Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GAC_32\Desktop.ini infection (Trojan.Generic.7552386 (Engine A))on 64-bit Vista SP2


  • This topic is locked This topic is locked
14 replies to this topic

#1 hateway

hateway

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 PM

Posted 09 August 2012 - 01:56 PM

Hi!

Picked up the Live Security Platinum virus a few days ago. Following the guide here (http://malwaretips.com/blogs/live-security-platinum-virus/) I cleared out all the obvious symptoms of the infection, but the scans I ran show that I've still got a "Trojan.Generic.7552386 (Engine A)" or BackDoor.Maxplus.6342 named Desktop.ini in my C:\Windows\assembly\GAC_32 folder (the scans also indicate there's something wrong with C:\Windows\system32\services.exe (PID 692).

When I try to clean them with any of my available anti-malware stuff (AVG, HitmanPro, Malwarebytes Anti-Malware), they say they need to reboot to finish deleting them, but when I run the scans after the reboot Desktop.ini is still there. I'd appreciate help with this.

I'm running Vista Service Pack 2(64-bit). Here's my DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Alex at 14:41:58 on 2012-08-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1916.661 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_service.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_comm_customer.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_system_customer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_user_customer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\12.1.5\ScriptHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bleepingcomputer.com/forums/topic463438.html/page__gopid__2792568#entry2792568
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {cf67755f-9265-449c-87cf-b945519e073b} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\HP\KBD\KbdStub.EXE
mRun: [<NO NAME>]
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OFpFTi1OVldVTS1NTFpIRi1EUE5EQS1WOFNBOC0yOVMyWQ"&"inst=NzYtMTEyODgwNDQ2Mi1YTzM2KzEtTjFEKzEtUEwrOS1RSVgxKzQtWDIwMTArMS1WSVArMS1TUDErMS1UVUcrMy1DSVArMi1ERFQrNjI2MDAtU1QxMEFQUCsxLUREMTArMS1QMTBUQisy"&"prod=96"&"ver=10.0.1424
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D88536FD-30BB-4C28-B54D-EDDF8598703F} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {cf67755f-9265-449c-87cf-b945519e073b} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun-x64: [KBD] C:\HP\KBD\KbdStub.EXE
mRun-x64: [(Default)]
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OFpFTi1OVldVTS1NTFpIRi1EUE5EQS1WOFNBOC0yOVMyWQ"&"inst=NzYtMTEyODgwNDQ2Mi1YTzM2KzEtTjFEKzEtUEwrOS1RSVgxKzQtWDIwMTArMS1WSVArMS1TUDErMS1UVUcrMy1DSVArMi1ERFQrNjI2MDAtU1QxMEFQUCsxLUREMTArMS1QMTBUQisy"&"prod=96"&"ver=10.0.1424
mRunOnce-x64: [Launcher] %WINDIR%\SMINST\launcher.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_service.exe [2012-8-6 609720]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-5-18 1153368]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-8-6 830048]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 CAXHWBS3;CAXHWBS3;C:\Windows\system32\DRIVERS\CAXHWBS3.sys --> C:\Windows\system32\DRIVERS\CAXHWBS3.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-30 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-30 136176]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-31 11856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-11-30 89920]
S4 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-6-4 375176]
S4 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-6-28 91392]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-5-29 2143072]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-09 17:55:03 -------- d-s---w- C:\ComboFix
2012-08-09 15:20:23 98816 ----a-w- C:\Windows\sed.exe
2012-08-09 15:20:23 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-09 15:20:23 256000 ----a-w- C:\Windows\PEV.exe
2012-08-09 15:20:23 208896 ----a-w- C:\Windows\MBR.exe
2012-08-06 23:31:58 171448 ----a-w- C:\Windows\System32\g2ax_credential_provider64_428.dll
2012-08-06 22:43:33 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-06 21:57:50 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-08-06 21:57:47 -------- d-----w- C:\ProgramData\Tarma Installer
2012-08-06 21:14:27 -------- d-----w- C:\Users\Alex\AppData\Roaming\AVG2012
2012-08-06 21:13:52 -------- d-----w- C:\Users\Alex\AppData\Local\AVG Secure Search
2012-08-06 21:13:21 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-08-06 21:12:51 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-06 21:12:45 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-08-06 21:12:43 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-08-06 21:11:50 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-08-06 21:10:47 -------- d-----w- C:\ProgramData\AVG2012
2012-08-06 20:58:12 25952 ----a-w- C:\Windows\System32\authuitu.dll
2012-08-06 20:58:11 21344 ----a-w- C:\Windows\SysWow64\authuitu.dll
2012-08-06 20:58:06 35680 ----a-w- C:\Windows\System32\uxtuneup.dll
2012-08-06 20:58:06 29024 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2012-08-06 20:55:17 34656 ----a-w- C:\Windows\System32\TURegOpt.exe
2012-08-06 20:54:06 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2012
2012-08-06 18:27:33 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-08-06 17:49:53 -------- d-----w- C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2012-08-06 17:49:43 -------- d-----w- C:\ProgramData\!SASCORE
2012-08-06 17:49:40 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-08-06 17:48:06 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-06 17:48:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-03 20:59:18 -------- d-----w- C:\ProgramData\0C1CFB260007D99A025B86AA2F3B707C
2012-07-11 17:01:54 2769408 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-08-02 22:41:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 22:41:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
.
============= FINISH: 14:42:34.91 ===============

Edit: Moved topic from to the more appropriate forum.
Roger

Attached Files


Edited by rotor123, 09 August 2012 - 03:24 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 PM

Posted 10 August 2012 - 02:32 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 hateway

hateway
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 PM

Posted 10 August 2012 - 08:31 AM

Hi Gringo,

When I run ComboFix, it stalls when it finds the virus at c:\WINDOWS\System32\services.exe

here is the Security Check log:

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java™ 6 Update 31
Java™ SE Runtime Environment 6 Update 1
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 PM

Posted 10 August 2012 - 12:43 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 hateway

hateway
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 PM

Posted 10 August 2012 - 05:15 PM

Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by SYSTEM at 10-08-2012 18:04:15
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [15851040 2008-05-22] (NVIDIA Corporation)
HKLM-x32\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1147488 2012-08-06] ()
HKU\Alex\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Alex\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2006-11-02] (Microsoft Corporation)
HKU\Alex\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [HPADVISOR] [x]
HKU\remote AGEEKTOGO!\...\Run: [HPADVISOR] [x]
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OFpFTi1OVldVTS1NTFpIRi1EUE5EQS1WOFNBOC0yOVMyWQ"&"inst=NzYtMTEyODgwNDQ2Mi1YTzM2KzEtTjFEKzEtUEwrOS1RSVgxKzQtWDIwMTArMS1WSVArMS1TUDErMS1UVUcrMy1DSVArMi1ERFQrNjI2MDAtU1QxMEFQUCsxLUREMTArMS1QMTBUQisy"&"prod=96"&"ver=10.0.1424 [x]
HKLM-x32\...\Runonce: [Launcher] %WINDIR%\SMINST\launcher.exe [x]
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
AppInit_DLLs: DAinit.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)

==================== Services (Whitelisted) ======

4 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-08-06] (SUPERAntiSpyware.com)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
4 GameConsoleService; "C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe" [165416 2008-03-28] (WildTangent, Inc.)
2 GoToAssist Remote Support Customer; "C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_service.exe" "Start=service" [609720 2012-08-06] (Citrix Online, a division of Citrix Systems, Inc.)
4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2011-07-06] (LogMeIn, Inc.)
4 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91392 2009-11-25] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
4 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [2143072 2012-05-29] (TuneUp Software)
2 vToolbarUpdater12.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [830048 2012-08-06] ()
3 WajamUpdater; "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" [109064 2012-06-14] (Wajam)

