Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue screens


  • This topic is locked This topic is locked
5 replies to this topic

#1 jlilly88

jlilly88

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 04 August 2012 - 04:49 PM

Long time observer, first time poster.

We were streaming the Olympics and Adobe crashed when watching it. Leaving the computer for an hour, and coming back, I nudged the mouse, and the computer blue-screened. It said something about physical memory.
Starting Windows normally, it took 4x as long to load up, and then blue-screened without hardly any commands being inputted.
Restarting the computer in Safe Mode was fine. After we shut the computer off, we dusted the inside out and tried again in normal mode, but it blue-screened.
So here we are in Safe Mode w/ Networking. What should we do?

Note: Malwarebytes found rootkit.zeroaccess (1 file) and trojan.bho (4 files) in safe mode.

We have DDS logs, but we're running 64 bit, so we didn't download and run Gmer.


DDS Log :

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Owner at 14:47:26 on 2012-08-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6117 [GMT -7:00]
.
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Anti-Virus *Disabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\notepad.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173608109406p03d5v145k4941523o
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173608109406p03d5v145k4941523o
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173608109406p03d5v145k4941523o
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173608109406p03d5v145k4941523o
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
BHO: DeLorme Send To GPS: {fbaad182-3c7a-4bc4-a5e9-207b8e0f02fd} - C:\Program Files (x86)\DeLorme\SendToGPS\PNPluginForIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\978\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Apple Computer] rundll32.exe "C:\Users\Owner\AppData\Local\Apps\Apple Computer\zaumhg.dll",CreateInstance
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2758A0ED-7871-4ABF-B747-8B0A48D88536} : DhcpNameServer = 68.87.76.182 68.87.78.134
TCP: Interfaces\{8E9338F2-1F12-4972-87FD-C90857DE4ECA} : DhcpNameServer = 192.168.1.1
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: DeLorme Send To GPS: {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files (x86)\DeLorme\SendToGPS\PNPluginForIE.dll
BHO-X64: PNBHO - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9xjcyfix.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9xjcyfix.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9xjcyfix.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9xjcyfix.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9xjcyfix.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9xjcyfix.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko8.dll
FF - plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppnplugin.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9xjcyfix.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9xjcyfix.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-18 135664]
S2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-5 240160]
S2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2009-7-13 20992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-22 250056]
S3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\system32\DRIVERS\AVer7231_x64.sys --> C:\Windows\system32\DRIVERS\AVer7231_x64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-18 135664]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-9 113120]
S3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\system32\DRIVERS\rtl819xp.sys --> C:\Windows\system32\DRIVERS\rtl819xp.sys [?]
S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-04 21:22:07 20480 ----a-w- C:\Windows\svchost.exe
2012-08-03 09:25:24 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0808F84F-BD9F-40BC-9EEF-5EC64D519EE6}\mpengine.dll
2012-07-12 03:27:44 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 11:22:13 2004480 ----a-w- C:\Windows\System32\msxml6.dll
.
==================== Find3M ====================
.
2012-08-02 18:40:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 18:40:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-25 19:48:46 60864 ----a-w- C:\Users\Owner\g2mdlhlpx.exe
2012-06-18 17:04:35 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-06-18 17:04:35 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 14:48:29.36 ===============




Attach Log :

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/18/2010 1:40:05 PM
System Uptime: 8/4/2012 2:20:25 PM (0 hours ago)
.
Motherboard: Gateway | | RS780
Processor: AMD Phenom™ II X4 810 Processor | AM2 | 2592/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 756.354 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: kl1
Device ID: ROOT\LEGACY_KL1\0000
Manufacturer:
Name: kl1
PNP Device ID: ROOT\LEGACY_KL1\0000
Service: kl1
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2A700557&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2A700557&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP295: 7/20/2012 9:34:43 AM - Windows Update
RP296: 7/24/2012 2:23:44 AM - Windows Update
RP298: 7/25/2012 3:48:15 PM - Windows Defender Checkpoint
RP299: 7/27/2012 11:36:36 AM - Windows Update
RP300: 7/31/2012 9:13:53 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.0
Apple Application Support
Apple Software Update
Audacity 1.3.12 (Unicode)
B209a-m
Belkin Setup and Router Monitor
Best Buy Software Installer
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
DeLorme Send To GPS 1.2
Destinations
DeviceDiscovery
Diablo III
Diamond Xtreme Audio
eMusic Download Manager 4.1.4
FlipShare
Gateway InfoCentre
Gateway Photo Frame 4.2.3.10
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.3.0.978
GPBaseService2
HiJackThis
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Identity Card
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
Kaspersky Anti-Virus 2010
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Corporation
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nintendo 64
NVIDIA PhysX
Pando Media Booster
PS_AIO_06_B209a-m_SW_Min
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SmartWebPrinting
SolutionCenter
StarCraft II
Status
Super Nintendo
Tax Forms Helper 2011 10.0
Toolbox
TrayApp
TurboGrafx-16
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
VLC media player 1.1.8
WebEx
WebEx Training Manager for Firefox or Chrome
WebReg
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.00 beta 3 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
8/4/2012 2:26:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
8/4/2012 2:26:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/4/2012 2:24:55 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 2:21:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 2:21:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/4/2012 2:21:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/4/2012 2:21:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/4/2012 2:21:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/4/2012 2:21:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache kl1 KLIF spldr Wanarpv6
8/4/2012 2:21:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030c7405). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080412-37440-01.
8/4/2012 2:19:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FlipShare Service service to connect.
8/4/2012 2:19:05 PM, Error: Service Control Manager [7000] - The FlipShare Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/4/2012 2:16:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 12:51:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030b6405). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080412-49483-01.
8/4/2012 12:48:36 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/4/2012 12:45:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000001000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80003112405). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080412-37112-01.
8/4/2012 1:23:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/4/2012 1:23:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/4/2012 1:22:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache kl1 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
8/4/2012 1:22:43 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 1:22:43 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/4/2012 1:22:43 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/4/2012 1:22:43 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 1:22:43 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 1:22:43 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/4/2012 1:22:43 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 1:22:43 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 1:22:43 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/4/2012 1:22:43 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:13 PM

Posted 09 August 2012 - 09:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Open your Task Manger (CTRL+ALT+DEL) STOP THIS PROCESS IN BOLD.

uRun: [Apple Computer] rundll32.exe "C:\Users\Owner\AppData\Local\Apps\Apple Computer\zaumhg.dll",CreateInstance

Delete this file in bold.
C:\Users\Owner\AppData\Local\Apps\Apple Computer\zaumhg.dll

Restart the computer in normal mode if you can.

Using this computer in either mode execute these instructions.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Please post the logs for my review.
Let me know what problem persists.

#3 jlilly88

jlilly88
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 10 August 2012 - 01:30 AM

Hello! I suppose I didn't properly introduce myself on the last post.
I'm Lilly, and you've been an awesome help already. We were able to boot it up in normal mode. It was awesome! I was like, "It's going to have a heart attack," and then the computer was like, "I suffer no more!" >_< Bwaah!

Here are the logs you requested!



