!
Adobe Flash Player 11.3.300.270
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````




_____________________________________________________________________________________________________________________________




ComboFix 12-08-05.02 - Administrator 08/06/2012 9:28.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3548.2344 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 14:32 . 2012-08-06 14:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-06 14:32 . 2012-08-06 14:32 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
2012-08-06 14:32 . 2012-08-06 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 14:26 . 2012-08-06 14:26 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34C6FB5A-2FD3-4F4B-8AFF-C1243426BB80}\MpKsld984e173.sys
2012-08-06 14:26 . 2012-08-06 14:26 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34C6FB5A-2FD3-4F4B-8AFF-C1243426BB80}\offreg.dll
2012-08-06 13:59 . 2009-08-13 14:23 22528 ----a-w- c:\windows\system32\drivers\BthAvrcp.sys
2012-08-06 13:58 . 2012-08-06 13:58 -------- d-----w- c:\windows\LastGood
2012-08-06 13:48 . 2012-08-06 13:48 -------- d-----w- c:\users\Administrator\temp
2012-08-06 07:02 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34C6FB5A-2FD3-4F4B-8AFF-C1243426BB80}\mpengine.dll
2012-08-05 20:30 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-23 21:20 . 2012-07-25 09:37 -------- d-----w- c:\users\Administrator\AppData\Local\InstallShield
2012-07-12 20:05 . 2012-07-12 20:05 -------- d-----w- c:\users\Administrator\AppData\Local\{E7CA10B7-CC5C-11E1-8270-B8AC6F996F26}
2012-07-11 08:01 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 23:10 . 2012-05-22 20:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 23:10 . 2011-08-25 23:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-02 22:19 . 2012-06-21 17:26 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 17:26 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 17:26 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 17:26 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 17:26 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 17:26 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 17:26 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 17:26 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-21 17:26 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-18 15:22 . 2012-05-08 14:24 780 ----a-w- c:\users\Administrator\advanced_ip_scanner_MAC.bin
2012-07-18 20:09 . 2011-09-08 21:27 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-12-06 02:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-12-06 02:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-12-06 02:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-10-16 21:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-10-16 21:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Wisdom-soft ScreenHunter 5.1 Free"="c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe" [2011-09-01 5306880]
"InstallShield"="c:\users\Administrator\AppData\Local\InstallShield\ggbqdaci.dll" [2012-07-23 756224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-31 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-31 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-31 172568]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-08-01 2641272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-12-06 1059472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2012-1-24 2401280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-2-4 1155432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2010-09-15 16:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ActiveBooks Agent;ActiveBooks Agent;c:\program files\ActiveBooks\ActiveBooksAgent.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
S2 ActiveBooks Server;ActiveBooks Server;c:\program files\ActiveBooks\ActiveBooksServer.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLD984E173
*Deregistered* - TmFilter
*Deregistered* - tmlwf
*Deregistered* - tmwfp
*Deregistered* - VSApiNt
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 23:10]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-05 21:31]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-05 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tymunuwe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,3b,1b,6b,28,b4,
0d,29,8c,34,07,8e,8d,2c,46,07,48,eb,48
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,25,
81,36,1c,d9,07,95,c4,13,24,74,4f,24,dd
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,dd,
ca,71,f4,3d,0e,a7,7c,de,65,c3,82,cf,b2
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:af,ab,49,7f,6c,6e,cc,01
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,ef,5e,da,c1,25,33,4d,80,89,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,ef,5e,da,c1,25,33,4d,80,89,3e,\
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.3gp"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="AcroExch.Document"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Excel.Sheet.12"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(600)
c:\windows\system32\wvauth.DLL
c:\windows\System32\TdmNetworkProvider.dll
.
Completion time: 2012-08-06 09:33:57
ComboFix-quarantined-files.txt 2012-08-06 14:33
.
Pre-Run: 154,891,857,920 bytes free
Post-Run: 158,258,167,808 bytes free
.
- - End Of File - - 2500CE79E6CDB93B30501BB19D777E0B

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 06 August 2012 - 12:45 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 th29

th29
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 06 August 2012 - 02:34 PM

TDSSKiller shows up clean. aswMBR found an infected file.

I'm pretty sure I had another redirect. I was directed to an unfamiliar site with a popup, so I just ended the process from my task manager.




_____________________________________________________________________________________________________________________________________________________