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-06] (AVG Technologies)
3 CAXHWBS3; C:\Windows\System32\Drivers\CAXHWBS3.sys [286208 2008-02-12] (Conexant Systems, Inc.)
3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1481216 2008-02-12] (Conexant Systems, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2007-08-03] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2008-08-11] (LogMeIn, Inc.)
3 Ps2; C:\Windows\System32\Drivers\Ps2.sys [21504 2006-09-07] ()
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-10-31] (TuneUp Software)
3 DAmirr; C:\Windows\System32\DRIVERS\DAmirr.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x]
4 LMIRfsClientNP; [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-09 10:55 - 2012-08-09 10:55 - 00003403 ____A C:\Users\Alex\Desktop\Attach.zip
2012-08-09 10:53 - 2012-08-09 10:53 - 00001856 ____A C:\Users\Public\Desktop\WinZip.lnk
2012-08-09 10:53 - 2012-08-09 10:53 - 00001856 ____A C:\Users\All Users\Desktop\WinZip.lnk
2012-08-09 10:52 - 2012-08-09 10:55 - 00000000 ____D C:\Users\All Users\WinZip
2012-08-09 10:52 - 2012-08-09 10:55 - 00000000 ____D C:\Users\All Users\Application Data\WinZip
2012-08-09 10:52 - 2012-08-09 10:55 - 00000000 ____D C:\Users\Alex\Local Settings\WinZip
2012-08-09 10:52 - 2012-08-09 10:55 - 00000000 ____D C:\Users\Alex\Local Settings\Application Data\WinZip
2012-08-09 10:52 - 2012-08-09 10:55 - 00000000 ____D C:\Users\Alex\AppData\Local\WinZip
2012-08-09 10:52 - 2012-08-09 10:52 - 00000000 ____D C:\Program Files\WinZip
2012-08-09 10:51 - 2012-08-10 05:20 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-08-09 10:50 - 2012-08-09 10:50 - 00356240 ____A C:\Users\Alex\Downloads\WinZip165.exe
2012-08-09 10:50 - 2012-08-09 10:50 - 00000000 ____D C:\Users\Alex\Local Settings\Wajam
2012-08-09 10:50 - 2012-08-09 10:50 - 00000000 ____D C:\Users\Alex\Local Settings\Application Data\Wajam
2012-08-09 10:50 - 2012-08-09 10:50 - 00000000 ____D C:\Users\Alex\AppData\Local\Wajam
2012-08-09 10:50 - 2012-08-09 10:50 - 00000000 ____D C:\Program Files (x86)\Wajam
2012-08-09 10:50 - 2012-08-09 10:50 - 00000000 ____A C:\Users\Alex\Desktop\OK
2012-08-09 10:44 - 2012-08-09 10:44 - 00010088 ____A C:\Users\Alex\Desktop\Attach.txt
2012-08-09 09:55 - 2012-08-09 10:09 - 00000000 ___SD C:\ComboFix
2012-08-09 09:49 - 2012-08-09 09:49 - 00881494 ____A C:\Users\Alex\Desktop\SecurityCheck.exe
2012-08-09 07:20 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-09 07:20 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-09 07:20 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-09 07:20 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-09 07:20 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-09 07:20 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-09 07:20 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-09 07:20 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-06 16:48 - 2012-08-06 16:48 - 00003192 ____A C:\Users\Alex\Desktop\bits7.reg
2012-08-06 16:44 - 2012-08-06 16:45 - 00005007 ____A C:\Users\Alex\Desktop\FSS.txt
2012-08-06 16:39 - 2012-08-06 16:42 - 00002517 ____A C:\Users\Alex\Desktop\Result.txt
2012-08-06 16:38 - 2012-08-06 16:38 - 00751391 ____A (Farbar) C:\Users\Alex\Desktop\MiniToolBox.exe
2012-08-06 16:29 - 2012-08-06 16:29 - 00002743 ____A C:\Users\Alex\Desktop\eset.txt
2012-08-06 15:31 - 2012-08-06 15:31 - 00171448 ____A (Citrix Online) C:\Windows\System32\g2ax_credential_provider64_428.dll
2012-08-06 15:31 - 2012-08-06 15:31 - 00001409 ____A C:\Users\Alex\Desktop\GoToAssist Customer.lnk
2012-08-06 14:43 - 2012-08-06 14:43 - 00000000 ____D C:\Program Files (x86)\ESET
2012-08-06 14:10 - 2012-08-09 06:46 - 04728003 ____R (Swearware) C:\Users\Alex\Desktop\ComboFix.exe
2012-08-06 14:01 - 2012-08-09 07:20 - 00000000 ____D C:\Qoobox
2012-08-06 14:01 - 2012-08-06 14:04 - 00000000 ____D C:\Windows\erdnt
2012-08-06 13:57 - 2012-08-06 14:00 - 04725168 ____R (Swearware) C:\Users\Alex\Downloads\ComboFix.exe
2012-08-06 13:57 - 2012-08-06 13:57 - 00000000 ____D C:\Program Files (x86)\Yontoo
2012-08-06 13:56 - 2012-08-06 09:25 - 00463080 ____A (CNET Download.com) C:\Users\Alex\Desktop\cnet2_ComboFix_exe.exe
2012-08-06 13:14 - 2012-08-06 13:14 - 00000000 ____D C:\Users\Alex\Application Data\AVG2012
2012-08-06 13:14 - 2012-08-06 13:14 - 00000000 ____D C:\Users\Alex\AppData\Roaming\AVG2012
2012-08-06 13:13 - 2012-08-06 13:14 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-08-06 13:13 - 2012-08-06 13:14 - 00000000 ____D C:\Users\All Users\Application Data\AVG Secure Search
2012-08-06 13:13 - 2012-08-06 13:13 - 00000874 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-06 13:13 - 2012-08-06 13:13 - 00000874 ____A C:\Users\All Users\Desktop\AVG 2012.lnk
2012-08-06 13:13 - 2012-08-06 13:13 - 00000000 ____D C:\Users\Alex\Local Settings\AVG Secure Search
2012-08-06 13:13 - 2012-08-06 13:13 - 00000000 ____D C:\Users\Alex\Local Settings\Application Data\AVG Secure Search
2012-08-06 13:13 - 2012-08-06 13:13 - 00000000 ____D C:\Users\Alex\AppData\Local\AVG Secure Search
2012-08-06 13:12 - 2012-08-06 13:13 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-08-06 13:12 - 2012-08-06 13:12 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-06 13:11 - 2012-08-06 13:11 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-08-06 13:10 - 2012-08-06 13:25 - 00000000 ____D C:\Users\All Users\AVG2012
2012-08-06 13:10 - 2012-08-06 13:25 - 00000000 ____D C:\Users\All Users\Application Data\AVG2012
2012-08-06 12:58 - 2012-05-29 10:46 - 00035680 ____A (TuneUp Software) C:\Windows\System32\uxtuneup.dll
2012-08-06 12:58 - 2012-05-29 10:46 - 00029024 ____A (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2012-08-06 12:58 - 2012-05-29 10:46 - 00025952 ____A (TuneUp Software) C:\Windows\System32\authuitu.dll
2012-08-06 12:58 - 2012-05-29 10:46 - 00021344 ____A (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2012-08-06 12:55 - 2012-05-29 10:46 - 00034656 ____A (TuneUp Software) C:\Windows\System32\TURegOpt.exe
2012-08-06 12:54 - 2012-08-06 12:57 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2012-08-06 12:32 - 2012-08-06 12:32 - 00000176 ____A C:\Windows\wininit.ini
2012-08-06 10:27 - 2012-08-06 10:27 - 00000000 __SHD C:\Users\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-08-06 10:27 - 2012-08-06 10:27 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-08-06 09:49 - 2012-08-06 09:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-08-06 09:49 - 2012-08-06 09:49 - 00000000 ____D C:\Users\All Users\Application Data\!SASCORE
2012-08-06 09:49 - 2012-08-06 09:49 - 00000000 ____D C:\Users\All Users\!SASCORE
2012-08-06 09:49 - 2012-08-06 09:49 - 00000000 ____D C:\Users\Alex\Application Data\SUPERAntiSpyware.com
2012-08-06 09:49 - 2012-08-06 09:49 - 00000000 ____D C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2012-08-06 09:48 - 2012-08-06 09:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-06 09:48 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-03 12:59 - 2012-08-03 13:02 - 00000000 ____D C:\Users\All Users\Application Data\0C1CFB260007D99A025B86AA2F3B707C
2012-08-03 12:59 - 2012-08-03 13:02 - 00000000 ____D C:\Users\All Users\0C1CFB260007D99A025B86AA2F3B707C
2012-07-27 11:17 - 2012-08-09 10:27 - 00002027 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-27 11:17 - 2012-08-09 10:27 - 00002027 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
2012-07-11 09:02 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 09:02 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 09:02 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 09:02 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 09:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 09:02 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 09:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 09:02 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 09:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 09:02 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 09:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 09:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 09:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 09:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 09:02 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 09:02 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 09:02 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 09:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 09:02 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 09:02 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 09:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 09:02 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 09:02 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 09:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 09:02 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 09:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 09:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 09:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 09:01 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 03:06 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 03:06 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 03:06 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 03:06 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 03:06 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 03:06 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 03:06 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 03:06 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 03:06 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 03:06 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 03:06 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 03:06 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll


============ 3 Months Modified Files ========================

2012-08-10 13:57 - 2010-08-31 10:41 - 00000442 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{26A0BDE8-CCA2-461A-9864-60BAEF5FD26F}.job
2012-08-10 13:51 - 2012-04-03 05:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-10 13:51 - 2011-08-30 11:32 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-10 13:51 - 2010-05-17 21:35 - 01881258 ____A C:\Windows\WindowsUpdate.log
2012-08-10 07:09 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-10 07:09 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-10 05:25 - 2011-08-30 11:32 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-10 04:42 - 2006-11-02 04:46 - 00703516 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-10 04:34 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-09 10:55 - 2012-08-09 10:55 - 00003403 ____A C:\Users\Alex\Desktop\Attach.zip
2012-08-09 10:53 - 2012-08-09 10:53 - 00001856 ____A C:\Users\Public\Desktop\WinZip.lnk
2012-08-09 10:53 - 2012-08-09 10:53 - 00001856 ____A C:\Users\All Users\Desktop\WinZip.lnk
2012-08-09 10:50 - 2012-08-09 10:50 - 00356240 ____A C:\Users\Alex\Downloads\WinZip165.exe
2012-08-09 10:50 - 2012-08-09 10:50 - 00000000 ____A C:\Users\Alex\Desktop\OK
2012-08-09 10:44 - 2012-08-09 10:44 - 00010088 ____A C:\Users\Alex\Desktop\Attach.txt
2012-08-09 10:27 - 2012-07-27 11:17 - 00002027 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-09 10:27 - 2012-07-27 11:17 - 00002027 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
2012-08-09 10:14 - 2010-08-23 09:05 - 00034362 ____A C:\Windows\PFRO.log
2012-08-09 10:13 - 2006-11-02 07:42 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-09 09:49 - 2012-08-09 09:49 - 00881494 ____A C:\Users\Alex\Desktop\SecurityCheck.exe
2012-08-09 06:46 - 2012-08-06 14:10 - 04728003 ____R (Swearware) C:\Users\Alex\Desktop\ComboFix.exe
2012-08-06 16:48 - 2012-08-06 16:48 - 00003192 ____A C:\Users\Alex\Desktop\bits7.reg
2012-08-06 16:45 - 2012-08-06 16:44 - 00005007 ____A C:\Users\Alex\Desktop\FSS.txt
2012-08-06 16:42 - 2012-08-06 16:39 - 00002517 ____A C:\Users\Alex\Desktop\Result.txt
2012-08-06 16:38 - 2012-08-06 16:38 - 00751391 ____A (Farbar) C:\Users\Alex\Desktop\MiniToolBox.exe
2012-08-06 16:29 - 2012-08-06 16:29 - 00002743 ____A C:\Users\Alex\Desktop\eset.txt
2012-08-06 15:31 - 2012-08-06 15:31 - 00171448 ____A (Citrix Online) C:\Windows\System32\g2ax_credential_provider64_428.dll
2012-08-06 15:31 - 2012-08-06 15:31 - 00001409 ____A C:\Users\Alex\Desktop\GoToAssist Customer.lnk
2012-08-06 14:07 - 2010-08-23 14:10 - 00024869 ____A C:\Windows\setupact.log
2012-08-06 14:00 - 2012-08-06 13:57 - 04725168 ____R (Swearware) C:\Users\Alex\Downloads\ComboFix.exe
2012-08-06 13:13 - 2012-08-06 13:13 - 00000874 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-06 13:13 - 2012-08-06 13:13 - 00000874 ____A C:\Users\All Users\Desktop\AVG 2012.lnk
2012-08-06 13:12 - 2012-08-06 13:12 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-06 12:50 - 2010-08-20 13:18 - 00012492 ____A C:\Users\Alex\Application Data\wklnhst.dat
2012-08-06 12:50 - 2010-08-20 13:18 - 00012492 ____A C:\Users\Alex\AppData\Roaming\wklnhst.dat
2012-08-06 12:32 - 2012-08-06 12:32 - 00000176 ____A C:\Windows\wininit.ini
2012-08-06 09:25 - 2012-08-06 13:56 - 00463080 ____A (CNET Download.com) C:\Users\Alex\Desktop\cnet2_ComboFix_exe.exe
2012-08-02 14:41 - 2012-04-03 05:37 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-02 14:41 - 2011-07-22 08:05 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-29 09:28 - 2010-08-09 09:17 - 00000330 ____A C:\Windows\Tasks\HPCeeScheduleForAlex.job
2012-07-12 04:26 - 2012-06-11 03:24 - 00000252 ____A C:\Users\Alex\Desktop\Harbor View Elementary School - Homepage.url
2012-07-11 10:37 - 2010-08-23 09:07 - 00007052 ____A C:\Users\Alex\Local Settings\d3d9caps.dat
2012-07-11 10:37 - 2010-08-23 09:07 - 00007052 ____A C:\Users\Alex\Local Settings\Application Data\d3d9caps.dat
2012-07-11 10:37 - 2010-08-23 09:07 - 00007052 ____A C:\Users\Alex\AppData\Local\d3d9caps.dat
2012-07-11 09:27 - 2006-11-02 07:21 - 00309064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 09:05 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-03 09:46 - 2012-08-06 09:48 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 06:57 - 2012-07-01 06:48 - 00020480 ____A C:\Users\Alex\My Documents\DCI.monthly checks.wps
2012-07-01 06:57 - 2012-07-01 06:48 - 00020480 ____A C:\Users\Alex\Documents\DCI.monthly checks.wps
2012-06-21 10:37 - 2012-06-21 10:37 - 00000133 ____A C:\Users\Alex\Desktop\SC Department of Motor Vehicles.url
2012-06-21 10:32 - 2012-06-21 10:32 - 00000248 ____A C:\Users\Alex\Desktop\Learners Permit And Driver Permit Test Info at DMV.org The DMV Made Simple For Teen and New Drivers at DMV.org The DMV Made Simple.url
2012-06-13 05:58 - 2012-07-11 09:01 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 03:37 - 2012-06-11 03:37 - 00000350 ____A C:\Users\Alex\Desktop\ABCmouse Kids Learning, Phonics, Educational Games, Preschool-Kindergarten Reading.url
2012-06-08 09:59 - 2012-07-11 03:06 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 09:47 - 2012-07-11 03:06 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 08:45 - 2011-08-08 14:35 - 00086016 ____A C:\Users\Alex\My Documents\1606 Westview Expenses.wps
2012-06-06 08:45 - 2011-08-08 14:35 - 00086016 ____A C:\Users\Alex\Documents\1606 Westview Expenses.wps
2012-06-06 08:44 - 2012-06-06 08:44 - 00017920 ____A C:\Users\Alex\My Documents\2012 Renovation Westview Renovaton expenses.wps
2012-06-06 08:44 - 2012-06-06 08:44 - 00017920 ____A C:\Users\Alex\Documents\2012 Renovation Westview Renovaton expenses.wps
2012-06-05 10:02 - 2011-08-23 14:20 - 00033280 ____A C:\Users\Alex\My Documents\milage 1606 Westview.wps
2012-06-05 10:02 - 2011-08-23 14:20 - 00033280 ____A C:\Users\Alex\Documents\milage 1606 Westview.wps
2012-06-05 10:00 - 2012-06-05 10:00 - 00018432 ____A C:\Users\Alex\My Documents\2012 mileage.wps
2012-06-05 10:00 - 2012-06-05 10:00 - 00018432 ____A C:\Users\Alex\Documents\2012 mileage.wps
2012-06-05 08:47 - 2012-07-11 03:06 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 08:47 - 2012-07-11 03:06 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 08:22 - 2012-07-11 03:06 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 08:22 - 2012-07-11 03:06 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-04 07:29 - 2012-07-11 03:06 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-22 00:15 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 00:15 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 00:15 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 00:14 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 00:14 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 14:19 - 2012-06-22 00:14 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-22 00:14 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 14:15 - 2012-06-22 00:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 00:14 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-22 00:14 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 11:19 - 2012-06-22 00:14 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:19 - 2012-06-22 00:14 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 11:15 - 2012-06-22 00:14 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 11:12 - 2012-06-22 00:14 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-02 04:49 - 2012-07-11 09:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 09:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 09:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 09:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 09:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 09:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 09:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 09:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 09:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 09:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 09:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 09:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 09:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 09:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 09:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 09:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 09:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 09:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 09:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 09:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 09:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 09:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 09:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 09:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 09:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 09:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 09:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 09:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 16:22 - 2012-07-11 03:06 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:22 - 2012-07-11 03:06 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 16:05 - 2012-07-11 03:06 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 16:04 - 2012-07-11 03:06 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 16:03 - 2012-07-11 03:06 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-05-29 10:46 - 2012-08-06 12:58 - 00035680 ____A (TuneUp Software) C:\Windows\System32\uxtuneup.dll
2012-05-29 10:46 - 2012-08-06 12:58 - 00029024 ____A (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2012-05-29 10:46 - 2012-08-06 12:58 - 00025952 ____A (TuneUp Software) C:\Windows\System32\authuitu.dll
2012-05-29 10:46 - 2012-08-06 12:58 - 00021344 ____A (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2012-05-29 10:46 - 2012-08-06 12:55 - 00034656 ____A (TuneUp Software) C:\Windows\System32\TURegOpt.exe


ZeroAccess:
C:\Windows\Installer\{7753d824-a88d-1d84-e2c6-bcf3d18ba060}
C:\Windows\Installer\{7753d824-a88d-1d84-e2c6-bcf3d18ba060}\L
C:\Windows\Installer\{7753d824-a88d-1d84-e2c6-bcf3d18ba060}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2010-11-30 13:56] - [2009-04-10 23:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 31%
Total physical RAM: 1916.39 MB
Available physical RAM: 1306.54 MB
Total Pagefile: 1624.12 MB
Available Pagefile: 1285.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:219.95 GB) (Free:139.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.93 GB) (Free:1.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (MEMOREX UFD) (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 121 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 220 GB 32 KB
Partition 2 Primary 13 GB 220 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C HP NTFS Partition 220 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D FACTORY_IMA NTFS Partition 13 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 121 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F MEMOREX UFD FAT Removable 121 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-10 04:43

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by SYSTEM at 2012-08-10 18:06:55
Running from F:\

================== Search: "services.exe" ===================

C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2010-11-30 13:55] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2010-11-30 13:56] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\WINDOWS\SysWOW64\services.exe
[2010-11-30 13:55] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\WINDOWS\System32\services.exe
[2010-11-30 13:56] - [2009-04-10 23:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

====== End Of Search ======

THANK YOU!!!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 PM

Posted 10 August 2012 - 09:22 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe C:\WINDOWS\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\Installer\{7753d824-a88d-1d84-e2c6-bcf3d18ba060}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 hateway

hateway
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 PM

Posted 10 August 2012 - 09:58 PM

Thanks, GRINGO!