TDSS Killer Log :

22:51:04.0019 3044 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:51:04.0545 3044 ============================================================
22:51:04.0545 3044 Current date / time: 2012/08/09 22:51:04.0545
22:51:04.0545 3044 SystemInfo:
22:51:04.0546 3044
22:51:04.0546 3044 OS Version: 6.1.7601 ServicePack: 1.0
22:51:04.0546 3044 Product type: Workstation
22:51:04.0546 3044 ComputerName: OWNER-PC
22:51:04.0546 3044 UserName: Owner
22:51:04.0546 3044 Windows directory: C:\Windows
22:51:04.0546 3044 System windows directory: C:\Windows
22:51:04.0546 3044 Running under WOW64
22:51:04.0547 3044 Processor architecture: Intel x64
22:51:04.0547 3044 Number of processors: 4
22:51:04.0547 3044 Page size: 0x1000
22:51:04.0547 3044 Boot type: Normal boot
22:51:04.0547 3044 ============================================================
22:51:07.0755 3044 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:51:07.0802 3044 Drive \Device\Harddisk7\DR7 - Size: 0xF5000000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:51:07.0804 3044 ============================================================
22:51:07.0804 3044 \Device\Harddisk0\DR0:
22:51:07.0805 3044 MBR partitions:
22:51:07.0805 3044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
22:51:07.0805 3044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x72ED3800
22:51:07.0805 3044 \Device\Harddisk7\DR7:
22:51:07.0806 3044 MBR partitions:
22:51:07.0806 3044 \Device\Harddisk7\DR7\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x7A6000
22:51:07.0806 3044 ============================================================
22:51:07.0848 3044 C: <-> \Device\Harddisk0\DR0\Partition1
22:51:07.0848 3044 ============================================================
22:51:07.0848 3044 Initialize success
22:51:07.0848 3044 ============================================================
22:51:23.0185 4196 ============================================================
22:51:23.0185 4196 Scan started
22:51:23.0185 4196 Mode: Manual;
22:51:23.0185 4196 ============================================================
22:51:24.0890 4196 Scan interrupted by user!
22:51:24.0890 4196 Scan interrupted by user!
22:51:24.0890 4196 Scan interrupted by user!
22:51:24.0890 4196 ============================================================
22:51:24.0890 4196 Scan finished
22:51:24.0890 4196 ============================================================
22:51:24.0914 4408 Detected object count: 0
22:51:24.0914 4408 Actual detected object count: 0
22:52:13.0084 3804 ============================================================
22:52:13.0084 3804 Scan started
22:52:13.0084 3804 Mode: Manual;
22:52:13.0084 3804 ============================================================
22:52:13.0753 3804 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:52:13.0756 3804 1394ohci - ok
22:52:13.0789 3804 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:52:13.0794 3804 ACPI - ok
22:52:13.0820 3804 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:52:13.0822 3804 AcpiPmi - ok
22:52:13.0937 3804 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:52:13.0941 3804 AdobeFlashPlayerUpdateSvc - ok
22:52:14.0002 3804 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:52:14.0017 3804 adp94xx - ok
22:52:14.0039 3804 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:52:14.0044 3804 adpahci - ok
22:52:14.0056 3804 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:52:14.0059 3804 adpu320 - ok
22:52:14.0097 3804 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:52:14.0099 3804 AeLookupSvc - ok
22:52:14.0159 3804 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:52:14.0177 3804 AFD - ok
22:52:14.0283 3804 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
22:52:14.0292 3804 AffinegyService - ok
22:52:14.0326 3804 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:52:14.0328 3804 agp440 - ok
22:52:14.0350 3804 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:52:14.0352 3804 ALG - ok
22:52:14.0366 3804 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:52:14.0367 3804 aliide - ok
22:52:14.0413 3804 AMD External Events Utility (d0d8877969011d1b0ed9c3c55a9a9108) C:\Windows\system32\atiesrxx.exe
22:52:14.0417 3804 AMD External Events Utility - ok
22:52:14.0424 3804 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:52:14.0426 3804 amdide - ok
22:52:14.0449 3804 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:52:14.0450 3804 AmdK8 - ok
22:52:14.0468 3804 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:52:14.0469 3804 AmdPPM - ok
22:52:14.0499 3804 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:52:14.0501 3804 amdsata - ok
22:52:14.0529 3804 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:52:14.0532 3804 amdsbs - ok
22:52:14.0548 3804 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:52:14.0549 3804 amdxata - ok
22:52:14.0588 3804 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:52:14.0591 3804 AppID - ok
22:52:14.0607 3804 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:52:14.0609 3804 AppIDSvc - ok
22:52:14.0647 3804 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:52:14.0650 3804 Appinfo - ok
22:52:14.0761 3804 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:52:14.0765 3804 Apple Mobile Device - ok
22:52:14.0777 3804 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:52:14.0780 3804 arc - ok
22:52:14.0791 3804 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:52:14.0794 3804 arcsas - ok
22:52:14.0844 3804 aspnet_state - ok
22:52:14.0864 3804 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:52:14.0865 3804 AsyncMac - ok
22:52:14.0874 3804 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:52:14.0875 3804 atapi - ok
22:52:14.0938 3804 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
22:52:14.0939 3804 AtiHdmiService - ok
22:52:15.0213 3804 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
22:52:15.0325 3804 atikmdag - ok
22:52:15.0432 3804 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:52:15.0433 3804 AtiPcie - ok
22:52:15.0508 3804 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:52:15.0527 3804 AudioEndpointBuilder - ok
22:52:15.0534 3804 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:52:15.0539 3804 AudioSrv - ok
22:52:15.0636 3804 AVer7231_x64 (23d28c00264e6540054750e55a210e99) C:\Windows\system32\DRIVERS\AVer7231_x64.sys
22:52:15.0657 3804 AVer7231_x64 - ok
22:52:15.0782 3804 AVP (df9586377384df3808d42090242cc23b) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
22:52:15.0788 3804 AVP - ok
22:52:15.0945 3804 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:52:15.0949 3804 AxInstSV - ok
22:52:16.0012 3804 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:52:16.0027 3804 b06bdrv - ok
22:52:16.0059 3804 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:52:16.0066 3804 b57nd60a - ok
22:52:16.0095 3804 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:52:16.0097 3804 BDESVC - ok
22:52:16.0131 3804 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:52:16.0132 3804 Beep - ok
22:52:16.0214 3804 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:52:16.0232 3804 BFE - ok
22:52:16.0320 3804 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
22:52:16.0342 3804 BITS - ok
22:52:16.0361 3804 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:52:16.0362 3804 blbdrive - ok
22:52:16.0475 3804 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
22:52:16.0480 3804 Bonjour Service - ok
22:52:16.0520 3804 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:52:16.0523 3804 bowser - ok
22:52:16.0548 3804 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:52:16.0550 3804 BrFiltLo - ok
22:52:16.0567 3804 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:52:16.0569 3804 BrFiltUp - ok
22:52:16.0604 3804 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:52:16.0607 3804 Browser - ok
22:52:16.0629 3804 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:52:16.0634 3804 Brserid - ok
22:52:16.0647 3804 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:52:16.0649 3804 BrSerWdm - ok
22:52:16.0671 3804 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:52:16.0672 3804 BrUsbMdm - ok
22:52:16.0690 3804 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:52:16.0692 3804 BrUsbSer - ok
22:52:16.0699 3804 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:52:16.0700 3804 BTHMODEM - ok
22:52:16.0727 3804 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:52:16.0729 3804 bthserv - ok
22:52:16.0756 3804 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:52:16.0758 3804 cdfs - ok
22:52:16.0821 3804 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:52:16.0825 3804 cdrom - ok
22:52:16.0876 3804 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:52:16.0878 3804 CertPropSvc - ok
22:52:16.0903 3804 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:52:16.0904 3804 circlass - ok
22:52:16.0948 3804 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:52:16.0969 3804 CLFS - ok
22:52:17.0075 3804 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:52:17.0078 3804 clr_optimization_v2.0.50727_32 - ok
22:52:17.0118 3804 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:52:17.0123 3804 clr_optimization_v2.0.50727_64 - ok
22:52:17.0202 3804 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:52:17.0218 3804 clr_optimization_v4.0.30319_32 - ok
22:52:17.0259 3804 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:52:17.0263 3804 clr_optimization_v4.0.30319_64 - ok
22:52:17.0305 3804 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:52:17.0307 3804 CmBatt - ok
22:52:17.0346 3804 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:52:17.0348 3804 cmdide - ok