13:31:43.0006 10168 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:31:43.0594 10168 ============================================================
13:31:43.0595 10168 Current date / time: 2012/08/06 13:31:43.0594
13:31:43.0595 10168 SystemInfo:
13:31:43.0595 10168
13:31:43.0595 10168 OS Version: 6.1.7601 ServicePack: 1.0
13:31:43.0595 10168 Product type: Workstation
13:31:43.0595 10168 ComputerName: CWBTY
13:31:43.0595 10168 UserName: Administrator
13:31:43.0595 10168 Windows directory: C:\Windows
13:31:43.0595 10168 System windows directory: C:\Windows
13:31:43.0595 10168 Processor architecture: Intel x86
13:31:43.0595 10168 Number of processors: 2
13:31:43.0595 10168 Page size: 0x1000
13:31:43.0595 10168 Boot type: Normal boot
13:31:43.0595 10168 ============================================================
13:31:44.0373 10168 Drive \Device\Harddisk0\DR0 - Size: 0x3A35000000 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76B9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:31:44.0380 10168 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:31:44.0381 10168 ============================================================
13:31:44.0381 10168 \Device\Harddisk0\DR0:
13:31:44.0381 10168 MBR partitions:
13:31:44.0381 10168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x204D000
13:31:44.0381 10168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2061000, BlocksNum 0x1B146800
13:31:44.0381 10168 \Device\Harddisk1\DR1:
13:31:44.0381 10168 MBR partitions:
13:31:44.0381 10168 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:31:44.0381 10168 ============================================================
13:31:44.0432 10168 C: <-> \Device\Harddisk0\DR0\Partition1
13:31:44.0444 10168 E: <-> \Device\Harddisk1\DR1\Partition0
13:31:44.0444 10168 ============================================================
13:31:44.0444 10168 Initialize success
13:31:44.0444 10168 ============================================================
13:31:46.0655 4864 ============================================================
13:31:46.0655 4864 Scan started
13:31:46.0655 4864 Mode: Manual;
13:31:46.0655 4864 ============================================================
13:31:47.0065 4864 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:31:47.0069 4864 1394ohci - ok
13:31:47.0098 4864 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:31:47.0100 4864 ACPI - ok
13:31:47.0128 4864 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:31:47.0129 4864 AcpiPmi - ok
13:31:47.0191 4864 ActiveBooks Agent - ok
13:31:47.0208 4864 ActiveBooks Server - ok
13:31:47.0253 4864 ADIHdAudAddService (9ae87d8e973b18b0cda4a6ac69943ba5) C:\Windows\system32\drivers\ADIHdAud.sys
13:31:47.0257 4864 ADIHdAudAddService - ok
13:31:47.0317 4864 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:31:47.0318 4864 AdobeARMservice - ok
13:31:47.0389 4864 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:31:47.0391 4864 AdobeFlashPlayerUpdateSvc - ok
13:31:47.0436 4864 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
13:31:47.0439 4864 adp94xx - ok
13:31:47.0491 4864 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
13:31:47.0494 4864 adpahci - ok
13:31:47.0550 4864 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
13:31:47.0571 4864 adpu320 - ok
13:31:47.0627 4864 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
13:31:47.0628 4864 AeLookupSvc - ok
13:31:47.0675 4864 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:31:47.0709 4864 AFD - ok
13:31:47.0764 4864 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:31:47.0765 4864 agp440 - ok
13:31:47.0788 4864 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
13:31:47.0789 4864 aic78xx - ok
13:31:47.0827 4864 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
13:31:47.0828 4864 ALG - ok
13:31:47.0840 4864 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:31:47.0848 4864 aliide - ok
13:31:47.0863 4864 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:31:47.0864 4864 amdagp - ok
13:31:47.0876 4864 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:31:47.0877 4864 amdide - ok
13:31:47.0882 4864 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
13:31:47.0883 4864 AmdK8 - ok
13:31:47.0896 4864 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
13:31:47.0897 4864 AmdPPM - ok
13:31:47.0930 4864 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:31:47.0932 4864 amdsata - ok
13:31:47.0956 4864 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
13:31:47.0960 4864 amdsbs - ok
13:31:47.0989 4864 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:31:47.0990 4864 amdxata - ok
13:31:48.0001 4864 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:31:48.0002 4864 AppID - ok
13:31:48.0036 4864 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
13:31:48.0037 4864 AppIDSvc - ok
13:31:48.0066 4864 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
13:31:48.0067 4864 Appinfo - ok
13:31:48.0096 4864 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
13:31:48.0097 4864 AppMgmt - ok
13:31:48.0127 4864 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
13:31:48.0128 4864 arc - ok
13:31:48.0146 4864 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
13:31:48.0147 4864 arcsas - ok
13:31:48.0243 4864 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:31:48.0244 4864 aspnet_state - ok
13:31:48.0266 4864 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:31:48.0267 4864 AsyncMac - ok
13:31:48.0294 4864 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:31:48.0302 4864 atapi - ok
13:31:48.0346 4864 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:31:48.0349 4864 AudioEndpointBuilder - ok
13:31:48.0354 4864 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:31:48.0356 4864 Audiosrv - ok
13:31:48.0401 4864 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
13:31:48.0402 4864 AxInstSV - ok
13:31:48.0449 4864 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
13:31:48.0452 4864 b06bdrv - ok
13:31:48.0478 4864 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:31:48.0480 4864 b57nd60x - ok
13:31:48.0623 4864 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
13:31:48.0625 4864 BBSvc - ok
13:31:48.0659 4864 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
13:31:48.0665 4864 BDESVC - ok
13:31:48.0677 4864 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:31:48.0677 4864 Beep - ok
13:31:48.0726 4864 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
13:31:48.0730 4864 BFE - ok
13:31:48.0768 4864 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
13:31:48.0773 4864 BITS - ok
13:31:48.0795 4864 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:31:48.0795 4864 blbdrive - ok
13:31:48.0883 4864 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
13:31:48.0885 4864 Bonjour Service - ok
13:31:48.0916 4864 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:31:48.0917 4864 bowser - ok
13:31:48.0939 4864 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
13:31:48.0940 4864 BrFiltLo - ok
13:31:48.0959 4864 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
13:31:48.0959 4864 BrFiltUp - ok
13:31:48.0978 4864 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
13:31:48.0979 4864 BridgeMP - ok
13:31:49.0005 4864 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
13:31:49.0006 4864 Browser - ok
13:31:49.0027 4864 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:31:49.0029 4864 Brserid - ok
13:31:49.0053 4864 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:31:49.0054 4864 BrSerWdm - ok
13:31:49.0064 4864 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:31:49.0065 4864 BrUsbMdm - ok
13:31:49.0085 4864 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:31:49.0086 4864 BrUsbSer - ok
13:31:49.0146 4864 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
13:31:49.0224 4864 BrYNSvc - ok
13:31:49.0260 4864 BthAvrcp (db99076533ffb38cbec8ac88e4535850) C:\Windows\system32\DRIVERS\BthAvrcp.sys
13:31:49.0275 4864 BthAvrcp - ok
13:31:49.0323 4864 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
13:31:49.0324 4864 BthEnum - ok
13:31:49.0359 4864 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:31:49.0360 4864 BTHMODEM - ok
13:31:49.0385 4864 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:31:49.0386 4864 BthPan - ok
13:31:49.0412 4864 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
13:31:49.0428 4864 BTHPORT - ok
13:31:49.0464 4864 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
13:31:49.0465 4864 bthserv - ok
13:31:49.0485 4864 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
13:31:49.0486 4864 BTHUSB - ok
13:31:49.0506 4864 btmhsf (d517ba16793d76210c963dab2a88b74f) C:\Windows\system32\DRIVERS\btmhsf.sys
13:31:49.0507 4864 btmhsf - ok
13:31:49.0705 4864 CarboniteService (cfa5f2b90fc2a3f38b297584c9e0d2b8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
13:31:49.0727 4864 CarboniteService - ok
13:31:49.0804 4864 catchme - ok
13:31:49.0840 4864 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:31:49.0841 4864 cdfs - ok
13:31:49.0869 4864 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
13:31:49.0870 4864 cdrom - ok
13:31:49.0903 4864 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:31:49.0904 4864 CertPropSvc - ok
13:31:49.0928 4864 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
13:31:49.0929 4864 circlass - ok
13:31:49.0953 4864 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:31:49.0955 4864 CLFS - ok
13:31:50.0043 4864 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:31:50.0045 4864 clr_optimization_v2.0.50727_32 - ok
13:31:50.0100 4864 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:31:50.0101 4864 clr_optimization_v4.0.30319_32 - ok
13:31:50.0130 4864 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
13:31:50.0131 4864 CmBatt - ok
13:31:50.0140 4864 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:31:50.0141 4864 cmdide - ok
13:31:50.0181 4864 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