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012 01
Ran by SYSTEM at 2012-08-10 22:55:23 Run:1
Running from F:\

==============================================

C:\WINDOWS\System32\services.exe moved successfully.
C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe copied successfully to C:\WINDOWS\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\Installer\{7753d824-a88d-1d84-e2c6-bcf3d18ba060} moved successfully.

==== End of Fixlog ====

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 PM

Posted 10 August 2012 - 10:11 PM

now I would like you to run combofix for me now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 hateway

hateway
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 PM

Posted 11 August 2012 - 08:06 AM

Here are the ComboFix Results:
ComboFix 12-08-09.01 - Alex 08/11/2012 8:42.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1916.794 [GMT -4:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\TotalRecipeSearch_14
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14tpinst.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\chrome\14ffxtbr.jar
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\INSTALL.RDF
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP
c:\program files (x86)\TotalRecipeSearch_14\bar\Message\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\Settings\s_pid.dat
c:\program files (x86)\TotalRecipeSearch_14EI
c:\users\Alex\g2ax_customer_downloadhelper_win32_x86.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 12:51 . 2012-08-11 12:55 -------- d-----w- c:\users\Alex\AppData\Local\temp
2012-08-11 12:51 . 2012-08-11 12:51 -------- d-----w- c:\users\remote AGEEKTOGO!\AppData\Local\temp
2012-08-11 12:51 . 2012-08-11 12:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 02:04 . 2012-08-11 02:04 -------- d-----w- C:\FRST
2012-08-09 18:52 . 2012-08-09 18:55 -------- d-----w- c:\users\Alex\AppData\Local\WinZip
2012-08-09 18:52 . 2012-08-09 18:55 -------- d-----w- c:\programdata\WinZip
2012-08-09 18:52 . 2012-08-09 18:52 -------- d-----w- c:\program files\WinZip
2012-08-09 18:51 . 2012-08-10 13:20 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-08-09 18:50 . 2012-08-09 18:50 -------- d-----w- c:\users\Alex\AppData\Local\Wajam
2012-08-09 18:50 . 2012-08-09 18:50 -------- d-----w- c:\program files (x86)\Wajam
2012-08-06 23:31 . 2012-08-06 23:31 171448 ----a-w- c:\windows\system32\g2ax_credential_provider64_428.dll
2012-08-06 22:43 . 2012-08-06 22:43 -------- d-----w- c:\program files (x86)\ESET
2012-08-06 21:57 . 2012-08-06 21:57 -------- d-----w- c:\program files (x86)\Yontoo
2012-08-06 21:57 . 2012-08-06 21:57 -------- d-----w- c:\programdata\Tarma Installer
2012-08-06 21:14 . 2012-08-06 21:14 -------- d-----w- c:\users\Alex\AppData\Roaming\AVG2012
2012-08-06 21:13 . 2012-08-06 21:13 -------- d-----w- c:\users\Alex\AppData\Local\AVG Secure Search
2012-08-06 21:13 . 2012-08-06 21:14 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-06 21:12 . 2012-08-06 21:12 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-06 21:12 . 2012-08-06 21:12 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-06 21:12 . 2012-08-06 21:13 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-06 21:11 . 2012-08-06 21:11 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-06 21:10 . 2012-08-06 21:25 -------- d-----w- c:\programdata\AVG2012
2012-08-06 20:58 . 2012-05-29 18:46 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-08-06 20:58 . 2012-05-29 18:46 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-08-06 20:58 . 2012-05-29 18:46 35680 ----a-w- c:\windows\system32\uxtuneup.dll
2012-08-06 20:58 . 2012-05-29 18:46 29024 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2012-08-06 20:55 . 2012-05-29 18:46 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-08-06 20:54 . 2012-08-06 20:57 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-08-06 18:27 . 2012-08-06 18:27 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-08-06 17:49 . 2012-08-06 17:49 -------- d-----w- c:\users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2012-08-06 17:49 . 2012-08-06 17:49 -------- d-----w- c:\programdata\!SASCORE
2012-08-06 17:49 . 2012-08-06 17:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-06 17:48 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-06 17:48 . 2012-08-06 17:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-03 20:59 . 2012-08-03 21:02 -------- d-----w- c:\programdata\0C1CFB260007D99A025B86AA2F3B707C
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 22:41 . 2012-04-03 13:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 22:41 . 2011-07-22 16:05 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 17:05 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-06-13 13:58 . 2012-07-11 17:01 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 17:59 . 2012-07-11 11:06 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-11 11:06 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 11:06 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 11:06 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 11:06 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 11:06 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-22 08:14 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 08:15 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 08:15 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 08:15 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 08:14 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-22 08:14 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 08:14 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-22 08:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 08:14 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-22 08:14 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-22 08:14 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-06-22 08:14 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 08:14 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-22 08:14 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 12:49 . 2012-07-11 17:02 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 17:02 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 17:02 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 17:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 17:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 17:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 17:02 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 17:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 17:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 17:02 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 17:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 17:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 17:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 17:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 17:02 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 17:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 17:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 17:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 17:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 00:22 . 2012-07-11 11:06 347136 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 11:06 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 11:06 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 11:06 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 11:06 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files (x86)\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-03-17 19:45 2355224 ----a-w- c:\program files (x86)\Softonic-Eng7\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-06 21:12 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files (x86)\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-06 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-06 1147488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OFpFTi1OVldVTS1NTFpIRi1EUE5EQS1WOFNBOC0yOVMyWQ&inst=NzYtMTEyODgwNDQ2Mi1YTzM2KzEtTjFEKzEtUEwrOS1RSVgxKzQtWDIwMTArMS1WSVArMS1TUDErMS1UVUcrMy1DSVArMi1ERFQrNjI2MDAtU1QxMEFQUCsxLUREMTArMS1QMTBUQisy&prod=96&ver=10.0.1424" [?]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-06-24 46416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-4 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-08-06 140672]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 22:41]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-30 19:32]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-30 19:32]
.
2012-07-29 c:\windows\Tasks\HPCeeScheduleForAlex.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-09-18 03:03]
.
2012-08-11 c:\windows\Tasks\User_Feed_Synchronization-{26A0BDE8-CCA2-461A-9864-60BAEF5FD26F}.job
- c:\windows\system32\msfeedssync.exe [2012-02-21 18:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 15851040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\DAinit.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/forums/topic463438.html/page__gopid__2792568#entry2792568
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-GoToAssist Express Customer - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@Denied: (A 2) (Everyone)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_service.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
c:\program files (x86)\AVG\AVG2012\avgidsagent.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_comm_customer.exe
c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_system_customer.exe
c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_user_customer.exe
c:\program files (x86)\Kodak\KODAK Share Button App\Listener.exe
c:\hp\kbd\kbd.exe
.
**************************************************************************
.
Completion time: 2012-08-11 09:02:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-11 13:02
.
Pre-Run: 149,387,128,832 bytes free
Post-Run: 149,312,405,504 bytes free
.
- - End Of File - - FDB3176A7983BCA6DC816E06E44413F2

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 PM

Posted 11 August 2012 - 12:37 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 hateway

hateway
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 PM

Posted 11 August 2012 - 01:46 PM

TDSSKiller log:

14:19:35.0911 3180 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:19:36.0286 3180 ============================================================
14:19:36.0286 3180 Current date / time: 2012/08/11 14:19:36.0286
14:19:36.0286 3180 SystemInfo:
14:19:36.0286 3180
14:19:36.0286 3180 OS Version: 6.0.6002 ServicePack: 2.0
14:19:36.0286 3180 Product type: Workstation
14:19:36.0286 3180 ComputerName: ALEX-PC
14:19:36.0286 3180 UserName: Alex
14:19:36.0286 3180 Windows directory: C:\Windows
14:19:36.0286 3180 System windows directory: C:\Windows
14:19:36.0286 3180 Running under WOW64
14:19:36.0286 3180 Processor architecture: Intel x64
14:19:36.0286 3180 Number of processors: 2
14:19:36.0286 3180 Page size: 0x1000
14:19:36.0286 3180 Boot type: Normal boot
14:19:36.0286 3180 ============================================================
14:19:38.0517 3180 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:19:38.0595 3180 ============================================================
14:19:38.0595 3180 \Device\Harddisk0\DR0:
14:19:38.0610 3180 MBR partitions:
14:19:38.0610 3180 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1B7E5B71
14:19:38.0610 3180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B7E5BB0, BlocksNum 0x19DE620
14:19:38.0610 3180 ============================================================
14:19:38.0735 3180 C: <-> \Device\Harddisk0\DR0\Partition0
14:19:38.0829 3180 D: <-> \Device\Harddisk0\DR0\Partition1
14:19:38.0829 3180 ============================================================
14:19:38.0829 3180 Initialize success
14:19:38.0829 3180 ============================================================
14:20:02.0728 4492 ============================================================
14:20:02.0728 4492 Scan started
14:20:02.0728 4492 Mode: Manual;
14:20:02.0728 4492 ============================================================
14:20:04.0537 4492 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:20:04.0553 4492 !SASCORE - ok
14:20:04.0678 4492 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
14:20:04.0693 4492 ACPI - ok
14:20:04.0803 4492 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:20:04.0818 4492 AdobeFlashPlayerUpdateSvc - ok
14:20:04.0881 4492 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
14:20:04.0896 4492 adp94xx - ok
14:20:04.0943 4492 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
14:20:04.0943 4492 adpahci - ok
14:20:04.0974 4492 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
14:20:04.0990 4492 adpu160m - ok
14:20:05.0005 4492 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
14:20:05.0021 4492 adpu320 - ok
14:20:05.0083 4492 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
14:20:05.0083 4492 AeLookupSvc - ok
14:20:05.0146 4492 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
14:20:05.0177 4492 AFD - ok
14:20:05.0224 4492 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
14:20:05.0224 4492 agp440 - ok
14:20:05.0239 4492 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
14:20:05.0239 4492 aic78xx - ok
14:20:05.0286 4492 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
14:20:05.0286 4492 ALG - ok
14:20:05.0333 4492 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
14:20:05.0333 4492 aliide - ok
14:20:05.0349 4492 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
14:20:05.0349 4492 amdide - ok
14:20:05.0380 4492 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
14:20:05.0380 4492 AmdK8 - ok
14:20:05.0442 4492 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
14:20:05.0442 4492 Appinfo - ok
14:20:05.0489 4492 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
14:20:05.0489 4492 arc - ok
14:20:05.0520 4492 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
14:20:05.0536 4492 arcsas - ok
14:20:05.0551 4492 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
14:20:05.0567 4492 AsyncMac - ok
14:20:05.0598 4492 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
14:20:05.0598 4492 atapi - ok
14:20:05.0661 4492 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
14:20:05.0692 4492 AudioEndpointBuilder - ok
14:20:05.0692 4492 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
14:20:05.0707 4492 AudioSrv - ok
14:20:06.0051 4492 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
14:20:06.0160 4492 AVGIDSAgent - ok
14:20:06.0253 4492 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:20:06.0269 4492 AVGIDSDriver - ok
14:20:06.0285 4492 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
14:20:06.0285 4492 AVGIDSFilter - ok
14:20:06.0316 4492 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
14:20:06.0331 4492 AVGIDSHA - ok
14:20:06.0378 4492 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
14:20:06.0394 4492 Avgldx64 - ok
14:20:06.0425 4492 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:20:06.0425 4492 Avgmfx64 - ok
14:20:06.0472 4492 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:20:06.0472 4492 Avgrkx64 - ok
14:20:06.0519 4492 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
14:20:06.0534 4492 Avgtdia - ok
14:20:06.0550 4492 avgtp (e1b8ec60c85a266cb604cd46921606b4) C:\Windows\system32\drivers\avgtpx64.sys
14:20:06.0565 4492 avgtp - ok
14:20:06.0721 4492 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:20:06.0737 4492 avgwd - ok
14:20:06.0768 4492 Beep - ok
14:20:06.0846 4492 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
14:20:06.0862 4492 BFE - ok
14:20:06.0955 4492 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
14:20:07.0002 4492 BITS - ok
14:20:07.0065 4492 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
14:20:07.0065 4492 blbdrive - ok
14:20:07.0111 4492 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
14:20:07.0127 4492 bowser - ok
14:20:07.0143 4492 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
14:20:07.0158 4492 BrFiltLo - ok
14:20:07.0174 4492 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
14:20:07.0174 4492 BrFiltUp - ok
14:20:07.0221 4492 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
14:20:07.0221 4492 Browser - ok
14:20:07.0252 4492 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
14:20:07.0267 4492 Brserid - ok
14:20:07.0283 4492 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
14:20:07.0299 4492 BrSerWdm - ok
14:20:07.0330 4492 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
14:20:07.0330 4492 BrUsbMdm - ok
14:20:07.0345 4492 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
14:20:07.0377 4492 BrUsbSer - ok
14:20:07.0392 4492 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
14:20:07.0408 4492 BTHMODEM - ok
14:20:07.0455 4492 catchme - ok
14:20:07.0501 4492 CAXHWBS3 (acbadab44c65e96983dbf5633318c355) C:\Windows\system32\DRIVERS\CAXHWBS3.sys
14:20:07.0564 4492 CAXHWBS3 - ok
14:20:07.0611 4492 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
14:20:07.0611 4492 cdfs - ok
14:20:07.0673 4492 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
14:20:07.0689 4492 cdrom - ok
14:20:07.0751 4492 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
14:20:07.0751 4492 CertPropSvc - ok
14:20:07.0782 4492 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
14:20:07.0782 4492 circlass - ok
14:20:07.0845 4492 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
14:20:07.0845 4492 CLFS - ok
14:20:07.0907 4492 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:20:07.0907 4492 clr_optimization_v2.0.50727_32 - ok
14:20:07.0969 4492 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:20:07.0985 4492 clr_optimization_v2.0.50727_64 - ok
14:20:08.0047 4492 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:20:08.0110 4492 clr_optimization_v4.0.30319_32 - ok
14:20:08.0172 4492 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:20:08.0172 4492 clr_optimization_v4.0.30319_64 - ok
14:20:08.0203 4492 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
14:20:08.0203 4492 cmdide - ok
14:20:08.0235 4492 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
14:20:08.0235 4492 Compbatt - ok
14:20:08.0250 4492 COMSysApp - ok
14:20:08.0266 4492 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
14:20:08.0266 4492 crcdisk - ok
14:20:08.0328 4492 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
14:20:08.0344 4492 CryptSvc - ok
14:20:08.0344 4492 DAmirr - ok
14:20:08.0437 4492 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
14:20:08.0469 4492 DcomLaunch - ok
14:20:08.0515 4492 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
14:20:08.0531 4492 DfsC - ok
14:20:08.0671 4492 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
14:20:08.0796 4492 DFSR - ok
14:20:08.0921 4492 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
14:20:08.0937 4492 Dhcp - ok
14:20:08.0999 4492 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
14:20:08.0999 4492 disk - ok
14:20:09.0046 4492 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
14:20:09.0061 4492 Dnscache - ok
14:20:09.0108 4492 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
14:20:09.0108 4492 dot3svc - ok
14:20:09.0171 4492 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
14:20:09.0171 4492 DPS - ok
14:20:09.0217 4492 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
14:20:09.0217 4492 drmkaud - ok
14:20:09.0295 4492 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
14:20:09.0327 4492 DXGKrnl - ok
14:20:09.0358 4492 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:20:09.0373 4492 E1G60 - ok
14:20:09.0436 4492 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
14:20:09.0436 4492 EapHost - ok
14:20:09.0483 4492 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
14:20:09.0498 4492 Ecache - ok
14:20:09.0576 4492 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
14:20:09.0592 4492 ehRecvr - ok
14:20:09.0607 4492 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
14:20:09.0623 4492 ehSched - ok
14:20:09.0639 4492 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
14:20:09.0639 4492 ehstart - ok
14:20:09.0701 4492 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
14:20:09.0717 4492 elxstor - ok
14:20:09.0779 4492 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
14:20:09.0810 4492 EMDMgmt - ok
14:20:09.0826 4492 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
14:20:09.0826 4492 ErrDev - ok
14:20:09.0904 4492 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
14:20:09.0919 4492 EventSystem - ok
14:20:09.0966 4492 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
14:20:09.0982 4492 exfat - ok
14:20:09.0997 4492 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
14:20:10.0013 4492 fastfat - ok
14:20:10.0075 4492 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
14:20:10.0075 4492 fdc - ok
14:20:10.0122 4492 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
14:20:10.0122 4492 fdPHost - ok
14:20:10.0138 4492 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
14:20:10.0153 4492 FDResPub - ok
14:20:10.0169 4492 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
14:20:10.0169 4492 FileInfo - ok
14:20:10.0185 4492 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
14:20:10.0185 4492 Filetrace - ok
14:20:10.0200 4492 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:20:10.0200 4492 flpydisk - ok
14:20:10.0247 4492 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
14:20:10.0263 4492 FltMgr - ok
14:20:10.0387 4492 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
14:20:10.0419 4492 FontCache - ok
14:20:10.0497 4492 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:20:10.0497 4492 FontCache3.0.0.0 - ok
14:20:10.0559 4492 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
14:20:10.0575 4492 Fs_Rec - ok
14:20:10.0606 4492 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
14:20:10.0606 4492 gagp30kx - ok
14:20:10.0715 4492 GameConsoleService (cc1c8068b05283d63ec5fe782d2d3946) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
14:20:10.0715 4492 GameConsoleService - ok
14:20:10.0840 4492 GoToAssist Remote Support Customer (9144b18ce0db8debb3ae31d2ed25c384) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_service.exe
14:20:10.0871 4492 GoToAssist Remote Support Customer - ok
14:20:10.0933 4492 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
14:20:10.0965 4492 gpsvc - ok
14:20:11.0058 4492 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:20:11.0074 4492 gupdate - ok
14:20:11.0074 4492 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:20:11.0074 4492 gupdatem - ok
14:20:11.0121 4492 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:20:11.0136 4492 gusvc - ok
14:20:11.0230 4492 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:20:11.0277 4492 HDAudBus - ok
14:20:11.0308 4492 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
14:20:11.0308 4492 HidBth - ok
14:20:11.0323 4492 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
14:20:11.0339 4492 HidIr - ok
14:20:11.0401 4492 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
14:20:11.0401 4492 hidserv - ok
14:20:11.0433 4492 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
14:20:11.0433 4492 HidUsb - ok
14:20:11.0495 4492 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
14:20:11.0495 4492 hkmsvc - ok
14:20:11.0573 4492 HP Health Check Service (a3a30438c48d2d71556e120c9c7ba7a0) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:20:11.0589 4492 HP Health Check Service - ok
14:20:11.0635 4492 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
14:20:11.0635 4492 HpCISSs - ok
14:20:11.0729 4492 HSF_DP (c0a9096a732b912bfe1504d17c6b2385) C:\Windows\system32\DRIVERS\CAX_DP.sys
14:20:11.0791 4492 HSF_DP - ok
14:20:11.0916 4492 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
14:20:11.0932 4492 HTTP - ok
14:20:11.0979 4492 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
14:20:11.0979 4492 i2omp - ok
14:20:11.0994 4492 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
14:20:11.0994 4492 i8042prt - ok
14:20:12.0025 4492 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
14:20:12.0057 4492 iaStorV - ok
14:20:12.0181 4492 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:20:12.0213 4492 idsvc - ok
14:20:12.0228 4492 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
14:20:12.0228 4492 iirsp - ok
14:20:12.0291 4492 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
14:20:12.0322 4492 IKEEXT - ok
14:20:12.0447 4492 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
