Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure if scanners caught Virtumonde etc.


  • This topic is locked This topic is locked
56 replies to this topic

#1 Fairdeal

Fairdeal

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 10 August 2012 - 11:23 AM

This is my MotherInLaw's Dell portable computer running Vista and although I've run AVG, Spybot, EST, AVAST and SFC /Scannow and it's behaving ok and quite usable I'm convinced it's not 'clean' yet. Windows Update just stalls and occassionaly google gets directed to an AVG search engine. I ran DDS easily enough and I've posted that log below but when I ran GMER the first time it stalled at windows\WER\ReportQueue the second time even after letting it run overnight it seemed to be stuck in a loop in the WER\ReportQueue directory. Both times it did allowed me to save a log file and I've attached both of these.
All the scans were done in safe mode.
Another clue is that when I bootup in safe mode and the files get listed from the command prompt it seemed to get stuck at the crcdsk file although after a while it proceeded.
Immunized files include opachki.ru, virtumonde.dll, virtumonde.sdn, win32.adload.r, coolwwwsearch.cameup and others I didn't write down.
Here's hoping it can be solved without reinstalling the OS.
Thanks so much for your help:
.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702
Run by Main at 22:24:37 on 2012-08-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1604 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080627
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - No File
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [googletalk] c:\users\tarryn\appdata\roaming\google\google talk\googletalk.exe /autostart
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\adobe photoshop lightroom 1.4\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} - hxxp://www.blackberry.com/devicesoftware/AxLoader.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
TCP: Interfaces\{CF9D1887-E502-45EB-8F98-021EE154CFA0} : DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
TCP: Interfaces\{FAEE0131-65CE-40AB-AD7B-898E1F4D2D06} : DhcpNameServer = 69.65.192.1 129.118.1.9
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\main\appdata\roaming\mozilla\firefox\profiles\s823i5zv.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
.
============= SERVICES / DRIVERS ===============
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-6-27 73728]
S2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-7-2 809296]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-6-27 179712]
S3 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S3 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-23 1373480]
.
=============== Created Last 30 ================
.
2012-08-07 16:04:33 -------- d-----w- c:\programdata\AVAST Software
2012-08-07 16:04:33 -------- d-----w- c:\program files\AVAST Software
2012-08-06 04:02:46 -------- d-----w- c:\users\main\appdata\roaming\SUPERAntiSpyware.com
2012-08-06 04:01:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-06 04:01:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-06 01:16:56 -------- d-----w- C:\785001842a4494b28f
2012-08-05 23:24:16 -------- d-----w- c:\users\main\appdata\roaming\Ad-Aware Antivirus
2012-08-05 23:19:01 -------- d-----w- c:\users\main\appdata\local\Sunbelt Software
2012-08-05 17:44:21 -------- d-----w- c:\users\main\appdata\local\AVG Secure Search
2012-08-05 17:44:13 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-05 17:43:20 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-08-05 17:43:17 -------- d-----w- c:\program files\AVG Secure Search
2012-08-05 17:38:44 -------- d--h--w- C:\$AVG
2012-08-04 17:56:25 -------- d-----w- c:\users\main\appdata\roaming\Malwarebytes
2012-08-04 17:56:11 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 17:56:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-02 20:55:37 -------- d-----w- c:\programdata\AVG2012
2012-08-02 20:47:42 -------- d--h--w- c:\programdata\Common Files
2012-08-02 20:47:42 -------- d-----w- c:\programdata\MFAData
2012-07-11 13:06:15 -------- d-sh--w- C:\found.002
.
==================== Find3M ====================
.
.
============= FINISH: 22:28:06.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 AM

Posted 12 August 2012 - 12:57 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Fairdeal

Fairdeal
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 12 August 2012 - 02:42 PM

Gringo,
Both programs downloaded fine. When I tried to run them neither worked in standard mode. When I rebooted in SafeMode I managed to run Combofix and show the log below (although it did give me a message abount not running as an adminstrator even though I was running from the Admin User). The SecurityCheck program just comes up with "securitycheck.exe is not a valid Win32 application" and doesn't even run in SafeMode even after a restart.
I wan't too clear with your:
Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
"information and logs"

I did get that message when I ran Notepad and couldn't start it.