13:31:50.0184 4864 CNG - ok
13:31:50.0218 4864 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
13:31:50.0219 4864 Compbatt - ok
13:31:50.0240 4864 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:31:50.0241 4864 CompositeBus - ok
13:31:50.0244 4864 COMSysApp - ok
13:31:50.0272 4864 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
13:31:50.0273 4864 crcdisk - ok
13:31:50.0351 4864 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
13:31:50.0353 4864 CryptSvc - ok
13:31:50.0388 4864 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:31:50.0395 4864 CSC - ok
13:31:50.0422 4864 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
13:31:50.0425 4864 CscService - ok
13:31:50.0461 4864 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:31:50.0465 4864 DcomLaunch - ok
13:31:50.0491 4864 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
13:31:50.0513 4864 defragsvc - ok
13:31:50.0587 4864 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:31:50.0589 4864 DfsC - ok
13:31:50.0626 4864 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
13:31:50.0628 4864 Dhcp - ok
13:31:50.0636 4864 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:31:50.0637 4864 discache - ok
13:31:50.0664 4864 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
13:31:50.0684 4864 Disk - ok
13:31:50.0710 4864 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
13:31:50.0716 4864 dmvsc - ok
13:31:50.0745 4864 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
13:31:50.0746 4864 Dnscache - ok
13:31:50.0765 4864 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
13:31:50.0767 4864 dot3svc - ok
13:31:50.0790 4864 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
13:31:50.0792 4864 DPS - ok
13:31:50.0815 4864 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:31:50.0816 4864 drmkaud - ok
13:31:50.0856 4864 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:31:50.0870 4864 DXGKrnl - ok
13:31:50.0901 4864 e1kexpress (19e30c3c80d8ce29944b3f30ff9c8b76) C:\Windows\system32\DRIVERS\e1k6232.sys
13:31:50.0903 4864 e1kexpress - ok
13:31:50.0939 4864 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
13:31:50.0940 4864 EapHost - ok
13:31:51.0096 4864 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
13:31:51.0144 4864 ebdrv - ok
13:31:51.0188 4864 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
13:31:51.0203 4864 EFS - ok
13:31:51.0276 4864 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
13:31:51.0281 4864 ehRecvr - ok
13:31:51.0295 4864 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
13:31:51.0295 4864 ehSched - ok
13:31:51.0358 4864 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
13:31:51.0361 4864 elxstor - ok
13:31:51.0375 4864 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:31:51.0376 4864 ErrDev - ok
13:31:51.0408 4864 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
13:31:51.0411 4864 EventSystem - ok
13:31:51.0427 4864 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:31:51.0432 4864 exfat - ok
13:31:51.0458 4864 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:31:51.0459 4864 fastfat - ok
13:31:51.0518 4864 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
13:31:51.0522 4864 Fax - ok
13:31:51.0594 4864 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
13:31:51.0595 4864 fdc - ok
13:31:51.0618 4864 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
13:31:51.0619 4864 fdPHost - ok
13:31:51.0626 4864 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
13:31:51.0627 4864 FDResPub - ok
13:31:51.0643 4864 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:31:51.0644 4864 FileInfo - ok
13:31:51.0656 4864 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:31:51.0657 4864 Filetrace - ok
13:31:51.0667 4864 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
13:31:51.0668 4864 flpydisk - ok
13:31:51.0698 4864 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:31:51.0700 4864 FltMgr - ok
13:31:51.0758 4864 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
13:31:51.0763 4864 FontCache - ok
13:31:51.0800 4864 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:31:51.0801 4864 FontCache3.0.0.0 - ok
13:31:51.0820 4864 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:31:51.0821 4864 FsDepends - ok
13:31:51.0858 4864 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
13:31:51.0868 4864 fssfltr - ok
13:31:51.0986 4864 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
13:31:51.0995 4864 fsssvc - ok
13:31:52.0023 4864 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
13:31:52.0031 4864 Fs_Rec - ok
13:31:52.0057 4864 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:31:52.0059 4864 fvevol - ok
13:31:52.0074 4864 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
13:31:52.0075 4864 gagp30kx - ok
13:31:52.0108 4864 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
13:31:52.0113 4864 gpsvc - ok
13:31:52.0234 4864 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:31:52.0235 4864 gupdate - ok
13:31:52.0240 4864 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:31:52.0241 4864 gupdatem - ok
13:31:52.0276 4864 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:31:52.0278 4864 hcw85cir - ok
13:31:52.0309 4864 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:31:52.0310 4864 HDAudBus - ok
13:31:52.0326 4864 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
13:31:52.0326 4864 HidBatt - ok
13:31:52.0356 4864 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:31:52.0357 4864 HidBth - ok
13:31:52.0366 4864 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
13:31:52.0367 4864 HidIr - ok
13:31:52.0384 4864 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
13:31:52.0385 4864 hidserv - ok
13:31:52.0415 4864 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
13:31:52.0416 4864 HidUsb - ok
13:31:52.0447 4864 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
13:31:52.0449 4864 hkmsvc - ok
13:31:52.0493 4864 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
13:31:52.0496 4864 HomeGroupListener - ok
13:31:52.0517 4864 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
13:31:52.0521 4864 HomeGroupProvider - ok
13:31:52.0553 4864 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:31:52.0554 4864 HpSAMD - ok
13:31:52.0607 4864 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:31:52.0610 4864 HTTP - ok
13:31:52.0630 4864 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:31:52.0631 4864 hwpolicy - ok
13:31:52.0685 4864 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:31:52.0687 4864 i8042prt - ok
13:31:52.0739 4864 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\drivers\iaStor.sys
13:31:52.0742 4864 iaStor - ok
13:31:52.0837 4864 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:31:52.0838 4864 IAStorDataMgrSvc - ok
13:31:52.0865 4864 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:31:52.0867 4864 iaStorV - ok
13:31:52.0897 4864 iBtFltCoex (61401ba4183bc171ba114fce4981bb33) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
13:31:52.0898 4864 iBtFltCoex - ok
13:31:52.0957 4864 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:31:52.0970 4864 idsvc - ok
13:31:53.0222 4864 igfx (0202fbccd44a92e3a8205123b2d4e8d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:31:53.0401 4864 igfx - ok
13:31:53.0447 4864 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
13:31:53.0448 4864 iirsp - ok
13:31:53.0501 4864 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
13:31:53.0506 4864 IKEEXT - ok
13:31:53.0523 4864 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:31:53.0524 4864 intelide - ok
13:31:53.0575 4864 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:31:53.0576 4864 intelppm - ok
13:31:53.0597 4864 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
13:31:53.0598 4864 IPBusEnum - ok
13:31:53.0631 4864 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:31:53.0645 4864 IpFilterDriver - ok
13:31:53.0679 4864 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
13:31:53.0683 4864 iphlpsvc - ok
13:31:53.0700 4864 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:31:53.0701 4864 IPMIDRV - ok
13:31:53.0720 4864 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:31:53.0729 4864 IPNAT - ok
13:31:53.0760 4864 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:31:53.0761 4864 IRENUM - ok
13:31:53.0772 4864 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:31:53.0773 4864 isapnp - ok
13:31:53.0797 4864 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:31:53.0799 4864 iScsiPrt - ok
13:31:53.0833 4864 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:31:53.0834 4864 kbdclass - ok
13:31:53.0863 4864 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
13:31:53.0864 4864 kbdhid - ok
13:31:53.0896 4864 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:31:53.0898 4864 KeyIso - ok
13:31:53.0937 4864 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
13:31:53.0938 4864 KSecDD - ok
13:31:53.0995 4864 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
13:31:53.0997 4864 KSecPkg - ok
13:31:54.0024 4864 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
13:31:54.0027 4864 KtmRm - ok
13:31:54.0057 4864 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
13:31:54.0073 4864 LanmanServer - ok
13:31:54.0099 4864 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
13:31:54.0103 4864 LanmanWorkstation - ok
13:31:54.0131 4864 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:31:54.0132 4864 lltdio - ok
13:31:54.0165 4864 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
13:31:54.0168 4864 lltdsvc - ok
13:31:54.0195 4864 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
13:31:54.0197 4864 lmhosts - ok
13:31:54.0229 4864 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
13:31:54.0237 4864 LSI_FC - ok
13:31:54.0254 4864 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
13:31:54.0255 4864 LSI_SAS - ok
13:31:54.0270 4864 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