22:52:17.0467 3804 cmuda3 (43708e86509b7a443316af7f81a80550) C:\Windows\system32\drivers\cmudax3.sys
22:52:17.0495 3804 cmuda3 - ok
22:52:17.0569 3804 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
22:52:17.0579 3804 CNG - ok
22:52:17.0594 3804 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:52:17.0597 3804 Compbatt - ok
22:52:17.0650 3804 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:52:17.0652 3804 CompositeBus - ok
22:52:17.0667 3804 COMSysApp - ok
22:52:17.0702 3804 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:52:17.0703 3804 crcdisk - ok
22:52:17.0761 3804 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
22:52:17.0766 3804 CryptSvc - ok
22:52:17.0833 3804 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:52:17.0848 3804 DcomLaunch - ok
22:52:17.0897 3804 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:52:17.0905 3804 defragsvc - ok
22:52:17.0948 3804 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:52:17.0951 3804 DfsC - ok
22:52:17.0998 3804 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:52:18.0009 3804 Dhcp - ok
22:52:18.0032 3804 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:52:18.0034 3804 discache - ok
22:52:18.0079 3804 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:52:18.0081 3804 Disk - ok
22:52:18.0121 3804 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:52:18.0127 3804 Dnscache - ok
22:52:18.0173 3804 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:52:18.0180 3804 dot3svc - ok
22:52:18.0234 3804 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
22:52:18.0238 3804 Dot4 - ok
22:52:18.0290 3804 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
22:52:18.0292 3804 Dot4Print - ok
22:52:18.0304 3804 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
22:52:18.0306 3804 dot4usb - ok
22:52:18.0345 3804 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:52:18.0350 3804 DPS - ok
22:52:18.0375 3804 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:52:18.0376 3804 drmkaud - ok
22:52:18.0465 3804 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:52:18.0474 3804 DXGKrnl - ok
22:52:18.0516 3804 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:52:18.0519 3804 EapHost - ok
22:52:18.0666 3804 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:52:18.0752 3804 ebdrv - ok
22:52:18.0873 3804 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:52:18.0877 3804 EFS - ok
22:52:18.0949 3804 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:52:18.0961 3804 ehRecvr - ok
22:52:18.0996 3804 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:52:18.0998 3804 ehSched - ok
22:52:19.0067 3804 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:52:19.0091 3804 elxstor - ok
22:52:19.0124 3804 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:52:19.0126 3804 ErrDev - ok
22:52:19.0189 3804 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:52:19.0207 3804 EventSystem - ok
22:52:19.0262 3804 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:52:19.0267 3804 exfat - ok
22:52:19.0295 3804 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:52:19.0300 3804 fastfat - ok
22:52:19.0385 3804 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:52:19.0400 3804 Fax - ok
22:52:19.0413 3804 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:52:19.0415 3804 fdc - ok
22:52:19.0429 3804 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:52:19.0431 3804 fdPHost - ok
22:52:19.0443 3804 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:52:19.0445 3804 FDResPub - ok
22:52:19.0465 3804 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:52:19.0466 3804 FileInfo - ok
22:52:19.0477 3804 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:52:19.0478 3804 Filetrace - ok
22:52:19.0614 3804 FlipShare Service (0b9167adfe8e42b6b4c5e929bfbc7080) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
22:52:19.0621 3804 FlipShare Service - ok
22:52:19.0635 3804 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:52:19.0637 3804 flpydisk - ok
22:52:19.0678 3804 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:52:19.0682 3804 FltMgr - ok
22:52:19.0781 3804 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:52:19.0810 3804 FontCache - ok
22:52:19.0875 3804 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:52:19.0878 3804 FontCache3.0.0.0 - ok
22:52:19.0915 3804 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:52:19.0917 3804 FsDepends - ok
22:52:19.0952 3804 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:52:19.0952 3804 Fs_Rec - ok
22:52:20.0010 3804 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:52:20.0015 3804 fvevol - ok
22:52:20.0046 3804 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:52:20.0049 3804 gagp30kx - ok
22:52:20.0080 3804 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:52:20.0081 3804 GEARAspiWDM - ok
22:52:20.0151 3804 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:52:20.0172 3804 gpsvc - ok
22:52:20.0294 3804 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
22:52:20.0304 3804 Greg_Service - ok
22:52:20.0366 3804 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:52:20.0369 3804 gupdate - ok
22:52:20.0398 3804 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:52:20.0400 3804 gupdatem - ok
22:52:20.0433 3804 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:52:20.0436 3804 gusvc - ok
22:52:20.0537 3804 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:52:20.0539 3804 hcw85cir - ok
22:52:20.0594 3804 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:52:20.0614 3804 HdAudAddService - ok
22:52:20.0648 3804 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:52:20.0652 3804 HDAudBus - ok
22:52:20.0670 3804 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:52:20.0672 3804 HidBatt - ok
22:52:20.0697 3804 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:52:20.0701 3804 HidBth - ok
22:52:20.0710 3804 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:52:20.0713 3804 HidIr - ok
22:52:20.0760 3804 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:52:20.0764 3804 hidserv - ok
22:52:20.0808 3804 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
22:52:20.0810 3804 HidUsb - ok
22:52:20.0846 3804 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:52:20.0851 3804 hkmsvc - ok
22:52:20.0895 3804 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:52:20.0903 3804 HomeGroupListener - ok
22:52:20.0945 3804 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:52:20.0949 3804 HomeGroupProvider - ok
22:52:21.0075 3804 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:52:21.0080 3804 hpqcxs08 - ok
22:52:21.0115 3804 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:52:21.0117 3804 hpqddsvc - ok
22:52:21.0144 3804 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:52:21.0146 3804 HpSAMD - ok
22:52:21.0246 3804 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:52:21.0263 3804 HPSLPSVC - ok
22:52:21.0324 3804 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:52:21.0345 3804 HTTP - ok
22:52:21.0393 3804 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:52:21.0395 3804 hwpolicy - ok
22:52:21.0439 3804 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:52:21.0443 3804 i8042prt - ok
22:52:21.0488 3804 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:52:21.0506 3804 iaStorV - ok
22:52:21.0653 3804 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:52:21.0676 3804 idsvc - ok
22:52:21.0715 3804 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:52:21.0716 3804 iirsp - ok
22:52:21.0796 3804 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:52:21.0807 3804 IKEEXT - ok
22:52:21.0909 3804 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
22:52:21.0920 3804 IntcAzAudAddService - ok
22:52:22.0037 3804 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:52:22.0039 3804 intelide - ok
22:52:22.0072 3804 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:52:22.0075 3804 intelppm - ok
22:52:22.0109 3804 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:52:22.0114 3804 IPBusEnum - ok
22:52:22.0160 3804 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:52:22.0163 3804 IpFilterDriver - ok
22:52:22.0235 3804 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:52:22.0260 3804 iphlpsvc - ok
22:52:22.0305 3804 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:52:22.0309 3804 IPMIDRV - ok
22:52:22.0336 3804 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:52:22.0339 3804 IPNAT - ok
22:52:22.0443 3804 iPod Service (3151d878bb16307ef2cf4cda2463d15e) C:\Program Files\iPod\bin\iPodService.exe
22:52:22.0458 3804 iPod Service - ok
22:52:22.0477 3804 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:52:22.0478 3804 IRENUM - ok
22:52:22.0486 3804 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:52:22.0487 3804 isapnp - ok
22:52:22.0526 3804 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:52:22.0530 3804 iScsiPrt - ok
22:52:22.0546 3804 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:52:22.0546 3804 kbdclass - ok
22:52:22.0578 3804 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:52:22.0581 3804 kbdhid - ok
22:52:22.0618 3804 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:52:22.0620 3804 KeyIso - ok
22:52:22.0687 3804 kl1 (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
22:52:22.0690 3804 kl1 - ok
22:52:22.0732 3804 KLBG (87200a8afe40532baa4d2b24a7ba0eea) C:\Windows\system32\DRIVERS\klbg.sys
22:52:22.0733 3804 KLBG - ok
22:52:22.0787 3804 KLIF (09bad645d3843669c281431c7df2db2e) C:\Windows\system32\DRIVERS\klif.sys
22:52:22.0792 3804 KLIF - ok
22:52:22.0822 3804 KLIM6 (630f22545379437737cf4172f09fe449) C:\Windows\system32\DRIVERS\klim6.sys
22:52:22.0823 3804 KLIM6 - ok