Thanks.
Fairdeal



ComboFix 12-08-10.02 - Main 08/12/2012 13:39:42.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1636 [GMT -5:00]
Running from: c:\users\Main\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 18:50 . 2012-08-12 18:50 -------- d-----w- c:\users\Main\AppData\Local\temp
2012-08-12 18:50 . 2012-08-12 18:50 -------- d-----w- c:\users\Tarryn\AppData\Local\temp
2012-08-12 18:50 . 2012-08-12 18:50 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-12 18:50 . 2012-08-12 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 16:04 . 2012-08-07 16:04 -------- d-----w- c:\program files\AVAST Software
2012-08-06 04:02 . 2012-08-06 04:02 -------- d-----w- c:\users\Main\AppData\Roaming\SUPERAntiSpyware.com
2012-08-06 04:01 . 2012-08-06 04:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-06 01:16 . 2012-08-06 01:16 -------- d-----w- C:\785001842a4494b28f
2012-08-05 23:24 . 2012-08-05 23:24 -------- d-----w- c:\users\Main\AppData\Roaming\Ad-Aware Antivirus
2012-08-05 23:19 . 2012-08-05 23:19 -------- d-----w- c:\users\Main\AppData\Local\Sunbelt Software
2012-08-05 17:44 . 2012-08-05 17:44 -------- d-----w- c:\users\Main\AppData\Local\AVG Secure Search
2012-08-05 17:43 . 2012-08-05 17:43 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-05 17:43 . 2012-08-05 17:44 -------- d-----w- c:\program files\AVG Secure Search
2012-08-05 17:38 . 2012-08-05 17:38 -------- d-----w- C:\$AVG
2012-08-04 17:56 . 2012-08-04 17:56 -------- d-----w- c:\users\Main\AppData\Roaming\Malwarebytes
2012-08-04 17:56 . 2012-08-04 17:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-02 20:51 . 2012-08-02 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-27 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Main^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-773118394-718012962-2229649070-1000Core.job
- c:\users\Tarryn\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-24 15:36]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-773118394-718012962-2229649070-1000UA.job
- c:\users\Tarryn\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-24 15:36]
.
2012-08-12 c:\windows\Tasks\User_Feed_Synchronization-{D1F4FC8A-9CC1-4C22-A6F2-4FE986354A2A}.job
- c:\windows\system32\msfeedssync.exe [2009-07-15 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
FF - ProfilePath - c:\users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\s823i5zv.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-12 13:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-12 13:52:16
ComboFix-quarantined-files.txt 2012-08-12 18:52
ComboFix2.txt 2012-08-12 17:06
.
Pre-Run: 232,891,322,368 bytes free
Post-Run: 232,809,775,104 bytes free
.
- - End Of File - - D0AE6B22924D6D3DA03593F5991270F8

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 AM

Posted 12 August 2012 - 02:44 PM

Greetings

If you receive that error again just shut off the computer and turn it back on

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Fairdeal

Fairdeal
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 12 August 2012 - 04:42 PM

Gringo,
Thanks for immediately responding. The tdskiller program worked fine and I am showing it below. The awwMBR program scanned until it stalled at: Scanning C:\ProgramData\Microsoft|IdentityCRL\ppcrlui.dll I saved the log file at that point and it did seem to complete the scan after that. That log file is also below.