13:31:54.0270 4864 LSI_SAS2 - ok
13:31:54.0298 4864 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
13:31:54.0299 4864 LSI_SCSI - ok
13:31:54.0322 4864 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:31:54.0323 4864 luafv - ok
13:31:54.0341 4864 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
13:31:54.0343 4864 Mcx2Svc - ok
13:31:54.0355 4864 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
13:31:54.0356 4864 megasas - ok
13:31:54.0378 4864 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
13:31:54.0382 4864 MegaSR - ok
13:31:54.0399 4864 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:31:54.0401 4864 MMCSS - ok
13:31:54.0420 4864 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:31:54.0421 4864 Modem - ok
13:31:54.0459 4864 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:31:54.0460 4864 monitor - ok
13:31:54.0477 4864 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:31:54.0479 4864 mouclass - ok
13:31:54.0514 4864 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:31:54.0515 4864 mouhid - ok
13:31:54.0529 4864 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:31:54.0531 4864 mountmgr - ok
13:31:54.0673 4864 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:31:54.0674 4864 MozillaMaintenance - ok
13:31:54.0739 4864 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
13:31:54.0740 4864 MpFilter - ok
13:31:54.0767 4864 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:31:54.0769 4864 mpio - ok
13:31:54.0870 4864 MpKsla21eeb9a (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{04AAA2AB-4106-48F8-A6B5-D2C0FACB262D}\MpKsla21eeb9a.sys
13:31:54.0870 4864 MpKsla21eeb9a - ok
13:31:54.0894 4864 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:31:54.0894 4864 mpsdrv - ok
13:31:54.0926 4864 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
13:31:54.0931 4864 MpsSvc - ok
13:31:54.0943 4864 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:31:54.0945 4864 MRxDAV - ok
13:31:54.0972 4864 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:31:54.0978 4864 mrxsmb - ok
13:31:55.0003 4864 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:31:55.0005 4864 mrxsmb10 - ok
13:31:55.0024 4864 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:31:55.0026 4864 mrxsmb20 - ok
13:31:55.0055 4864 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:31:55.0056 4864 msahci - ok
13:31:55.0067 4864 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:31:55.0068 4864 msdsm - ok
13:31:55.0105 4864 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
13:31:55.0108 4864 MSDTC - ok
13:31:55.0133 4864 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:31:55.0144 4864 Msfs - ok
13:31:55.0157 4864 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:31:55.0165 4864 mshidkmdf - ok
13:31:55.0183 4864 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:31:55.0184 4864 msisadrv - ok
13:31:55.0219 4864 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
13:31:55.0221 4864 MSiSCSI - ok
13:31:55.0224 4864 msiserver - ok
13:31:55.0247 4864 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:31:55.0248 4864 MSKSSRV - ok
13:31:55.0301 4864 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:31:55.0301 4864 MsMpSvc - ok
13:31:55.0323 4864 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:31:55.0324 4864 MSPCLOCK - ok
13:31:55.0343 4864 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:31:55.0344 4864 MSPQM - ok
13:31:55.0378 4864 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:31:55.0379 4864 MsRPC - ok
13:31:55.0395 4864 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
13:31:55.0396 4864 mssmbios - ok
13:31:55.0412 4864 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:31:55.0413 4864 MSTEE - ok
13:31:55.0427 4864 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
13:31:55.0428 4864 MTConfig - ok
13:31:55.0461 4864 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:31:55.0463 4864 Mup - ok
13:31:55.0498 4864 NAL (428c611928df3e96538a482117e659f7) C:\Windows\system32\Drivers\iqvw32.sys
13:31:55.0499 4864 NAL - ok
13:31:55.0556 4864 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
13:31:55.0559 4864 napagent - ok
13:31:55.0592 4864 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:31:55.0610 4864 NativeWifiP - ok
13:31:55.0678 4864 NDIS (3723262737d90f58059ceda7373b0387) C:\Windows\system32\drivers\ndis.sys
13:31:55.0682 4864 NDIS - ok
13:31:55.0705 4864 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:31:55.0713 4864 NdisCap - ok
13:31:55.0732 4864 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:31:55.0733 4864 NdisTapi - ok
13:31:55.0756 4864 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:31:55.0757 4864 Ndisuio - ok
13:31:55.0776 4864 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:31:55.0778 4864 NdisWan - ok
13:31:55.0790 4864 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:31:55.0791 4864 NDProxy - ok
13:31:55.0806 4864 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:31:55.0807 4864 NetBIOS - ok
13:31:55.0824 4864 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:31:55.0825 4864 NetBT - ok
13:31:55.0829 4864 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:31:55.0832 4864 Netlogon - ok
13:31:55.0962 4864 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
13:31:55.0965 4864 Netman - ok
13:31:56.0072 4864 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:31:56.0074 4864 NetMsmqActivator - ok
13:31:56.0077 4864 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:31:56.0078 4864 NetPipeActivator - ok
13:31:56.0105 4864 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
13:31:56.0109 4864 netprofm - ok
13:31:56.0113 4864 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:31:56.0114 4864 NetTcpActivator - ok
13:31:56.0117 4864 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:31:56.0119 4864 NetTcpPortSharing - ok
13:31:56.0154 4864 netvsc (104be93f0607c6aa0d85319581f96ec2) C:\Windows\system32\DRIVERS\netvsc60.sys
13:31:56.0155 4864 netvsc - ok
13:31:56.0195 4864 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
13:31:56.0196 4864 nfrd960 - ok
13:31:56.0241 4864 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:31:56.0241 4864 NisDrv - ok
13:31:56.0285 4864 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:31:56.0286 4864 NisSrv - ok
13:31:56.0316 4864 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
13:31:56.0319 4864 NlaSvc - ok
13:31:56.0328 4864 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:31:56.0330 4864 Npfs - ok
13:31:56.0342 4864 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
13:31:56.0344 4864 nsi - ok
13:31:56.0355 4864 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:31:56.0356 4864 nsiproxy - ok
13:31:56.0419 4864 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:31:56.0426 4864 Ntfs - ok
13:31:56.0449 4864 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:31:56.0450 4864 Null - ok
13:31:56.0479 4864 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:31:56.0480 4864 nvraid - ok
13:31:56.0526 4864 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:31:56.0527 4864 nvstor - ok
13:31:56.0587 4864 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:31:56.0588 4864 nv_agp - ok
13:31:56.0608 4864 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:31:56.0609 4864 ohci1394 - ok
13:31:56.0672 4864 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:31:56.0673 4864 ose - ok
13:31:56.0850 4864 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:31:56.0873 4864 osppsvc - ok
13:31:56.0912 4864 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:31:56.0915 4864 p2pimsvc - ok
13:31:56.0956 4864 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
13:31:56.0959 4864 p2psvc - ok
13:31:57.0003 4864 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:31:57.0005 4864 Parport - ok
13:31:57.0042 4864 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
13:31:57.0043 4864 partmgr - ok
13:31:57.0060 4864 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:31:57.0061 4864 Parvdm - ok
13:31:57.0104 4864 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
13:31:57.0104 4864 PBADRV - ok
13:31:57.0141 4864 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
13:31:57.0143 4864 PcaSvc - ok
13:31:57.0162 4864 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:31:57.0164 4864 pci - ok
13:31:57.0188 4864 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:31:57.0189 4864 pciide - ok
13:31:57.0205 4864 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
13:31:57.0207 4864 pcmcia - ok
13:31:57.0238 4864 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:31:57.0239 4864 pcw - ok
13:31:57.0334 4864 PDFProFiltSrvPP (c1c3baf078be5a14384a4ba2d730817d) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
13:31:57.0336 4864 PDFProFiltSrvPP - ok
13:31:57.0377 4864 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:31:57.0380 4864 PEAUTH - ok
13:31:57.0419 4864 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
13:31:57.0427 4864 PeerDistSvc - ok
13:31:57.0500 4864 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
13:31:57.0510 4864 pla - ok
13:31:57.0578 4864 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
13:31:57.0584 4864 PlugPlay - ok
13:31:57.0635 4864 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
13:31:57.0637 4864 PNRPAutoReg - ok
13:31:57.0643 4864 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:31:57.0647 4864 PNRPsvc - ok
13:31:57.0681 4864 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
13:31:57.0684 4864 PolicyAgent - ok
13:31:57.0728 4864 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
13:31:57.0731 4864 Power - ok
13:31:57.0778 4864 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:31:57.0779 4864 PptpMiniport - ok
13:31:57.0808 4864 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
13:31:57.0809 4864 Processor - ok
13:31:57.0858 4864 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