22:52:22.0835 3804 klmouflt (786791291939abb11f6d0f040da23912) C:\Windows\system32\DRIVERS\klmouflt.sys
22:52:22.0836 3804 klmouflt - ok
22:52:22.0870 3804 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
22:52:22.0872 3804 KSecDD - ok
22:52:22.0903 3804 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
22:52:22.0906 3804 KSecPkg - ok
22:52:22.0923 3804 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:52:22.0925 3804 ksthunk - ok
22:52:22.0980 3804 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:52:22.0990 3804 KtmRm - ok
22:52:23.0042 3804 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:52:23.0048 3804 LanmanServer - ok
22:52:23.0100 3804 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:52:23.0108 3804 LanmanWorkstation - ok
22:52:23.0161 3804 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:52:23.0163 3804 lltdio - ok
22:52:23.0213 3804 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:52:23.0225 3804 lltdsvc - ok
22:52:23.0249 3804 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:52:23.0253 3804 lmhosts - ok
22:52:23.0284 3804 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:52:23.0288 3804 LSI_FC - ok
22:52:23.0301 3804 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:52:23.0305 3804 LSI_SAS - ok
22:52:23.0330 3804 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:52:23.0333 3804 LSI_SAS2 - ok
22:52:23.0346 3804 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:52:23.0350 3804 LSI_SCSI - ok
22:52:23.0379 3804 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:52:23.0381 3804 luafv - ok
22:52:23.0418 3804 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:52:23.0423 3804 Mcx2Svc - ok
22:52:23.0444 3804 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:52:23.0446 3804 megasas - ok
22:52:23.0469 3804 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:52:23.0476 3804 MegaSR - ok
22:52:23.0500 3804 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:52:23.0503 3804 MMCSS - ok
22:52:23.0522 3804 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:52:23.0524 3804 Modem - ok
22:52:23.0544 3804 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:52:23.0545 3804 monitor - ok
22:52:23.0572 3804 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
22:52:23.0573 3804 motandroidusb - ok
22:52:23.0605 3804 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:52:23.0606 3804 mouclass - ok
22:52:23.0634 3804 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:52:23.0635 3804 mouhid - ok
22:52:23.0695 3804 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:52:23.0698 3804 mountmgr - ok
22:52:23.0801 3804 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:52:23.0805 3804 MozillaMaintenance - ok
22:52:23.0850 3804 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:52:23.0855 3804 mpio - ok
22:52:23.0870 3804 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:52:23.0873 3804 mpsdrv - ok
22:52:23.0951 3804 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:52:23.0972 3804 MpsSvc - ok
22:52:24.0012 3804 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:52:24.0015 3804 MRxDAV - ok
22:52:24.0049 3804 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:52:24.0052 3804 mrxsmb - ok
22:52:24.0092 3804 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:52:24.0097 3804 mrxsmb10 - ok
22:52:24.0112 3804 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:52:24.0115 3804 mrxsmb20 - ok
22:52:24.0129 3804 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:52:24.0131 3804 msahci - ok
22:52:24.0202 3804 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
22:52:24.0206 3804 MSCamSvc - ok
22:52:24.0250 3804 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:52:24.0254 3804 msdsm - ok
22:52:24.0297 3804 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:52:24.0304 3804 MSDTC - ok
22:52:24.0339 3804 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:52:24.0341 3804 Msfs - ok
22:52:24.0360 3804 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:52:24.0361 3804 mshidkmdf - ok
22:52:24.0382 3804 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:52:24.0383 3804 msisadrv - ok
22:52:24.0428 3804 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:52:24.0432 3804 MSiSCSI - ok
22:52:24.0436 3804 msiserver - ok
22:52:24.0468 3804 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:52:24.0469 3804 MSKSSRV - ok
22:52:24.0496 3804 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:52:24.0498 3804 MSPCLOCK - ok
22:52:24.0512 3804 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:52:24.0514 3804 MSPQM - ok
22:52:24.0564 3804 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:52:24.0584 3804 MsRPC - ok
22:52:24.0600 3804 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:52:24.0602 3804 mssmbios - ok
22:52:24.0630 3804 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:52:24.0631 3804 MSTEE - ok
22:52:24.0639 3804 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:52:24.0640 3804 MTConfig - ok
22:52:24.0669 3804 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:52:24.0670 3804 Mup - ok
22:52:24.0732 3804 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:52:24.0780 3804 napagent - ok
22:52:24.0851 3804 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:52:24.0858 3804 NativeWifiP - ok
22:52:24.0924 3804 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:52:24.0938 3804 NDIS - ok
22:52:24.0963 3804 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:52:24.0965 3804 NdisCap - ok
22:52:24.0995 3804 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:52:24.0996 3804 NdisTapi - ok
22:52:25.0029 3804 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:52:25.0031 3804 Ndisuio - ok
22:52:25.0074 3804 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:52:25.0077 3804 NdisWan - ok
22:52:25.0105 3804 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:52:25.0107 3804 NDProxy - ok
22:52:25.0153 3804 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
22:52:25.0156 3804 Net Driver HPZ12 - ok
22:52:25.0173 3804 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:52:25.0174 3804 NetBIOS - ok
22:52:25.0216 3804 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:52:25.0222 3804 NetBT - ok
22:52:25.0262 3804 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:52:25.0266 3804 Netlogon - ok
22:52:25.0329 3804 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:52:25.0349 3804 Netman - ok
22:52:25.0389 3804 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:52:25.0405 3804 netprofm - ok
22:52:25.0495 3804 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:52:25.0499 3804 NetTcpPortSharing - ok
22:52:25.0544 3804 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:52:25.0546 3804 nfrd960 - ok
22:52:25.0597 3804 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:52:25.0603 3804 NlaSvc - ok
22:52:25.0609 3804 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:52:25.0611 3804 Npfs - ok
22:52:25.0621 3804 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:52:25.0624 3804 nsi - ok
22:52:25.0644 3804 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:52:25.0645 3804 nsiproxy - ok
22:52:25.0762 3804 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:52:25.0789 3804 Ntfs - ok
22:52:25.0893 3804 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:52:25.0895 3804 Null - ok
22:52:25.0955 3804 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:52:25.0960 3804 nvraid - ok
22:52:26.0023 3804 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:52:26.0028 3804 nvstor - ok
22:52:26.0051 3804 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:52:26.0055 3804 nv_agp - ok
22:52:26.0148 3804 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:52:26.0165 3804 odserv - ok
22:52:26.0224 3804 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:52:26.0227 3804 ohci1394 - ok
22:52:26.0284 3804 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:52:26.0289 3804 ose - ok
22:52:26.0349 3804 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:52:26.0360 3804 p2pimsvc - ok
22:52:26.0402 3804 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:52:26.0419 3804 p2psvc - ok
22:52:26.0437 3804 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:52:26.0440 3804 Parport - ok
22:52:26.0479 3804 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:52:26.0481 3804 partmgr - ok
22:52:26.0509 3804 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:52:26.0517 3804 PcaSvc - ok
22:52:26.0542 3804 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:52:26.0547 3804 pci - ok
22:52:26.0563 3804 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:52:26.0565 3804 pciide - ok
22:52:26.0596 3804 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:52:26.0602 3804 pcmcia - ok
22:52:26.0625 3804 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:52:26.0627 3804 pcw - ok
22:52:26.0678 3804 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:52:26.0708 3804 PEAUTH - ok
22:52:26.0788 3804 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:52:26.0792 3804 PerfHost - ok
22:52:26.0918 3804 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:52:26.0945 3804 pla - ok
22:52:27.0077 3804 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:52:27.0091 3804 PlugPlay - ok
22:52:27.0138 3804 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
22:52:27.0142 3804 Pml Driver HPZ12 - ok
22:52:27.0180 3804 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:52:27.0185 3804 PNRPAutoReg - ok
22:52:27.0227 3804 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:52:27.0235 3804 PNRPsvc - ok
22:52:27.0282 3804 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:52:27.0308 3804 PolicyAgent - ok
22:52:27.0332 3804 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:52:27.0341 3804 Power - ok