15:11:45.0626 2248 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:11:46.0718 2248 ============================================================
15:11:46.0718 2248 Current date / time: 2012/08/12 15:11:46.0718
15:11:46.0718 2248 SystemInfo:
15:11:46.0718 2248
15:11:46.0718 2248 OS Version: 6.0.6002 ServicePack: 2.0
15:11:46.0718 2248 Product type: Workstation
15:11:46.0718 2248 ComputerName: TARRYN-PC
15:11:46.0718 2248 UserName: Main
15:11:46.0718 2248 Windows directory: C:\Windows
15:11:46.0718 2248 System windows directory: C:\Windows
15:11:46.0718 2248 Processor architecture: Intel x86
15:11:46.0718 2248 Number of processors: 2
15:11:46.0718 2248 Page size: 0x1000
15:11:46.0718 2248 Boot type: Normal boot
15:11:46.0718 2248 ============================================================
15:11:47.0170 2248 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:11:47.0170 2248 ============================================================
15:11:47.0170 2248 \Device\Harddisk0\DR0:
15:11:47.0170 2248 MBR partitions:
15:11:47.0170 2248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x1400000
15:11:47.0170 2248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x142B800, BlocksNum 0x23B027F8
15:11:47.0186 2248 ============================================================
15:11:47.0248 2248 C: <-> \Device\Harddisk0\DR0\Partition1
15:11:47.0279 2248 D: <-> \Device\Harddisk0\DR0\Partition0
15:11:47.0279 2248 ============================================================
15:11:47.0279 2248 Initialize success
15:11:47.0279 2248 ============================================================
15:12:06.0140 3416 ============================================================
15:12:06.0140 3416 Scan started
15:12:06.0140 3416 Mode: Manual;
15:12:06.0140 3416 ============================================================
15:12:09.0322 3416 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:12:09.0572 3416 ACPI - ok
15:12:09.0681 3416 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:12:09.0696 3416 Adobe LM Service - ok
15:12:09.0774 3416 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:12:09.0790 3416 adp94xx - ok
15:12:09.0837 3416 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:12:09.0837 3416 adpahci - ok
15:12:09.0899 3416 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:12:09.0899 3416 adpu160m - ok
15:12:09.0915 3416 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:12:09.0930 3416 adpu320 - ok
15:12:09.0977 3416 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:12:09.0977 3416 AeLookupSvc - ok
15:12:10.0040 3416 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\system32\aestsrv.exe
15:12:10.0040 3416 AESTFilters - ok
15:12:10.0149 3416 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
15:12:10.0180 3416 AFD - ok
15:12:10.0227 3416 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:12:10.0227 3416 agp440 - ok
15:12:10.0274 3416 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:12:10.0274 3416 aic78xx - ok
15:12:10.0289 3416 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:12:10.0289 3416 ALG - ok
15:12:10.0305 3416 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:12:10.0305 3416 aliide - ok
15:12:10.0352 3416 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:12:10.0352 3416 amdagp - ok
15:12:10.0367 3416 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:12:10.0367 3416 amdide - ok
15:12:10.0414 3416 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:12:10.0414 3416 AmdK7 - ok
15:12:10.0430 3416 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:12:10.0430 3416 AmdK8 - ok
15:12:10.0461 3416 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
15:12:10.0476 3416 ApfiltrService - ok
15:12:10.0523 3416 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:12:10.0523 3416 Appinfo - ok
15:12:10.0664 3416 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:12:10.0679 3416 Apple Mobile Device - ok
15:12:10.0726 3416 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:12:10.0726 3416 arc - ok
15:12:10.0773 3416 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:12:10.0788 3416 arcsas - ok
15:12:10.0820 3416 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:12:10.0820 3416 AsyncMac - ok
15:12:10.0866 3416 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:12:10.0866 3416 atapi - ok
15:12:10.0944 3416 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:12:10.0944 3416 AudioEndpointBuilder - ok
15:12:10.0960 3416 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:12:10.0960 3416 Audiosrv - ok
15:12:11.0038 3416 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:12:11.0038 3416 b57nd60x - ok
15:12:11.0069 3416 BCM42RLY - ok
15:12:11.0163 3416 BCM43XX (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:12:11.0210 3416 BCM43XX - ok