13:31:57.0861 4864 ProfSvc - ok
13:31:57.0865 4864 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:31:57.0867 4864 ProtectedStorage - ok
13:31:57.0902 4864 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:31:57.0903 4864 Psched - ok
13:31:57.0985 4864 QBCFMonitorService (ee46f431b25c14778d2e89d6f10f1d65) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
13:31:57.0998 4864 QBCFMonitorService - ok
13:31:58.0028 4864 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
13:31:58.0028 4864 QBFCService - ok
13:31:58.0082 4864 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
13:31:58.0090 4864 ql2300 - ok
13:31:58.0116 4864 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
13:31:58.0117 4864 ql40xx - ok
13:31:58.0154 4864 QuickBooksDB20 - ok
13:31:58.0193 4864 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
13:31:58.0196 4864 QWAVE - ok
13:31:58.0216 4864 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:31:58.0216 4864 QWAVEdrv - ok
13:31:58.0238 4864 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:31:58.0239 4864 RasAcd - ok
13:31:58.0269 4864 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:31:58.0270 4864 RasAgileVpn - ok
13:31:58.0305 4864 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
13:31:58.0308 4864 RasAuto - ok
13:31:58.0326 4864 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:31:58.0328 4864 Rasl2tp - ok
13:31:58.0349 4864 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
13:31:58.0352 4864 RasMan - ok
13:31:58.0361 4864 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:31:58.0363 4864 RasPppoe - ok
13:31:58.0382 4864 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:31:58.0389 4864 RasSstp - ok
13:31:58.0412 4864 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:31:58.0414 4864 rdbss - ok
13:31:58.0425 4864 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:31:58.0426 4864 rdpbus - ok
13:31:58.0446 4864 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:31:58.0447 4864 RDPCDD - ok
13:31:58.0481 4864 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:31:58.0482 4864 RDPDR - ok
13:31:58.0499 4864 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:31:58.0499 4864 RDPENCDD - ok
13:31:58.0508 4864 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:31:58.0521 4864 RDPREFMP - ok
13:31:58.0582 4864 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
13:31:58.0583 4864 RDPWD - ok
13:31:58.0602 4864 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:31:58.0604 4864 rdyboost - ok
13:31:58.0640 4864 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
13:31:58.0642 4864 RemoteAccess - ok
13:31:58.0670 4864 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
13:31:58.0675 4864 RemoteRegistry - ok
13:31:58.0701 4864 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:31:58.0703 4864 RFCOMM - ok
13:31:58.0725 4864 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
13:31:58.0728 4864 RpcEptMapper - ok
13:31:58.0743 4864 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
13:31:58.0745 4864 RpcLocator - ok
13:31:58.0758 4864 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:31:58.0762 4864 RpcSs - ok
13:31:58.0786 4864 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:31:58.0793 4864 rspndr - ok
13:31:58.0814 4864 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:31:58.0830 4864 s3cap - ok
13:31:58.0834 4864 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:31:58.0836 4864 SamSs - ok
13:31:58.0872 4864 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:31:58.0873 4864 sbp2port - ok
13:31:58.0891 4864 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
13:31:58.0894 4864 SCardSvr - ok
13:31:58.0902 4864 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:31:58.0903 4864 scfilter - ok
13:31:58.0937 4864 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
13:31:58.0943 4864 Schedule - ok
13:31:58.0969 4864 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:31:58.0969 4864 SCPolicySvc - ok
13:31:59.0007 4864 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
13:31:59.0011 4864 SDRSVC - ok
13:31:59.0073 4864 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
13:31:59.0075 4864 SeaPort - ok
13:31:59.0086 4864 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:31:59.0086 4864 secdrv - ok
13:31:59.0098 4864 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
13:31:59.0100 4864 seclogon - ok
13:31:59.0247 4864 SecureStorageService (6abf8e8ae3800ccf84d9ae6865a641e5) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
13:31:59.0544 4864 SecureStorageService - ok
13:31:59.0571 4864 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
13:31:59.0573 4864 SENS - ok
13:31:59.0592 4864 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
13:31:59.0595 4864 SensrSvc - ok
13:31:59.0616 4864 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:31:59.0617 4864 Serenum - ok
13:31:59.0628 4864 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:31:59.0629 4864 Serial - ok
13:31:59.0670 4864 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
13:31:59.0671 4864 sermouse - ok
13:31:59.0693 4864 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
13:31:59.0695 4864 SessionEnv - ok
13:31:59.0720 4864 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:31:59.0721 4864 sffdisk - ok
13:31:59.0729 4864 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:31:59.0730 4864 sffp_mmc - ok
13:31:59.0739 4864 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:31:59.0740 4864 sffp_sd - ok
13:31:59.0748 4864 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
13:31:59.0749 4864 sfloppy - ok
13:31:59.0782 4864 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
13:31:59.0785 4864 SharedAccess - ok
13:31:59.0822 4864 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
13:31:59.0826 4864 ShellHWDetection - ok
13:31:59.0855 4864 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:31:59.0859 4864 sisagp - ok
13:31:59.0879 4864 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
13:31:59.0880 4864 SiSRaid2 - ok
13:31:59.0900 4864 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
13:31:59.0901 4864 SiSRaid4 - ok
13:31:59.0911 4864 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:31:59.0919 4864 Smb - ok
13:31:59.0942 4864 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
13:31:59.0945 4864 SNMPTRAP - ok
13:31:59.0986 4864 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:31:59.0987 4864 spldr - ok
13:32:00.0015 4864 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
13:32:00.0018 4864 Spooler - ok
13:32:00.0126 4864 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
13:32:00.0177 4864 sppsvc - ok
13:32:00.0210 4864 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
13:32:00.0213 4864 sppuinotify - ok
13:32:00.0241 4864 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:32:00.0243 4864 srv - ok
13:32:00.0285 4864 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:32:00.0287 4864 srv2 - ok
13:32:00.0308 4864 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:32:00.0309 4864 srvnet - ok
13:32:00.0343 4864 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
13:32:00.0346 4864 SSDPSRV - ok
13:32:00.0379 4864 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
13:32:00.0382 4864 SstpSvc - ok
13:32:00.0416 4864 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
13:32:00.0417 4864 stexstor - ok
13:32:00.0444 4864 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
13:32:00.0445 4864 StillCam - ok
13:32:00.0478 4864 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
13:32:00.0483 4864 StiSvc - ok
13:32:00.0509 4864 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
13:32:00.0518 4864 StorSvc - ok
13:32:00.0556 4864 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:32:00.0557 4864 storvsc - ok
13:32:00.0579 4864 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
13:32:00.0580 4864 swenum - ok
13:32:00.0630 4864 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
13:32:00.0634 4864 swprv - ok
13:32:00.0664 4864 SynthVid (04990c25043705985f1ec40bf704aaac) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
13:32:00.0665 4864 SynthVid - ok
13:32:00.0705 4864 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
13:32:00.0721 4864 SysMain - ok
13:32:00.0732 4864 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
13:32:00.0744 4864 TabletInputService - ok
13:32:00.0766 4864 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
13:32:00.0775 4864 TapiSrv - ok
13:32:00.0794 4864 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
13:32:00.0796 4864 TBS - ok
13:32:00.0880 4864 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
13:32:00.0890 4864 Tcpip - ok
13:32:00.0922 4864 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
13:32:00.0929 4864 TCPIP6 - ok
13:32:00.0987 4864 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:32:00.0989 4864 tcpipreg - ok
13:32:01.0096 4864 tcsd_win32.exe (e42d560e2163480e7b586b14abeb3386) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
13:32:01.0214 4864 tcsd_win32.exe - ok
13:32:01.0380 4864 TdmService (b434294eaa2ae4fb9bd63e25eb89b86f) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
13:32:01.0455 4864 TdmService - ok
13:32:01.0493 4864 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:32:01.0494 4864 TDPIPE - ok
13:32:01.0528 4864 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
13:32:01.0529 4864 TDTCP - ok
13:32:01.0582 4864 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:32:01.0583 4864 tdx - ok
13:32:01.0892 4864 TeamViewer7 (2bbb318ea9f34fdc508cea4aab98d770) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
13:32:01.0906 4864 TeamViewer7 - ok
13:32:01.0932 4864 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
13:32:01.0934 4864 TermDD - ok
13:32:01.0971 4864 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
13:32:01.0976 4864 TermService - ok
13:32:01.0991 4864 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
13:32:01.0993 4864 Themes - ok