22:52:27.0404 3804 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:52:27.0407 3804 PptpMiniport - ok
22:52:27.0434 3804 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:52:27.0437 3804 Processor - ok
22:52:27.0481 3804 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
22:52:27.0490 3804 ProfSvc - ok
22:52:27.0529 3804 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:52:27.0533 3804 ProtectedStorage - ok
22:52:27.0570 3804 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:52:27.0573 3804 Psched - ok
22:52:27.0629 3804 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
22:52:27.0631 3804 PxHlpa64 - ok
22:52:27.0731 3804 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:52:27.0752 3804 ql2300 - ok
22:52:27.0850 3804 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:52:27.0855 3804 ql40xx - ok
22:52:27.0893 3804 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:52:27.0902 3804 QWAVE - ok
22:52:27.0920 3804 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:52:27.0921 3804 QWAVEdrv - ok
22:52:27.0939 3804 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:52:27.0940 3804 RasAcd - ok
22:52:27.0962 3804 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:52:27.0963 3804 RasAgileVpn - ok
22:52:27.0995 3804 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:52:27.0999 3804 RasAuto - ok
22:52:28.0032 3804 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:52:28.0034 3804 Rasl2tp - ok
22:52:28.0080 3804 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:52:28.0091 3804 RasMan - ok
22:52:28.0116 3804 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:52:28.0118 3804 RasPppoe - ok
22:52:28.0133 3804 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:52:28.0135 3804 RasSstp - ok
22:52:28.0181 3804 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:52:28.0187 3804 rdbss - ok
22:52:28.0200 3804 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:52:28.0202 3804 rdpbus - ok
22:52:28.0230 3804 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:52:28.0231 3804 RDPCDD - ok
22:52:28.0257 3804 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:52:28.0258 3804 RDPENCDD - ok
22:52:28.0268 3804 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:52:28.0269 3804 RDPREFMP - ok
22:52:28.0304 3804 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
22:52:28.0307 3804 RDPWD - ok
22:52:28.0357 3804 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:52:28.0362 3804 rdyboost - ok
22:52:28.0392 3804 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:52:28.0397 3804 RemoteAccess - ok
22:52:28.0424 3804 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:52:28.0431 3804 RemoteRegistry - ok
22:52:28.0460 3804 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:52:28.0466 3804 RpcEptMapper - ok
22:52:28.0496 3804 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:52:28.0499 3804 RpcLocator - ok
22:52:28.0567 3804 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:52:28.0578 3804 RpcSs - ok
22:52:28.0593 3804 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:52:28.0595 3804 rspndr - ok
22:52:28.0672 3804 rtl819xp (20b6f5d595fbb4c15ad4815187ac4a82) C:\Windows\system32\DRIVERS\rtl819xp.sys
22:52:28.0696 3804 rtl819xp - ok
22:52:28.0729 3804 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:52:28.0731 3804 SamSs - ok
22:52:28.0769 3804 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:52:28.0772 3804 sbp2port - ok
22:52:28.0805 3804 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:52:28.0810 3804 SCardSvr - ok
22:52:28.0864 3804 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:52:28.0867 3804 scfilter - ok
22:52:28.0957 3804 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:52:28.0981 3804 Schedule - ok
22:52:29.0021 3804 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:52:29.0022 3804 SCPolicySvc - ok
22:52:29.0058 3804 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:52:29.0063 3804 SDRSVC - ok
22:52:29.0113 3804 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:52:29.0114 3804 secdrv - ok
22:52:29.0144 3804 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:52:29.0149 3804 seclogon - ok
22:52:29.0177 3804 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:52:29.0183 3804 SENS - ok
22:52:29.0209 3804 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:52:29.0214 3804 SensrSvc - ok
22:52:29.0230 3804 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:52:29.0232 3804 Serenum - ok
22:52:29.0273 3804 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:52:29.0277 3804 Serial - ok
22:52:29.0294 3804 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:52:29.0297 3804 sermouse - ok
22:52:29.0352 3804 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:52:29.0359 3804 SessionEnv - ok
22:52:29.0398 3804 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:52:29.0400 3804 sffdisk - ok
22:52:29.0421 3804 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:52:29.0423 3804 sffp_mmc - ok
22:52:29.0430 3804 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:52:29.0432 3804 sffp_sd - ok
22:52:29.0449 3804 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:52:29.0450 3804 sfloppy - ok
22:52:29.0489 3804 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:52:29.0494 3804 SharedAccess - ok
22:52:29.0537 3804 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:52:29.0552 3804 ShellHWDetection - ok
22:52:29.0565 3804 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:52:29.0568 3804 SiSRaid2 - ok
22:52:29.0576 3804 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:52:29.0578 3804 SiSRaid4 - ok
22:52:29.0590 3804 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:52:29.0592 3804 Smb - ok
22:52:29.0624 3804 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:52:29.0626 3804 SNMPTRAP - ok
22:52:29.0645 3804 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:52:29.0646 3804 spldr - ok
22:52:29.0692 3804 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:52:29.0705 3804 Spooler - ok
22:52:29.0923 3804 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:52:29.0945 3804 sppsvc - ok
22:52:30.0027 3804 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:52:30.0029 3804 sppuinotify - ok
22:52:30.0085 3804 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:52:30.0104 3804 srv - ok
22:52:30.0164 3804 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:52:30.0182 3804 srv2 - ok
22:52:30.0230 3804 SrvHsfPCI (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS
22:52:30.0248 3804 SrvHsfPCI - ok
22:52:30.0350 3804 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:52:30.0379 3804 SrvHsfV92 - ok
22:52:30.0479 3804 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:52:30.0490 3804 SrvHsfWinac - ok
22:52:30.0507 3804 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:52:30.0509 3804 srvnet - ok
22:52:30.0543 3804 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:52:30.0546 3804 SSDPSRV - ok
22:52:30.0561 3804 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:52:30.0563 3804 SstpSvc - ok
22:52:30.0581 3804 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:52:30.0582 3804 stexstor - ok
22:52:30.0657 3804 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:52:30.0679 3804 stisvc - ok
22:52:30.0737 3804 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:52:30.0738 3804 swenum - ok
22:52:30.0795 3804 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:52:30.0832 3804 swprv - ok
22:52:30.0998 3804 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:52:31.0048 3804 SysMain - ok
22:52:31.0167 3804 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:52:31.0174 3804 TabletInputService - ok
22:52:31.0225 3804 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:52:31.0246 3804 TapiSrv - ok
22:52:31.0285 3804 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:52:31.0291 3804 TBS - ok
22:52:31.0412 3804 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:52:31.0441 3804 Tcpip - ok
22:52:31.0607 3804 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:52:31.0621 3804 TCPIP6 - ok
22:52:31.0683 3804 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:52:31.0684 3804 tcpipreg - ok
22:52:31.0708 3804 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:52:31.0710 3804 TDPIPE - ok
22:52:31.0752 3804 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:52:31.0755 3804 TDTCP - ok
22:52:31.0805 3804 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:52:31.0809 3804 tdx - ok
22:52:31.0846 3804 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:52:31.0848 3804 TermDD - ok
22:52:31.0927 3804 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:52:31.0942 3804 TermService - ok
22:52:31.0959 3804 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:52:31.0962 3804 Themes - ok
22:52:32.0001 3804 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:52:32.0005 3804 THREADORDER - ok
22:52:32.0031 3804 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:52:32.0038 3804 TrkWks - ok
22:52:32.0094 3804 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:52:32.0097 3804 TrustedInstaller - ok
22:52:32.0138 3804 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:52:32.0140 3804 tssecsrv - ok
22:52:32.0180 3804 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:52:32.0183 3804 TsUsbFlt - ok
22:52:32.0247 3804 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:52:32.0251 3804 tunnel - ok
22:52:32.0268 3804 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:52:32.0272 3804 uagp35 - ok
22:52:32.0313 3804 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:52:32.0321 3804 udfs - ok
22:52:32.0355 3804 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:52:32.0361 3804 UI0Detect - ok