15:12:11.0272 3416 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:12:11.0272 3416 Beep - ok
15:12:11.0350 3416 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:12:11.0366 3416 BFE - ok
15:12:11.0490 3416 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
15:12:11.0506 3416 BITS - ok
15:12:11.0553 3416 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:12:11.0553 3416 blbdrive - ok
15:12:11.0646 3416 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
15:12:11.0693 3416 Bonjour Service - ok
15:12:11.0756 3416 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
15:12:11.0771 3416 bowser - ok
15:12:11.0802 3416 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:12:11.0802 3416 BrFiltLo - ok
15:12:11.0818 3416 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:12:11.0818 3416 BrFiltUp - ok
15:12:11.0849 3416 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:12:11.0849 3416 Browser - ok
15:12:11.0880 3416 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:12:11.0880 3416 Brserid - ok
15:12:11.0896 3416 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:12:11.0896 3416 BrSerWdm - ok
15:12:11.0912 3416 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:12:11.0912 3416 BrUsbMdm - ok
15:12:11.0927 3416 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:12:11.0927 3416 BrUsbSer - ok
15:12:11.0990 3416 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
15:12:11.0990 3416 BthEnum - ok
15:12:12.0052 3416 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
15:12:12.0052 3416 BTHMODEM - ok
15:12:12.0114 3416 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
15:12:12.0114 3416 BthPan - ok
15:12:12.0177 3416 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
15:12:12.0224 3416 BTHPORT - ok
15:12:12.0270 3416 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
15:12:12.0270 3416 BthServ - ok
15:12:12.0302 3416 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
15:12:12.0302 3416 BTHUSB - ok
15:12:12.0380 3416 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
15:12:12.0380 3416 btwaudio - ok
15:12:12.0442 3416 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
15:12:12.0442 3416 btwavdt - ok
15:12:12.0489 3416 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
15:12:12.0504 3416 btwrchid - ok
15:12:12.0660 3416 catchme - ok
15:12:12.0692 3416 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:12:12.0692 3416 cdfs - ok
15:12:12.0754 3416 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:12:12.0754 3416 cdrom - ok
15:12:12.0816 3416 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:12:12.0832 3416 CertPropSvc - ok
15:12:12.0848 3416 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:12:12.0848 3416 circlass - ok
15:12:12.0879 3416 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:12:12.0894 3416 CLFS - ok
15:12:12.0988 3416 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:12:13.0004 3416 clr_optimization_v2.0.50727_32 - ok
15:12:13.0050 3416 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:12:13.0050 3416 CmBatt - ok
15:12:13.0082 3416 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:12:13.0082 3416 cmdide - ok
15:12:13.0097 3416 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:12:13.0113 3416 Compbatt - ok
15:12:13.0113 3416 COMSysApp - ok
15:12:13.0128 3416 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:12:13.0128 3416 crcdisk - ok
15:12:13.0160 3416 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:12:13.0160 3416 Crusoe - ok
15:12:13.0222 3416 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
15:12:13.0238 3416 CryptSvc - ok
15:12:13.0347 3416 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:12:13.0362 3416 DcomLaunch - ok
15:12:13.0440 3416 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
15:12:13.0440 3416 DfsC - ok
15:12:13.0534 3416 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:12:13.0550 3416 Dhcp - ok
15:12:13.0581 3416 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:12:13.0581 3416 disk - ok
15:12:13.0659 3416 Dnscache (30a08728740e71947ae1e073b5ce69b4) C:\Windows\System32\dnsrslvr.dll
15:12:13.0674 3416 Dnscache - ok
15:12:13.0784 3416 DockLoginService (13511564cac5a005255765e322c16967) C:\Program Files\Dell\DellDock\DockLogin.exe
15:12:13.0784 3416 DockLoginService - ok
15:12:13.0862 3416 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:12:13.0877 3416 dot3svc - ok
15:12:13.0940 3416 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
15:12:13.0955 3416 Dot4 - ok
15:12:14.0002 3416 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:12:14.0002 3416 Dot4Print - ok
15:12:14.0033 3416 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
15:12:14.0033 3416 dot4usb - ok
15:12:14.0096 3416 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:12:14.0096 3416 DPS - ok