13:32:02.0016 4864 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:32:02.0018 4864 THREADORDER - ok
13:32:02.0028 4864 tmtdi - ok
13:32:02.0059 4864 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
13:32:02.0061 4864 TrkWks - ok
13:32:02.0113 4864 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
13:32:02.0115 4864 TrustedInstaller - ok
13:32:02.0131 4864 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:32:02.0132 4864 tssecsrv - ok
13:32:02.0146 4864 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:32:02.0148 4864 TsUsbFlt - ok
13:32:02.0169 4864 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
13:32:02.0178 4864 TsUsbGD - ok
13:32:02.0203 4864 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:32:02.0204 4864 tunnel - ok
13:32:02.0226 4864 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
13:32:02.0253 4864 uagp35 - ok
13:32:02.0296 4864 ubloxusb (d363d7083263704287609b607fa9ba8a) C:\Windows\system32\DRIVERS\ubloxusb.sys
13:32:02.0297 4864 ubloxusb - ok
13:32:02.0311 4864 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:32:02.0315 4864 udfs - ok
13:32:02.0344 4864 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
13:32:02.0346 4864 UI0Detect - ok
13:32:02.0391 4864 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:32:02.0391 4864 uliagpkx - ok
13:32:02.0425 4864 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
13:32:02.0426 4864 umbus - ok
13:32:02.0447 4864 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
13:32:02.0448 4864 UmPass - ok
13:32:02.0483 4864 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
13:32:02.0486 4864 UmRdpService - ok
13:32:02.0521 4864 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
13:32:02.0524 4864 upnphost - ok
13:32:02.0569 4864 usbccgp (4663ad7f61519e88687393bfcb154e4c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:32:02.0571 4864 usbccgp - ok
13:32:02.0584 4864 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:32:02.0585 4864 usbcir - ok
13:32:02.0597 4864 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:32:02.0598 4864 usbehci - ok
13:32:02.0631 4864 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:32:02.0633 4864 usbhub - ok
13:32:02.0655 4864 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:32:02.0656 4864 usbohci - ok
13:32:02.0686 4864 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
13:32:02.0687 4864 usbprint - ok
13:32:02.0715 4864 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:32:02.0747 4864 USBSTOR - ok
13:32:02.0759 4864 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:32:02.0774 4864 usbuhci - ok
13:32:02.0786 4864 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
13:32:02.0789 4864 UxSms - ok
13:32:02.0820 4864 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:32:02.0822 4864 VaultSvc - ok
13:32:02.0841 4864 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:32:02.0842 4864 vdrvroot - ok
13:32:02.0872 4864 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
13:32:02.0878 4864 vds - ok
13:32:02.0895 4864 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:32:02.0896 4864 vga - ok
13:32:02.0907 4864 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:32:02.0908 4864 VgaSave - ok
13:32:02.0946 4864 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:32:02.0947 4864 vhdmp - ok
13:32:02.0986 4864 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:32:02.0987 4864 viaagp - ok
13:32:03.0004 4864 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
13:32:03.0005 4864 ViaC7 - ok
13:32:03.0017 4864 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:32:03.0018 4864 viaide - ok
13:32:03.0030 4864 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:32:03.0030 4864 VMBusHID - ok
13:32:03.0045 4864 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:32:03.0046 4864 volmgr - ok
13:32:03.0064 4864 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:32:03.0066 4864 volmgrx - ok
13:32:03.0088 4864 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:32:03.0102 4864 volsnap - ok
13:32:03.0135 4864 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
13:32:03.0136 4864 vpcbus - ok
13:32:03.0171 4864 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:32:03.0172 4864 vpcnfltr - ok
13:32:03.0191 4864 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
13:32:03.0193 4864 vpcusb - ok
13:32:03.0218 4864 vpcvmm (e8e4757a9dc0b2836a85f932227b5bd6) C:\Windows\system32\drivers\vpcvmm.sys
13:32:03.0220 4864 vpcvmm - ok
13:32:03.0266 4864 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
13:32:03.0267 4864 vsmraid - ok
13:32:03.0324 4864 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
13:32:03.0333 4864 VSS - ok
13:32:03.0343 4864 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:32:03.0344 4864 vwifibus - ok
13:32:03.0360 4864 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
13:32:03.0369 4864 W32Time - ok
13:32:03.0408 4864 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
13:32:03.0409 4864 WacomPen - ok
13:32:03.0436 4864 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:32:03.0438 4864 WANARP - ok
13:32:03.0440 4864 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:32:03.0441 4864 Wanarpv6 - ok
13:32:03.0576 4864 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
13:32:03.0588 4864 WatAdminSvc - ok
13:32:03.0692 4864 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
13:32:03.0701 4864 wbengine - ok
13:32:03.0719 4864 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
13:32:03.0722 4864 WbioSrvc - ok
13:32:03.0744 4864 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
13:32:03.0748 4864 wcncsvc - ok
13:32:03.0774 4864 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
13:32:03.0781 4864 WcsPlugInService - ok
13:32:03.0813 4864 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
13:32:03.0821 4864 Wd - ok
13:32:03.0865 4864 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:32:03.0868 4864 Wdf01000 - ok
13:32:03.0881 4864 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:32:03.0883 4864 WdiServiceHost - ok
13:32:03.0886 4864 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:32:03.0889 4864 WdiSystemHost - ok
13:32:03.0910 4864 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
13:32:03.0927 4864 WebClient - ok
13:32:03.0939 4864 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
13:32:03.0943 4864 Wecsvc - ok
13:32:03.0963 4864 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
13:32:03.0965 4864 wercplsupport - ok
13:32:03.0995 4864 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
13:32:03.0997 4864 WerSvc - ok
13:32:04.0023 4864 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:32:04.0024 4864 WfpLwf - ok
13:32:04.0044 4864 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:32:04.0045 4864 WIMMount - ok
13:32:04.0099 4864 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
13:32:04.0104 4864 WinDefend - ok
13:32:04.0111 4864 WinHttpAutoProxySvc - ok
13:32:04.0160 4864 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
13:32:04.0178 4864 Winmgmt - ok
13:32:04.0233 4864 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
13:32:04.0242 4864 WinRM - ok
13:32:04.0285 4864 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:32:04.0286 4864 WinUsb - ok
13:32:04.0335 4864 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
13:32:04.0341 4864 Wlansvc - ok
13:32:04.0395 4864 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:32:04.0396 4864 wlcrasvc - ok
13:32:04.0519 4864 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:32:04.0527 4864 wlidsvc - ok
13:32:04.0555 4864 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:32:04.0555 4864 WmiAcpi - ok
13:32:04.0628 4864 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
13:32:04.0630 4864 wmiApSrv - ok
13:32:04.0709 4864 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:32:04.0716 4864 WMPNetworkSvc - ok
13:32:04.0745 4864 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
13:32:04.0747 4864 WPCSvc - ok
13:32:04.0763 4864 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
13:32:04.0766 4864 WPDBusEnum - ok
13:32:04.0775 4864 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:32:04.0776 4864 ws2ifsl - ok
13:32:04.0801 4864 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
13:32:04.0815 4864 wscsvc - ok
13:32:04.0860 4864 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:32:04.0861 4864 WSDPrintDevice - ok
13:32:04.0865 4864 WSearch - ok
13:32:04.0978 4864 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
13:32:04.0991 4864 wuauserv - ok
13:32:05.0026 4864 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:32:05.0027 4864 WudfPf - ok
13:32:05.0064 4864 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:32:05.0065 4864 WUDFRd - ok
13:32:05.0086 4864 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
13:32:05.0089 4864 wudfsvc - ok
13:32:05.0105 4864 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
13:32:05.0108 4864 WwanSvc - ok
13:32:05.0148 4864 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:32:05.0258 4864 \Device\Harddisk0\DR0 - ok
13:32:05.0261 4864 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
13:32:05.0264 4864 \Device\Harddisk1\DR1 - ok
13:32:05.0267 4864 Boot (0x1200) (8d03a0301351c0053867ca6159945a8a) \Device\Harddisk0\DR0\Partition0
13:32:05.0268 4864 \Device\Harddisk0\DR0\Partition0 - ok
13:32:05.0282 4864 Boot (0x1200) (ff4bbfa92881d493f39002b6f67749f1) \Device\Harddisk0\DR0\Partition1
13:32:05.0291 4864 \Device\Harddisk0\DR0\Partition1 - ok
13:32:05.0294 4864 Boot (0x1200) (5cc758d8c0f7c1e4477ee908e2a51424) \Device\Harddisk1\DR1\Partition0
13:32:05.0297 4864 \Device\Harddisk1\DR1\Partition0 - ok
13:32:05.0297 4864 ============================================================
13:32:05.0297 4864 Scan finished
13:32:05.0297 4864 ============================================================
13:32:05.0305 2844 Detected object count: 0
13:32:05.0305 2844 Actual detected object count: 0