22:52:32.0402 3804 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:52:32.0405 3804 uliagpkx - ok
22:52:32.0453 3804 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:52:32.0455 3804 umbus - ok
22:52:32.0475 3804 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:52:32.0477 3804 UmPass - ok
22:52:32.0567 3804 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
22:52:32.0571 3804 Updater Service - ok
22:52:32.0612 3804 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:52:32.0632 3804 upnphost - ok
22:52:32.0687 3804 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
22:52:32.0690 3804 USBAAPL64 - ok
22:52:32.0740 3804 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:52:32.0744 3804 usbaudio - ok
22:52:32.0763 3804 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:52:32.0767 3804 usbccgp - ok
22:52:32.0808 3804 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:52:32.0811 3804 usbcir - ok
22:52:32.0834 3804 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:52:32.0837 3804 usbehci - ok
22:52:32.0889 3804 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:52:32.0899 3804 usbhub - ok
22:52:32.0935 3804 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
22:52:32.0937 3804 usbohci - ok
22:52:32.0995 3804 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:52:32.0997 3804 usbprint - ok
22:52:33.0040 3804 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:52:33.0042 3804 usbscan - ok
22:52:33.0069 3804 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:52:33.0073 3804 USBSTOR - ok
22:52:33.0090 3804 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:52:33.0092 3804 usbuhci - ok
22:52:33.0138 3804 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:52:33.0144 3804 UxSms - ok
22:52:33.0184 3804 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:52:33.0185 3804 VaultSvc - ok
22:52:33.0216 3804 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:52:33.0217 3804 vdrvroot - ok
22:52:33.0280 3804 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:52:33.0304 3804 vds - ok
22:52:33.0330 3804 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:52:33.0332 3804 vga - ok
22:52:33.0361 3804 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:52:33.0363 3804 VgaSave - ok
22:52:33.0409 3804 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:52:33.0415 3804 vhdmp - ok
22:52:33.0452 3804 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:52:33.0454 3804 viaide - ok
22:52:33.0478 3804 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:52:33.0480 3804 volmgr - ok
22:52:33.0532 3804 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:52:33.0540 3804 volmgrx - ok
22:52:33.0575 3804 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:52:33.0579 3804 volsnap - ok
22:52:33.0614 3804 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:52:33.0617 3804 vsmraid - ok
22:52:33.0726 3804 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:52:33.0754 3804 VSS - ok
22:52:33.0848 3804 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:52:33.0850 3804 vwifibus - ok
22:52:33.0906 3804 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:52:33.0909 3804 vwififlt - ok
22:52:33.0951 3804 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:52:33.0953 3804 vwifimp - ok
22:52:34.0128 3804 VX1000 (ce6c085771812d5ee863cc7ef93caef2) C:\Windows\system32\DRIVERS\VX1000.sys
22:52:34.0161 3804 VX1000 - ok
22:52:34.0257 3804 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:52:34.0278 3804 W32Time - ok
22:52:34.0300 3804 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:52:34.0303 3804 WacomPen - ok
22:52:34.0353 3804 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:52:34.0355 3804 WANARP - ok
22:52:34.0369 3804 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:52:34.0372 3804 Wanarpv6 - ok
22:52:34.0469 3804 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:52:34.0496 3804 WatAdminSvc - ok
22:52:34.0589 3804 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:52:34.0620 3804 wbengine - ok
22:52:34.0665 3804 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:52:34.0669 3804 WbioSrvc - ok
22:52:34.0713 3804 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:52:34.0734 3804 wcncsvc - ok
22:52:34.0757 3804 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:52:34.0763 3804 WcsPlugInService - ok
22:52:34.0789 3804 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:52:34.0791 3804 Wd - ok
22:52:34.0852 3804 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:52:34.0866 3804 Wdf01000 - ok
22:52:34.0884 3804 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:52:34.0887 3804 WdiServiceHost - ok
22:52:34.0891 3804 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:52:34.0893 3804 WdiSystemHost - ok
22:52:34.0935 3804 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:52:34.0948 3804 WebClient - ok
22:52:34.0961 3804 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:52:34.0967 3804 Wecsvc - ok
22:52:34.0987 3804 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:52:34.0990 3804 wercplsupport - ok
22:52:35.0007 3804 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:52:35.0010 3804 WerSvc - ok
22:52:35.0036 3804 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:52:35.0037 3804 WfpLwf - ok
22:52:35.0050 3804 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:52:35.0051 3804 WIMMount - ok
22:52:35.0105 3804 WinDefend - ok
22:52:35.0112 3804 WinHttpAutoProxySvc - ok
22:52:35.0161 3804 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:52:35.0167 3804 Winmgmt - ok
22:52:35.0289 3804 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:52:35.0322 3804 WinRM - ok
22:52:35.0428 3804 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:52:35.0431 3804 WinUsb - ok
22:52:35.0515 3804 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:52:35.0549 3804 Wlansvc - ok
22:52:35.0571 3804 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:52:35.0572 3804 WmiAcpi - ok
22:52:35.0600 3804 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:52:35.0604 3804 wmiApSrv - ok
22:52:35.0616 3804 WMPNetworkSvc - ok
22:52:35.0631 3804 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:52:35.0635 3804 WPCSvc - ok
22:52:35.0672 3804 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:52:35.0677 3804 WPDBusEnum - ok
22:52:35.0717 3804 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:52:35.0719 3804 ws2ifsl - ok
22:52:35.0757 3804 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
22:52:35.0765 3804 wscsvc - ok
22:52:35.0772 3804 WSearch - ok
22:52:36.0229 3804 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:52:36.0282 3804 wuauserv - ok
22:52:36.0512 3804 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:52:36.0514 3804 WudfPf - ok
22:52:36.0588 3804 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:52:36.0592 3804 WUDFRd - ok
22:52:36.0633 3804 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:52:36.0636 3804 wudfsvc - ok
22:52:36.0725 3804 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:52:36.0735 3804 WwanSvc - ok
22:52:36.0824 3804 yksvc (ad4617b499f900ebb56b0afab627b243) C:\Windows\System32\yk62x64.dll
22:52:36.0832 3804 yksvc - ok
22:52:36.0914 3804 yukonw7 (6affd75c6807b3dd3ab018e27b88ef95) C:\Windows\system32\DRIVERS\yk62x64.sys
22:52:36.0919 3804 yukonw7 - ok
22:52:36.0934 3804 MBR (0x1B8) (70e629b51c16b3c007730c6ae57144c9) \Device\Harddisk0\DR0
22:52:36.0989 3804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:52:36.0989 3804 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:52:36.0995 3804 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk7\DR7
22:52:37.0001 3804 \Device\Harddisk7\DR7 - ok
22:52:37.0005 3804 Boot (0x1200) (1062f615c5a00ce284e16da6d17f40ac) \Device\Harddisk0\DR0\Partition0
22:52:37.0006 3804 \Device\Harddisk0\DR0\Partition0 - ok
22:52:37.0025 3804 Boot (0x1200) (abd0a39595a0f59a4d9645a22ab80be3) \Device\Harddisk0\DR0\Partition1
22:52:37.0055 3804 \Device\Harddisk0\DR0\Partition1 - ok
22:52:37.0063 3804 Boot (0x1200) (c9ca5d1a8cb22e076b7fc197abc177ad) \Device\Harddisk7\DR7\Partition0
22:52:37.0066 3804 \Device\Harddisk7\DR7\Partition0 - ok
22:52:37.0067 3804 ============================================================
22:52:37.0067 3804 Scan finished
22:52:37.0067 3804 ============================================================
22:52:37.0088 4652 Detected object count: 1
22:52:37.0088 4652 Actual detected object count: 1
22:52:53.0590 4652 \Device\Harddisk0\DR0\# - copied to quarantine
22:52:53.0591 4652 \Device\Harddisk0\DR0 - copied to quarantine
22:52:53.0619 4652 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:52:53.0621 4652 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:52:53.0625 4652 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:52:53.0629 4652 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:52:53.0638 4652 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:52:53.0643 4652 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:52:53.0644 4652 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:52:53.0645 4652 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:52:53.0646 4652 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:52:53.0648 4652 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:52:53.0649 4652 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:52:53.0651 4652 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:52:53.0652 4652 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:52:53.0653 4652 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:52:53.0655 4652 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:52:53.0656 4652 \Device\Harddisk0\DR0 - ok
22:52:54.0003 4652 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:53:02.0017 1604 Deinitialize success