15:12:14.0142 3416 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:12:14.0158 3416 drmkaud - ok
15:12:14.0236 3416 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
15:12:14.0283 3416 DXGKrnl - ok
15:12:14.0361 3416 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
15:12:14.0376 3416 e1express - ok
15:12:14.0423 3416 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:12:14.0423 3416 E1G60 - ok
15:12:14.0454 3416 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:12:14.0454 3416 EapHost - ok
15:12:14.0532 3416 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:12:14.0532 3416 Ecache - ok
15:12:14.0610 3416 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
15:12:14.0626 3416 ehRecvr - ok
15:12:14.0642 3416 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
15:12:14.0657 3416 ehSched - ok
15:12:14.0673 3416 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
15:12:14.0673 3416 ehstart - ok
15:12:14.0735 3416 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:12:14.0735 3416 elxstor - ok
15:12:14.0844 3416 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:12:14.0891 3416 EMDMgmt - ok
15:12:14.0938 3416 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:12:14.0938 3416 ErrDev - ok
15:12:15.0032 3416 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:12:15.0047 3416 EventSystem - ok
15:12:15.0094 3416 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:12:15.0094 3416 exfat - ok
15:12:15.0156 3416 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:12:15.0156 3416 fastfat - ok
15:12:15.0219 3416 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:12:15.0219 3416 fdc - ok
15:12:15.0250 3416 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:12:15.0250 3416 fdPHost - ok
15:12:15.0266 3416 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:12:15.0266 3416 FDResPub - ok
15:12:15.0297 3416 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:12:15.0297 3416 FileInfo - ok
15:12:15.0312 3416 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:12:15.0312 3416 Filetrace - ok
15:12:15.0328 3416 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:12:15.0344 3416 flpydisk - ok
15:12:15.0375 3416 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:12:15.0375 3416 FltMgr - ok
15:12:15.0468 3416 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:12:15.0468 3416 FontCache3.0.0.0 - ok
15:12:15.0500 3416 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:12:15.0500 3416 Fs_Rec - ok
15:12:15.0515 3416 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:12:15.0515 3416 gagp30kx - ok
15:12:15.0578 3416 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
15:12:15.0578 3416 GEARAspiWDM - ok
15:12:15.0656 3416 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:12:15.0687 3416 gpsvc - ok
15:12:15.0827 3416 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:12:15.0843 3416 gusvc - ok
15:12:15.0921 3416 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:12:15.0968 3416 HDAudBus - ok
15:12:16.0014 3416 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:12:16.0014 3416 HidBth - ok
15:12:16.0030 3416 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:12:16.0030 3416 HidIr - ok
15:12:16.0077 3416 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
15:12:16.0077 3416 hidserv - ok
15:12:16.0124 3416 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:12:16.0124 3416 HidUsb - ok
15:12:16.0155 3416 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:12:16.0155 3416 hkmsvc - ok
15:12:16.0170 3416 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:12:16.0170 3416 HpCISSs - ok
15:12:16.0295 3416 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:12:16.0342 3416 HSF_DPV - ok
15:12:16.0373 3416 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:12:16.0436 3416 HSXHWAZL - ok
15:12:16.0514 3416 HTTP (abbc72793f1c588b1a7db0cac69a4fe8) C:\Windows\system32\drivers\HTTP.sys
15:12:16.0529 3416 HTTP - ok
15:12:16.0592 3416 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:12:16.0592 3416 i2omp - ok
15:12:16.0638 3416 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:12:16.0638 3416 i8042prt - ok
15:12:16.0685 3416 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
15:12:16.0701 3416 iaStor - ok
15:12:16.0716 3416 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:12:16.0716 3416 iaStorV - ok
15:12:16.0872 3416 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:12:16.0872 3416 IDriverT - ok
15:12:17.0013 3416 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:12:17.0028 3416 idsvc - ok
15:12:17.0247 3416 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:12:17.0325 3416 igfx - ok
15:12:17.0450 3416 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:12:17.0450 3416 iirsp - ok
15:12:17.0528 3416 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:12:17.0574 3416 IKEEXT - ok