_________________________________________________________________________________________________________________________














aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-06 13:34:02
-----------------------------
13:34:02.822 OS Version: Windows 6.1.7601 Service Pack 1
13:34:02.822 Number of processors: 2 586 0x170A
13:34:02.823 ComputerName: CWBTY UserName:
13:34:03.621 Initialize success
13:47:04.604 AVAST engine defs: 12080600
13:57:14.658 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:57:14.658 Disk 0 Vendor: Intel___ 1.0. Size: 238416MB BusType: 8
13:57:14.674 Disk 0 MBR read successfully
13:57:14.674 Disk 0 MBR scan
13:57:14.690 Disk 0 Windows VISTA default MBR code
13:57:14.690 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
13:57:14.705 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 16538 MB offset 81920
13:57:14.736 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 221837 MB offset 33951744
13:57:14.768 Disk 0 scanning sectors +488273920
13:57:14.970 Disk 0 scanning C:\Windows\system32\drivers
13:57:32.692 Service scanning
13:57:50.852 Service MpKsla21eeb9a c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{04AAA2AB-4106-48F8-A6B5-D2C0FACB262D}\MpKsla21eeb9a.sys **LOCKED** 32
13:58:09.260 Modules scanning
13:58:18.838 Disk 0 trace - called modules:
13:58:18.838
13:58:19.587 AVAST engine scan C:\Windows
13:58:23.955 AVAST engine scan C:\Windows\system32
14:03:39.002 AVAST engine scan C:\Windows\system32\drivers
14:04:05.522 AVAST engine scan C:\Users\Administrator
14:05:07.194 File: C:\Users\Administrator\AppData\Local\InstallShield\ggbqdaci.dll **INFECTED** Win32:Downloader-PPQ [Trj]
14:11:14.863 AVAST engine scan C:\ProgramData
14:13:27.572 Scan finished successfully
14:29:47.721 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
14:29:47.737 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 06 August 2012 - 03:08 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Users\Administrator\AppData\Local\InstallShield\ggbqdaci.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 th29