14:20:12.0618 4492 IntcAzAudAddService - ok
14:20:12.0727 4492 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
14:20:12.0727 4492 intelide - ok
14:20:12.0743 4492 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
14:20:12.0759 4492 intelppm - ok
14:20:12.0790 4492 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
14:20:12.0805 4492 IPBusEnum - ok
14:20:12.0837 4492 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:20:12.0852 4492 IpFilterDriver - ok
14:20:12.0915 4492 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
14:20:12.0915 4492 iphlpsvc - ok
14:20:12.0930 4492 IpInIp - ok
14:20:12.0977 4492 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
14:20:12.0977 4492 IPMIDRV - ok
14:20:12.0993 4492 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
14:20:13.0008 4492 IPNAT - ok
14:20:13.0024 4492 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
14:20:13.0024 4492 IRENUM - ok
14:20:13.0055 4492 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
14:20:13.0055 4492 isapnp - ok
14:20:13.0117 4492 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
14:20:13.0133 4492 iScsiPrt - ok
14:20:13.0164 4492 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
14:20:13.0164 4492 iteatapi - ok
14:20:13.0195 4492 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
14:20:13.0195 4492 iteraid - ok
14:20:13.0211 4492 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
14:20:13.0211 4492 kbdclass - ok
14:20:13.0258 4492 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
14:20:13.0258 4492 kbdhid - ok
14:20:13.0305 4492 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:20:13.0305 4492 KeyIso - ok
14:20:13.0351 4492 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
14:20:13.0383 4492 KSecDD - ok
14:20:13.0429 4492 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
14:20:13.0429 4492 ksthunk - ok
14:20:13.0492 4492 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
14:20:13.0507 4492 KtmRm - ok
14:20:13.0554 4492 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
14:20:13.0570 4492 LanmanServer - ok
14:20:13.0632 4492 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
14:20:13.0663 4492 LanmanWorkstation - ok
14:20:13.0741 4492 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:20:13.0741 4492 LightScribeService - ok
14:20:13.0773 4492 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
14:20:13.0773 4492 lltdio - ok
14:20:13.0819 4492 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
14:20:13.0835 4492 lltdsvc - ok
14:20:13.0851 4492 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
14:20:13.0851 4492 lmhosts - ok
14:20:13.0975 4492 LMIGuardianSvc (dcc0c4bd277e7ee0cd171d7499a55035) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
14:20:13.0991 4492 LMIGuardianSvc - ok
14:20:14.0007 4492 LMIInfo - ok
14:20:14.0053 4492 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
14:20:14.0053 4492 lmimirr - ok
14:20:14.0053 4492 LMIRfsClientNP - ok
14:20:14.0069 4492 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
14:20:14.0069 4492 LMIRfsDriver - ok
14:20:14.0116 4492 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
14:20:14.0163 4492 LSI_FC - ok
14:20:14.0178 4492 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
14:20:14.0178 4492 LSI_SAS - ok
14:20:14.0209 4492 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
14:20:14.0209 4492 LSI_SCSI - ok
14:20:14.0225 4492 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
14:20:14.0241 4492 luafv - ok
14:20:14.0272 4492 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
14:20:14.0287 4492 Mcx2Svc - ok
14:20:14.0303 4492 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:20:14.0303 4492 mdmxsdk - ok
14:20:14.0365 4492 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
14:20:14.0365 4492 megasas - ok
14:20:14.0397 4492 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
14:20:14.0412 4492 MegaSR - ok
14:20:14.0459 4492 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
14:20:14.0475 4492 MMCSS - ok
14:20:14.0475 4492 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
14:20:14.0475 4492 Modem - ok
14:20:14.0537 4492 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
14:20:14.0537 4492 monitor - ok
14:20:14.0584 4492 motmodem (e90aba3c6f01be2c456c4aa857b28646) C:\Windows\system32\DRIVERS\motmodem.sys
14:20:14.0599 4492 motmodem - ok
14:20:14.0662 4492 MotoConnect Service (233c82f8fdc692c3512378995bdfabb6) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
14:20:14.0677 4492 MotoConnect Service - ok
14:20:14.0724 4492 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
14:20:14.0724 4492 mouclass - ok
14:20:14.0740 4492 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
14:20:14.0755 4492 mouhid - ok
14:20:14.0771 4492 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
14:20:14.0771 4492 MountMgr - ok
14:20:14.0802 4492 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
14:20:14.0802 4492 mpio - ok
14:20:14.0818 4492 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
14:20:14.0818 4492 mpsdrv - ok
14:20:14.0896 4492 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
14:20:14.0927 4492 MpsSvc - ok
14:20:14.0974 4492 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
14:20:14.0974 4492 Mraid35x - ok
14:20:14.0989 4492 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
14:20:15.0005 4492 MRxDAV - ok
14:20:15.0052 4492 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:20:15.0052 4492 mrxsmb - ok
14:20:15.0114 4492 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:20:15.0130 4492 mrxsmb10 - ok
14:20:15.0161 4492 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:20:15.0161 4492 mrxsmb20 - ok
14:20:15.0192 4492 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
14:20:15.0192 4492 msahci - ok
14:20:15.0223 4492 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
14:20:15.0223 4492 msdsm - ok
14:20:15.0270 4492 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
14:20:15.0270 4492 MSDTC - ok
14:20:15.0301 4492 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
14:20:15.0301 4492 Msfs - ok
14:20:15.0317 4492 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
14:20:15.0333 4492 msisadrv - ok
14:20:15.0364 4492 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
14:20:15.0379 4492 MSiSCSI - ok
14:20:15.0395 4492 msiserver - ok
14:20:15.0426 4492 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
14:20:15.0442 4492 MSKSSRV - ok
14:20:15.0473 4492 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
14:20:15.0473 4492 MSPCLOCK - ok
14:20:15.0473 4492 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
14:20:15.0489 4492 MSPQM - ok
14:20:15.0535 4492 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
14:20:15.0535 4492 MsRPC - ok
14:20:15.0567 4492 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
14:20:15.0567 4492 mssmbios - ok
14:20:15.0582 4492 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
14:20:15.0582 4492 MSTEE - ok
14:20:15.0598 4492 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
14:20:15.0598 4492 Mup - ok
14:20:15.0645 4492 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
14:20:15.0676 4492 napagent - ok
14:20:15.0723 4492 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
14:20:15.0769 4492 NativeWifiP - ok
14:20:15.0847 4492 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
14:20:15.0879 4492 NDIS - ok
14:20:15.0910 4492 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
14:20:15.0910 4492 NdisTapi - ok
14:20:15.0925 4492 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
14:20:15.0957 4492 Ndisuio - ok
14:20:16.0019 4492 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
14:20:16.0050 4492 NdisWan - ok
14:20:16.0066 4492 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
14:20:16.0066 4492 NDProxy - ok
14:20:16.0081 4492 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
14:20:16.0081 4492 NetBIOS - ok
14:20:16.0159 4492 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
14:20:16.0175 4492 netbt - ok
14:20:16.0206 4492 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:20:16.0222 4492 Netlogon - ok
14:20:16.0269 4492 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
14:20:16.0284 4492 Netman - ok
14:20:16.0315 4492 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
14:20:16.0331 4492 netprofm - ok
14:20:16.0393 4492 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:20:16.0409 4492 NetTcpPortSharing - ok
14:20:16.0440 4492 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
14:20:16.0440 4492 nfrd960 - ok
14:20:16.0503 4492 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
14:20:16.0518 4492 NlaSvc - ok
14:20:16.0549 4492 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
14:20:16.0565 4492 Npfs - ok
14:20:16.0581 4492 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
14:20:16.0581 4492 nsi - ok
14:20:16.0596 4492 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
14:20:16.0596 4492 nsiproxy - ok
14:20:16.0690 4492 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
14:20:16.0752 4492 Ntfs - ok
14:20:16.0815 4492 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
14:20:16.0815 4492 Null - ok
14:20:16.0908 4492 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys
14:20:16.0955 4492 NVENETFD - ok
14:20:17.0392 4492 nvlddmkm (155b6747e190342b20f9f0b4c34e96d2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:20:17.0610 4492 nvlddmkm - ok
14:20:17.0735 4492 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
14:20:17.0735 4492 nvraid - ok
14:20:17.0766 4492 nvsmu (16d36074b84da72d160233c8d132dc89) C:\Windows\system32\drivers\nvsmu.sys
14:20:17.0766 4492 nvsmu - ok
14:20:17.0782 4492 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
14:20:17.0782 4492 nvstor - ok
14:20:17.0844 4492 nvsvc (bd286596934ecea5e3da19cf98a89d1d) C:\Windows\system32\nvvsvc.exe
14:20:17.0860 4492 nvsvc - ok
14:20:17.0891 4492 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
14:20:17.0891 4492 nv_agp - ok
14:20:17.0891 4492 NwlnkFlt - ok
14:20:17.0907 4492 NwlnkFwd - ok
14:20:17.0969 4492 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
14:20:17.0969 4492 ohci1394 - ok
14:20:18.0047 4492 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:20:18.0063 4492 p2pimsvc - ok
14:20:18.0078 4492 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:20:18.0094 4492 p2psvc - ok
14:20:18.0141 4492 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
14:20:18.0141 4492 Parport - ok
14:20:18.0203 4492 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
14:20:18.0203 4492 partmgr - ok
14:20:18.0250 4492 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
14:20:18.0250 4492 PcaSvc - ok
14:20:18.0297 4492 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
14:20:18.0312 4492 pci - ok
14:20:18.0328 4492 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
14:20:18.0328 4492 pciide - ok
14:20:18.0375 4492 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
14:20:18.0390 4492 pcmcia - ok
14:20:18.0437 4492 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
14:20:18.0468 4492 PEAUTH - ok
14:20:18.0546 4492 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
14:20:18.0562 4492 PerfHost - ok
14:20:18.0655 4492 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
14:20:18.0718 4492 pla - ok
14:20:18.0765 4492 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
14:20:18.0780 4492 PlugPlay - ok
14:20:18.0843 4492 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:20:18.0858 4492 PNRPAutoReg - ok
14:20:18.0874 4492 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:20:18.0889 4492 PNRPsvc - ok
14:20:18.0952 4492 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
14:20:18.0967 4492 PolicyAgent - ok
14:20:18.0999 4492 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
14:20:19.0014 4492 PptpMiniport - ok
14:20:19.0045 4492 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
14:20:19.0045 4492 Processor - ok
14:20:19.0092 4492 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
14:20:19.0108 4492 ProfSvc - ok
14:20:19.0139 4492 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:20:19.0155 4492 ProtectedStorage - ok
14:20:19.0186 4492 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
14:20:19.0217 4492 Ps2 - ok
14:20:19.0248 4492 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
14:20:19.0248 4492 PSched - ok
14:20:19.0342 4492 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
14:20:19.0389 4492 ql2300 - ok
14:20:19.0404 4492 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
14:20:19.0404 4492 ql40xx - ok
14:20:19.0467 4492 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
14:20:19.0482 4492 QWAVE - ok
14:20:19.0529 4492 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
14:20:19.0529 4492 QWAVEdrv - ok
14:20:19.0545 4492 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
14:20:19.0545 4492 RasAcd - ok
14:20:19.0560 4492 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
14:20:19.0576 4492 RasAuto - ok
14:20:19.0623 4492 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:20:19.0654 4492 Rasl2tp - ok
14:20:19.0685 4492 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
14:20:19.0701 4492 RasMan - ok
14:20:19.0747 4492 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
14:20:19.0747 4492 RasPppoe - ok
14:20:19.0794 4492 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
14:20:19.0794 4492 RasSstp - ok
14:20:19.0857 4492 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
14:20:19.0872 4492 rdbss - ok
14:20:19.0903 4492 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:20:19.0903 4492 RDPCDD - ok
14:20:19.0950 4492 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
14:20:19.0966 4492 rdpdr - ok
14:20:19.0966 4492 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
14:20:19.0966 4492 RDPENCDD - ok
14:20:20.0028 4492 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
14:20:20.0044 4492 RDPWD - ok
14:20:20.0091 4492 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
14:20:20.0091 4492 RemoteAccess - ok
14:20:20.0153 4492 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
14:20:20.0169 4492 RemoteRegistry - ok
14:20:20.0184 4492 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
14:20:20.0184 4492 RpcLocator - ok
14:20:20.0262 4492 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