aswMBR Log :

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-09 22:57:47
-----------------------------
22:57:47.579 OS Version: Windows x64 6.1.7601 Service Pack 1
22:57:47.579 Number of processors: 4 586 0x402
22:57:47.580 ComputerName: OWNER-PC UserName: Owner
22:57:48.902 Initialize success
22:58:02.150 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:58:02.154 Disk 0 Vendor: WDC_WD10EADS-22M2B0 01.00A01 Size: 953869MB BusType: 3
22:58:02.165 Disk 0 MBR read successfully
22:58:02.167 Disk 0 MBR scan
22:58:02.170 Disk 0 unknown MBR code
22:58:02.174 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
22:58:02.188 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
22:58:02.210 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941479 MB offset 25372672
22:58:02.233 Disk 0 scanning C:\Windows\system32\drivers
22:58:09.065 Service scanning
22:58:23.916 Modules scanning
22:58:23.932 Disk 0 trace - called modules:
22:58:23.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:58:23.958 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800777b790]
22:58:24.305 3 CLASSPNP.SYS[fffff8800197343f] -> nt!IofCallDriver -> [0xfffffa800723e9b0]
22:58:24.316 5 ACPI.sys[fffff88000f577a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80076bc060]
22:58:24.327 Scan finished successfully
22:58:46.458 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
22:58:46.475 The log file has been saved successfully to "C:\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   468bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:13 PM