th29
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 06 August 2012 - 04:26 PM

Combofix ran without error. It has not redirected me since the fix. Looking good so far.




_____________________________________________________________________________________________________________________________________






ComboFix 12-08-05.02 - Administrator 08/06/2012 16:10:40.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3548.2308 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Administrator\AppData\Local\InstallShield\ggbqdaci.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\InstallShield\ggbqdaci.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 21:15 . 2012-08-06 21:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-06 21:15 . 2012-08-06 21:15 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
2012-08-06 21:15 . 2012-08-06 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 21:09 . 2012-08-06 21:09 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04AAA2AB-4106-48F8-A6B5-D2C0FACB262D}\offreg.dll
2012-08-06 18:31 . 2012-08-06 18:31 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04AAA2AB-4106-48F8-A6B5-D2C0FACB262D}\MpKsla21eeb9a.sys
2012-08-06 15:23 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04AAA2AB-4106-48F8-A6B5-D2C0FACB262D}\mpengine.dll
2012-08-06 13:59 . 2009-08-13 14:23 22528 ----a-w- c:\windows\system32\drivers\BthAvrcp.sys
2012-08-06 13:58 . 2012-08-06 13:58 -------- d-----w- c:\windows\LastGood
2012-08-06 13:48 . 2012-08-06 13:48 -------- d-----w- c:\users\Administrator\temp
2012-08-05 20:30 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-23 21:20 . 2012-08-06 21:14 -------- d-----w- c:\users\Administrator\AppData\Local\InstallShield
2012-07-12 20:05 . 2012-07-12 20:05 -------- d-----w- c:\users\Administrator\AppData\Local\{E7CA10B7-CC5C-11E1-8270-B8AC6F996F26}
2012-07-11 08:01 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 23:10 . 2012-05-22 20:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 23:10 . 2011-08-25 23:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-02 22:19 . 2012-06-21 17:26 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 17:26 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 17:26 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 17:26 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 17:26 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 17:26 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 17:26 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 17:26 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-21 17:26 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-18 15:22 . 2012-05-08 14:24 780 ----a-w- c:\users\Administrator\advanced_ip_scanner_MAC.bin
2012-07-18 20:09 . 2011-09-08 21:27 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-12-06 02:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-12-06 02:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-12-06 02:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-10-16 21:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-10-16 21:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Wisdom-soft ScreenHunter 5.1 Free"="c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe" [2011-09-01 5306880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-31 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-31 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-31 172568]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-08-01 2641272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-12-06 1059472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2012-1-24 2401280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-2-4 1155432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2010-09-15 16:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ActiveBooks Agent;ActiveBooks Agent;c:\program files\ActiveBooks\ActiveBooksAgent.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
S2 ActiveBooks Server;ActiveBooks Server;c:\program files\ActiveBooks\ActiveBooksServer.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 50668280
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSLA21EEB9A
*Deregistered* - 50668280
*Deregistered* - aswMBR
*Deregistered* - TmFilter
*Deregistered* - tmlwf
*Deregistered* - tmwfp
*Deregistered* - VSApiNt
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 23:10]
.
2012-08-06 c:\windows\Tasks\Canton Wholesale Bait, LLC 1344265046.job
- c:\program files\Intuit\QuickBooks 2010\AutoBackupEXE.exe [2012-02-04 13:50]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-05 21:31]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-05 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tymunuwe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-InstallShield - c:\users\Administrator\AppData\Local\InstallShield\ggbqdaci.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,3b,1b,6b,28,b4,
0d,29,8c,34,07,8e,8d,2c,46,07,48,eb,48
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,25,
81,36,1c,d9,07,95,c4,13,24,74,4f,24,dd
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,dd,
ca,71,f4,3d,0e,a7,7c,de,65,c3,82,cf,b2
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:af,ab,49,7f,6c,6e,cc,01
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,ef,5e,da,c1,25,33,4d,80,89,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,ef,5e,da,c1,25,33,4d,80,89,3e,\
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.3gp"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="AcroExch.Document"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1783390730-2427153062-1083439002-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Excel.Sheet.12"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(600)
c:\windows\system32\wvauth.DLL
c:\windows\System32\TdmNetworkProvider.dll
.
Completion time: 2012-08-06 16:16:48
ComboFix-quarantined-files.txt 2012-08-06 21:16
ComboFix2.txt 2012-08-06 14:33
.
Pre-Run: 155,589,234,688 bytes free
Post-Run: 155,340,206,080 bytes free
.
- - End Of File - - F2A66DA976B37523278578AFA30859E0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 06 August 2012 - 06:42 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Bing Bar
Java™ 6 Update 26
Java™ 7 Update 2
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 th29

th29
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 07 August 2012 - 10:44 AM

PC is functioning normally.

_________________________________________________________________________________________________



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.07.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: CWBTY [administrator]

8/7/2012 10:33:39 AM
mbam-log-2012-08-07 (10-33-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213632
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



_____________________________________________________________________________________


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:37 AM, on 8/7/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (file missing)
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 07 August 2012 - 04:32 PM

greetings

That is only part of the hijackthis report - can you resend it for me please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 th29

th29
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 07 August 2012 - 04:46 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:37 AM, on 8/7/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (file missing)
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
O4 - HKUS\S-1-5-21-1783390730-2427153062-1083439002-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'QBDataServiceUser20')
O4 - HKUS\S-1-5-21-1783390730-2427153062-1083439002-1001\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler (User 'QBDataServiceUser20')
O4 - HKUS\S-1-5-21-1783390730-2427153062-1083439002-1001\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'QBDataServiceUser20')
O4 - HKUS\S-1-5-21-1783390730-2427153062-1083439002-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'QBDataServiceUser20')
O4 - Startup: WePrint Server.lnk = C:\Program Files\WePrint\WePrint Server.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.tscmaps.com/shared/viewer/mgaxctrl.cab
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: ActiveBooks Agent - Core Technologies Consulting, LLC - C:\Program Files\ActiveBooks\ActiveBooksAgent.exe
O23 - Service: ActiveBooks Server - Core Technologies Consulting, LLC - C:\Program Files\ActiveBooks\ActiveBooksServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB20 - Intuit, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
O23 - Service: NTRU TSS v1.2.1.34 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 11755 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 07 August 2012 - 07:13 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
      O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
      O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
      O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
      O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
      O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
      O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
      O4 - HKUS\S-1-5-21-1783390730-2427153062-1083439002-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'QBDataServiceUser20')
      O4 - HKUS\S-1-5-21-1783390730-2427153062-1083439002-1001\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler (User 'QBDataServiceUser20')
      O4 - HKUS\S-1-5-21-1783390730-2427153062-1083439002-1001\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'QBDataServiceUser20')
      O4 - HKUS\S-1-5-21-1783390730-2427153062-1083439002-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'QBDataServiceUser20')
      O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 th29

th29
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 09 August 2012 - 10:14 AM

Hijack This - Done
ESET Scan - all clear, no viruses

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 AM

Posted 09 August 2012 - 10:24 AM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 th29

th29
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 10 August 2012 - 11:02 AM

Thank you very much for your help.

Defogger - Re-Enabled

ComboFix - Uninstalled

OTCleanit - Done

Paypal Donation - Done (and earned)

Thank You




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users