14:20:20.0278 4492 RpcSs - ok
14:20:20.0325 4492 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
14:20:20.0325 4492 rspndr - ok
14:20:20.0371 4492 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:20:20.0371 4492 SamSs - ok
14:20:20.0481 4492 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:20:20.0481 4492 SASDIFSV - ok
14:20:20.0496 4492 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:20:20.0496 4492 SASKUTIL - ok
14:20:20.0512 4492 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
14:20:20.0527 4492 sbp2port - ok
14:20:20.0668 4492 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
14:20:20.0699 4492 SBSDWSCService - ok
14:20:20.0746 4492 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
14:20:20.0761 4492 SCardSvr - ok
14:20:20.0839 4492 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
14:20:20.0871 4492 Schedule - ok
14:20:20.0902 4492 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
14:20:20.0902 4492 SCPolicySvc - ok
14:20:20.0949 4492 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
14:20:20.0964 4492 SDRSVC - ok
14:20:21.0042 4492 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:20:21.0042 4492 secdrv - ok
14:20:21.0058 4492 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
14:20:21.0058 4492 seclogon - ok
14:20:21.0073 4492 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
14:20:21.0073 4492 SENS - ok
14:20:21.0105 4492 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
14:20:21.0105 4492 Serenum - ok
14:20:21.0120 4492 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
14:20:21.0120 4492 Serial - ok
14:20:21.0151 4492 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
14:20:21.0151 4492 sermouse - ok
14:20:21.0183 4492 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
14:20:21.0198 4492 SessionEnv - ok
14:20:21.0214 4492 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
14:20:21.0214 4492 sffdisk - ok
14:20:21.0229 4492 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
14:20:21.0229 4492 sffp_mmc - ok
14:20:21.0245 4492 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
14:20:21.0245 4492 sffp_sd - ok
14:20:21.0261 4492 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
14:20:21.0276 4492 sfloppy - ok
14:20:21.0339 4492 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
14:20:21.0339 4492 SharedAccess - ok
14:20:21.0401 4492 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
14:20:21.0417 4492 ShellHWDetection - ok
14:20:21.0432 4492 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
14:20:21.0432 4492 SiSRaid2 - ok
14:20:21.0479 4492 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
14:20:21.0495 4492 SiSRaid4 - ok
14:20:21.0619 4492 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
14:20:21.0682 4492 slsvc - ok
14:20:21.0775 4492 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
14:20:21.0775 4492 SLUINotify - ok
14:20:21.0853 4492 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
14:20:21.0853 4492 Smb - ok
14:20:21.0900 4492 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
14:20:21.0916 4492 SNMPTRAP - ok
14:20:21.0963 4492 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
14:20:21.0963 4492 spldr - ok
14:20:21.0994 4492 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
14:20:22.0009 4492 Spooler - ok
14:20:22.0056 4492 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
14:20:22.0087 4492 srv - ok
14:20:22.0134 4492 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
14:20:22.0150 4492 srv2 - ok
14:20:22.0165 4492 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
14:20:22.0181 4492 srvnet - ok
14:20:22.0243 4492 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
14:20:22.0259 4492 SSDPSRV - ok
14:20:22.0290 4492 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
14:20:22.0306 4492 SstpSvc - ok
14:20:22.0368 4492 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
14:20:22.0399 4492 stisvc - ok
14:20:22.0446 4492 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
14:20:22.0446 4492 swenum - ok
14:20:22.0509 4492 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
14:20:22.0524 4492 swprv - ok
14:20:22.0540 4492 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
14:20:22.0555 4492 Symc8xx - ok
14:20:22.0571 4492 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
14:20:22.0571 4492 Sym_hi - ok
14:20:22.0587 4492 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
14:20:22.0587 4492 Sym_u3 - ok
14:20:22.0665 4492 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
14:20:22.0696 4492 SysMain - ok
14:20:22.0743 4492 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
14:20:22.0758 4492 TabletInputService - ok
14:20:22.0805 4492 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
14:20:22.0821 4492 TapiSrv - ok
14:20:22.0836 4492 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
14:20:22.0836 4492 TBS - ok
14:20:22.0930 4492 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
14:20:22.0992 4492 Tcpip - ok
14:20:23.0008 4492 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
14:20:23.0023 4492 Tcpip6 - ok
14:20:23.0070 4492 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
14:20:23.0086 4492 tcpipreg - ok
14:20:23.0117 4492 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
14:20:23.0133 4492 TDPIPE - ok
14:20:23.0148 4492 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
14:20:23.0148 4492 TDTCP - ok
14:20:23.0195 4492 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
14:20:23.0195 4492 tdx - ok
14:20:23.0257 4492 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
14:20:23.0257 4492 TermDD - ok
14:20:23.0320 4492 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
14:20:23.0335 4492 TermService - ok
14:20:23.0398 4492 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
14:20:23.0398 4492 Themes - ok
14:20:23.0445 4492 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
14:20:23.0460 4492 THREADORDER - ok
14:20:23.0491 4492 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
14:20:23.0507 4492 TrkWks - ok
14:20:23.0569 4492 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
14:20:23.0569 4492 TrustedInstaller - ok
14:20:23.0616 4492 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:20:23.0616 4492 tssecsrv - ok
14:20:23.0866 4492 TuneUp.UtilitiesSvc (8dd1f81749a966ea5a96cb2d89c9670c) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
14:20:23.0959 4492 TuneUp.UtilitiesSvc - ok
14:20:24.0147 4492 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
14:20:24.0147 4492 TuneUpUtilitiesDrv - ok
14:20:24.0271 4492 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
14:20:24.0271 4492 tunmp - ok
14:20:24.0318 4492 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
14:20:24.0318 4492 tunnel - ok
14:20:24.0349 4492 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
14:20:24.0349 4492 uagp35 - ok
14:20:24.0412 4492 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
14:20:24.0427 4492 udfs - ok
14:20:24.0474 4492 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
14:20:24.0474 4492 UI0Detect - ok
14:20:24.0505 4492 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
14:20:24.0505 4492 uliagpkx - ok
14:20:24.0537 4492 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
14:20:24.0552 4492 uliahci - ok
14:20:24.0568 4492 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
14:20:24.0583 4492 UlSata - ok
14:20:24.0599 4492 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
14:20:24.0615 4492 ulsata2 - ok
14:20:24.0630 4492 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
14:20:24.0661 4492 umbus - ok
14:20:24.0724 4492 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
14:20:24.0739 4492 upnphost - ok
14:20:24.0802 4492 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
14:20:24.0817 4492 usbccgp - ok
14:20:24.0864 4492 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
14:20:24.0864 4492 usbcir - ok
14:20:24.0911 4492 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
14:20:24.0911 4492 usbehci - ok
14:20:24.0973 4492 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
14:20:24.0973 4492 usbhub - ok
14:20:24.0989 4492 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
14:20:24.0989 4492 usbohci - ok
14:20:25.0036 4492 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
14:20:25.0036 4492 usbprint - ok
14:20:25.0067 4492 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
14:20:25.0067 4492 usbscan - ok
14:20:25.0114 4492 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:20:25.0114 4492 USBSTOR - ok
14:20:25.0239 4492 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
14:20:25.0239 4492 usbuhci - ok
14:20:25.0785 4492 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
14:20:25.0785 4492 UxSms - ok
14:20:25.0847 4492 UxTuneUp (1ca2321789a7188a36f376905daf9c0a) C:\Windows\System32\uxtuneup.dll
14:20:25.0863 4492 UxTuneUp - ok
14:20:25.0909 4492 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
14:20:25.0925 4492 vds - ok
14:20:26.0003 4492 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
14:20:26.0003 4492 vga - ok
14:20:26.0019 4492 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
14:20:26.0019 4492 VgaSave - ok
14:20:26.0050 4492 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
14:20:26.0050 4492 viaide - ok
14:20:26.0081 4492 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
14:20:26.0081 4492 volmgr - ok
14:20:26.0143 4492 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
14:20:26.0175 4492 volmgrx - ok
14:20:26.0253 4492 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
14:20:26.0268 4492 volsnap - ok
14:20:26.0299 4492 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
14:20:26.0315 4492 vsmraid - ok
14:20:26.0393 4492 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
14:20:26.0455 4492 VSS - ok
14:20:26.0752 4492 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
14:20:26.0783 4492 vToolbarUpdater12.1.5 - ok
14:20:26.0923 4492 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
14:20:26.0970 4492 W32Time - ok
14:20:27.0033 4492 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
14:20:27.0048 4492 WacomPen - ok
14:20:27.0111 4492 WajamUpdater (4aa2cc5979aff984227364f2c23b04f3) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
14:20:27.0142 4492 WajamUpdater - ok
14:20:27.0189 4492 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:20:27.0204 4492 Wanarp - ok
14:20:27.0204 4492 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:20:27.0204 4492 Wanarpv6 - ok
14:20:27.0267 4492 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
14:20:27.0298 4492 wcncsvc - ok
14:20:27.0329 4492 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
14:20:27.0345 4492 WcsPlugInService - ok
14:20:27.0376 4492 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
14:20:27.0376 4492 Wd - ok
14:20:27.0454 4492 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
14:20:27.0469 4492 Wdf01000 - ok
14:20:27.0485 4492 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
14:20:27.0485 4492 WdiServiceHost - ok
14:20:27.0501 4492 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
14:20:27.0501 4492 WdiSystemHost - ok
14:20:27.0563 4492 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
14:20:27.0594 4492 WebClient - ok
14:20:27.0641 4492 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
14:20:27.0657 4492 Wecsvc - ok
14:20:27.0781 4492 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
14:20:27.0797 4492 wercplsupport - ok
14:20:27.0813 4492 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
14:20:27.0828 4492 WerSvc - ok
14:20:27.0906 4492 winachsf (0208b357535431071193a7b534f5cfef) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
14:20:27.0969 4492 winachsf - ok
14:20:28.0031 4492 WinDefend - ok
14:20:28.0047 4492 WinHttpAutoProxySvc - ok
14:20:28.0187 4492 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
14:20:28.0203 4492 Winmgmt - ok
14:20:28.0359 4492 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
14:20:28.0405 4492 WinRM - ok
14:20:28.0530 4492 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
14:20:28.0546 4492 Wlansvc - ok
14:20:28.0608 4492 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:20:28.0608 4492 WmiAcpi - ok
14:20:28.0686 4492 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
14:20:28.0702 4492 wmiApSrv - ok
14:20:28.0749 4492 WMPNetworkSvc - ok
14:20:28.0795 4492 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
14:20:28.0811 4492 WPCSvc - ok
14:20:28.0858 4492 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
14:20:28.0873 4492 WPDBusEnum - ok
14:20:28.0905 4492 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
14:20:28.0920 4492 WpdUsb - ok
14:20:29.0092 4492 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:20:29.0139 4492 WPFFontCache_v0400 - ok
14:20:29.0170 4492 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
14:20:29.0170 4492 ws2ifsl - ok
14:20:29.0201 4492 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
14:20:29.0217 4492 wscsvc - ok
14:20:29.0217 4492 WSearch - ok
14:20:29.0373 4492 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:20:29.0451 4492 wuauserv - ok
14:20:29.0560 4492 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:20:29.0575 4492 WUDFRd - ok
14:20:29.0607 4492 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
14:20:29.0622 4492 wudfsvc - ok
14:20:29.0638 4492 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
14:20:29.0638 4492 XAudio - ok
14:20:29.0685 4492 XAudioService (963c27034bba4ac52a13f7a3c657c708) C:\Windows\system32\DRIVERS\xaudio64.exe
14:20:29.0700 4492 XAudioService - ok
14:20:29.0716 4492 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
14:20:30.0121 4492 \Device\Harddisk0\DR0 - ok
14:20:30.0121 4492 Boot (0x1200) (c6eeb40256b0b06c45edaefbd0bf17b0) \Device\Harddisk0\DR0\Partition0
14:20:30.0121 4492 \Device\Harddisk0\DR0\Partition0 - ok
14:20:30.0137 4492 Boot (0x1200) (d2c1cfd2680ebb7eca1a49f34236c2fe) \Device\Harddisk0\DR0\Partition1
14:20:30.0137 4492 \Device\Harddisk0\DR0\Partition1 - ok
14:20:30.0137 4492 ============================================================
14:20:30.0137 4492 Scan finished
14:20:30.0137 4492 ============================================================
14:20:30.0153 1428 Detected object count: 0
14:20:30.0153 1428 Actual detected object count: 0