Posted 10 August 2012 - 08:18 AM

Hi Lilly,

Lets continue.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the 3 logs for my review. Let me know what problem persists.

#5 jlilly88

jlilly88
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 10 August 2012 - 08:56 PM

Hey nasdaq! I wish we could have some of your rain in California. It's too dry here...

Anyways, ran Combofix.exe, restarted, ran Security Check, restarted, ran adwcleaner, clicked [Delete], the computer restarted. The coolest thing about the last restart was that it was in record time. The white light that flashes whenever the computer thinks was not 100% always on during start-up (something I noticed it used to do while it would BSOD). Everything is running smoothly and awesomely now! (is awesomely a word..?)

As requested, the logs.

ComboFix.txt


ComboFix 12-08-09.01 - Owner 08/10/2012 17:03:29.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6470 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Anti-Virus *Disabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Owner\g2mdlhlpx.exe
c:\windows\security\Database\tmp.edb
c:\windows\svchost.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 00:13 . 2012-08-11 00:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 14:33 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E061EA6-94BA-4098-9CBE-14BC4C888FEF}\mpengine.dll
2012-08-10 05:52 . 2012-08-10 05:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-07 02:10 . 2012-08-07 02:14 -------- d-----w- C:\Bios Stuff
2012-07-12 03:27 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 18:40 . 2012-04-22 14:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 18:40 . 2012-01-17 13:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 03:25 . 2010-10-13 08:30 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-18 17:04 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-18 17:04 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-09 05:43 . 2012-07-11 11:22 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 11:22 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:22 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:22 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:22 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:22 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:22 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-08 22:37 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 22:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 22:38 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 22:38 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 22:37 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-08 22:37 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 22:38 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 22:37 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-08 22:37 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:50 . 2012-07-11 11:22 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:22 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 11:22 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 11:22 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:22 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:22 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:22 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:22 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 19:25 . 2010-08-19 01:30 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
"GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\978\g2mstart.exe" [2012-06-25 40376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-08-03 498160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"avp"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-08-20 340520]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-4-29 1136568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 135664]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120]
R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-07-03 607232]
R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-20 1255736]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-15 40464]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 27152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [2009-08-24 1622528]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-03 21008]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-15 393216]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 18:40]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 01:15]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 01:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"CmPCIaudio"="c:\windows\Syswow64\CmiCnfg3.dll" [2009-04-14 7700480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173608109406p03d5v145k4941523o
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173608109406p03d5v145k4941523o
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9xjcyfix.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Apple Computer - c:\users\Owner\AppData\Local\Apps\Apple Computer\zaumhg.dll
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD}"=hex:51,66,7a,6c,4c,1d,38,12,ec,d2,b9,
ff,48,72,aa,0e,da,ff,63,3b,8b,51,46,e9
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b1,6f,61,a0,b9,6a,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
.
**************************************************************************
.
Completion time: 2012-08-10 17:25:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-11 00:25
.
Pre-Run: 837,298,716,672 bytes free
Post-Run: 837,523,697,664 bytes free
.
- - End Of File - - 34E2BB6C419B932532A2BF4A992F4D59



Checkup.txt


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Kaspersky Anti-Virus
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Anti-Virus 2010 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



AdwCleaner[S1].txt


# AdwCleaner v1.800 - Logfile created 08/10/2012 at 18:47:03
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9xjcyfix.default\ConduitCommon
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9xjcyfix.default\CT2786678
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9xjcyfix.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Deleted : C:\Program Files (x86)\Conduit

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
[x64] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9xjcyfix.default\prefs.js

Deleted : user_pref("CT2786678..clientLogIsEnabled", false);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Sun Jul 22 2012 16:39:34 GMT-0700 (Pacific Daylight[...]
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CurrentServerDate", "5-8-2012");
Deleted : user_pref("CT2786678.DSInstall", false);
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sat Aug 04 2012 21:10:31 GMT-0700 (Pacific Daylig[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Sat Aug 04 2012 21:10:30 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 501);
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Sat Aug 04 2012 21:10:31 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Sat Aug 04 2012 21:10:31 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Sat Aug 04 2012 21:10:31 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Sat Aug 04 2012 21:10:31 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Sat Aug 04 2012 21:10:31 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Sat Aug 04 2012 21:10:31 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Sat Aug 04 2012 21:10:31 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Sat Aug 04 2012 21:10:32 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Sat Aug 04 2012 21:10:31 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Sat Aug 04 2012 21:10:31 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Sat Aug 04 2012 21:10:31 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "28-11-2011");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HPInstall", false);
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2786678.HomepageBeforeUnload", "hxxp://www.google.com/");
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2786678.InstalledDate", "Sun Nov 27 2011 15:39:13 GMT-0800 (Pacific Standard Time)");
Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsInitSetupIni", true);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Sat Aug 04 2012 08:33:32 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.12.2.3", "Wed May 30 2012 22:41:46 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT2786678.LastLogin_3.13.0.6", "Mon Jul 16 2012 22:54:19 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT2786678.LastLogin_3.14.1.0", "Sat Aug 04 2012 21:10:31 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT2786678.LastLogin_3.8.0.8", "Wed May 09 2012 13:27:58 GMT-0700 (Pacific Daylight Time)"[...]
Deleted : user_pref("CT2786678.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.8.0.8");
Deleted : user_pref("CT2786678.SearchBoxWidth", 150);
Deleted : user_pref("CT2786678.SearchCaption", " ");
Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sat Aug 04 2012 11:07:25 GMT-0700 (Pacific Dayli[...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2786678.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Sat Aug 04 2012 21:10:30 GMT-0700 (Pacific Daylight [...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Sat Aug 04 2012 21:10:30 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1340118047");
Deleted : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sat Jul 21 2012 14:52:43 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2786678.ToolbarDisabled", true);
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN98763116893745832");
Deleted : user_pref("CT2786678.ValidationData_Search", 2);
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Sat Aug 04 2012 21:10:31 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT2786678.WeatherUnit", "C");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.backendstorage.cb_experience_000", "3638");
Deleted : user_pref("CT2786678.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT2786678.backendstorage.cb_user_id_000", "43423732353739343137303937395F46697265666F78")[...]
Deleted : user_pref("CT2786678.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT2786678.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "53756E204E6F7620323720323031312031353A33393A31362[...]
Deleted : user_pref("CT2786678.backendstorage.facebook_mode", "32");
Deleted : user_pref("CT2786678.backendstorage.facebook_user_locale", "656E");
Deleted : user_pref("CT2786678.backendstorage.pairingkey", "34304136434344373337373338313138324238303337394343[...]
Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E66616365626F6F6B2E636F6D2F2[...]
Deleted : user_pref("CT2786678.backendstorage.url_history0001", "687474703A2F2F7777772E73696C69636F6E6572612E6[...]
Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333232343436343432393333");
Deleted : user_pref("CT2786678.backendstorage.uttorrents", "7B226275696C64223A32363437332C226C6162656C223A5B5D[...]
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Fri Aug 03 2012 12:12:20 GMT-0700 (Pacific [...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129789450454597254[...]
Deleted : user_pref("CT2786678.revertSettingsEnabled", false);
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Sat Aug 04 2012 08:33:32 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Wed Jul 25 2012 16:13:33 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2786678.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"8ec[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Owner\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/gamearcade/ar[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v3.13/gadget.html", [...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v115/gadget.php?appMo[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Apr 15 2012 14:58:12 GMT-0700 (Pac[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "5e4d9111-c8ad-46bd-8276-9dbd78476c97");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Aug 01 2012 11:07:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Aug 04 2012 08:33:41 GMT-070[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Aug 04 2012 21:10:32 GMT-0700 (P[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "2f89d7c0-2ebf-432f-b9bd-ff79a8f798d2");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("browser.open.lastDir", "C:\\Working Documents\\Roses Engineering\\Office\\Timesheets\\Tim[...]
Deleted : user_pref("extensions.aniweather.timeShifted", 1567746);

-\\ Google Chrome v21.0.1180.75

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[R1].txt - [18234 octets] - [10/08/2012 18:40:18]
AdwCleaner[R2].txt - [18295 octets] - [10/08/2012 18:46:40]
AdwCleaner[R3].txt - [18356 octets] - [10/08/2012 18:46:55]
AdwCleaner[S1].txt - [18421 octets] - [10/08/2012 18:47:03]

########## EOF - C:\AdwCleaner[S1].txt - [18550 octets] ##########



Let me know if you need anything else. You've been a big help! Thanks again!

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:13 PM

Posted 11 August 2012 - 09:18 AM

Looking good.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 31


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users