AVAST LOG:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-11 14:22:19
-----------------------------
14:22:19.103 OS Version: Windows x64 6.0.6002 Service Pack 2
14:22:19.103 Number of processors: 2 586 0xF0D
14:22:19.103 ComputerName: ALEX-PC UserName: Alex
14:22:19.977 Initialize success
14:23:11.414 AVAST engine defs: 12081100
14:25:36.541 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
14:25:36.541 Disk 0 Vendor: ST3250310AS 3.AHC Size: 238475MB BusType: 3
14:25:36.556 Disk 0 MBR read successfully
14:25:36.572 Disk 0 MBR scan
14:25:36.588 Disk 0 unknown MBR code
14:25:36.588 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 225227 MB offset 63
14:25:36.619 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13244 MB offset 461265840
14:25:36.666 Disk 0 scanning C:\Windows\system32\drivers
14:25:48.428 Service scanning
14:26:16.414 Modules scanning
14:26:16.414 Disk 0 trace - called modules:
14:26:16.430 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:26:16.446 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80029d7190]
14:26:16.446 3 CLASSPNP.SYS[fffffa6000fcfc33] -> nt!IofCallDriver -> [0xfffffa8002779520]
14:26:16.461 5 acpi.sys[fffffa60008f2fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8002782940]
14:26:17.413 AVAST engine scan C:\Windows
14:26:21.266 AVAST engine scan C:\Windows\system32
14:30:12.957 AVAST engine scan C:\Windows\system32\drivers
14:30:26.982 AVAST engine scan C:\Users\Alex
14:35:37.890 AVAST engine scan C:\ProgramData
14:41:03.415 Scan finished successfully
14:45:50.470 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
14:45:50.470 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 PM

Posted 11 August 2012 - 01:54 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Yontoo
c:\programdata\Tarma Installer

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 PM

Posted 14 August 2012 - 12:23 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 PM

Posted 17 August 2012 - 10:28 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 PM

Posted 20 August 2012 - 12:03 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users