15:12:17.0606 3416 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
15:12:17.0606 3416 intelide - ok
15:12:17.0652 3416 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:12:17.0652 3416 intelppm - ok
15:12:17.0684 3416 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:12:17.0684 3416 IPBusEnum - ok
15:12:17.0699 3416 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:12:17.0699 3416 IpFilterDriver - ok
15:12:17.0762 3416 iphlpsvc (7f83b06a929a981bc001b2ea304d2036) C:\Windows\System32\iphlpsvc.dll
15:12:17.0777 3416 iphlpsvc - ok
15:12:17.0777 3416 IpInIp - ok
15:12:17.0824 3416 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:12:17.0824 3416 IPMIDRV - ok
15:12:17.0855 3416 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:12:17.0855 3416 IPNAT - ok
15:12:17.0980 3416 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe
15:12:17.0996 3416 iPod Service - ok
15:12:18.0042 3416 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:12:18.0042 3416 IRENUM - ok
15:12:18.0074 3416 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:12:18.0074 3416 isapnp - ok
15:12:18.0152 3416 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:12:18.0183 3416 iScsiPrt - ok
15:12:18.0214 3416 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:12:18.0214 3416 iteatapi - ok
15:12:18.0261 3416 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:12:18.0261 3416 iteraid - ok
15:12:18.0276 3416 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:12:18.0276 3416 kbdclass - ok
15:12:18.0308 3416 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:12:18.0308 3416 kbdhid - ok
15:12:18.0323 3416 KeyIso (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
15:12:18.0339 3416 KeyIso - ok
15:12:18.0417 3416 KSecDD (ea7f1d605518486269f45bd80fa00907) C:\Windows\system32\Drivers\ksecdd.sys
15:12:18.0432 3416 KSecDD - ok
15:12:18.0510 3416 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:12:18.0573 3416 KtmRm - ok
15:12:18.0635 3416 LanmanServer (43446f197c74ef2030f84b3a4f39d570) C:\Windows\System32\srvsvc.dll
15:12:18.0635 3416 LanmanServer - ok
15:12:18.0682 3416 LanmanWorkstation (dec1a338b86c5d582c25c40836dd76c3) C:\Windows\System32\wkssvc.dll
15:12:18.0682 3416 LanmanWorkstation - ok
15:12:18.0932 3416 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
15:12:18.0994 3416 Lavasoft Ad-Aware Service - ok
15:12:19.0119 3416 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
15:12:19.0119 3416 Lavasoft Kernexplorer - ok
15:12:19.0259 3416 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:12:19.0259 3416 lltdio - ok
15:12:19.0306 3416 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:12:19.0322 3416 lltdsvc - ok
15:12:19.0368 3416 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:12:19.0368 3416 lmhosts - ok
15:12:19.0400 3416 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:12:19.0400 3416 LSI_FC - ok
15:12:19.0431 3416 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:12:19.0431 3416 LSI_SAS - ok
15:12:19.0478 3416 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:12:19.0478 3416 LSI_SCSI - ok
15:12:19.0493 3416 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:12:19.0493 3416 luafv - ok
15:12:19.0540 3416 lxdq_device - ok
15:12:19.0571 3416 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
15:12:19.0571 3416 Mcx2Svc - ok
15:12:19.0587 3416 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:12:19.0602 3416 mdmxsdk - ok
15:12:19.0649 3416 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:12:19.0649 3416 megasas - ok
15:12:19.0712 3416 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:12:19.0727 3416 MegaSR - ok
15:12:19.0805 3416 Microsoft Office Groove Audit Service (033b947af4a997820e86fcb070b1f450) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:12:19.0805 3416 Microsoft Office Groove Audit Service - ok
15:12:19.0836 3416 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:12:19.0836 3416 MMCSS - ok
15:12:19.0868 3416 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:12:19.0868 3416 Modem - ok
15:12:19.0914 3416 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:12:19.0914 3416 monitor - ok
15:12:19.0930 3416 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:12:19.0930 3416 mouclass - ok
15:12:19.0930 3416 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:12:19.0930 3416 mouhid - ok
15:12:19.0946 3416 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:12:19.0946 3416 MountMgr - ok
15:12:19.0992 3416 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:12:19.0992 3416 mpio - ok
15:12:20.0024 3416 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:12:20.0039 3416 mpsdrv - ok
15:12:20.0102 3416 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:12:20.0117 3416 MpsSvc - ok
15:12:20.0164 3416 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:12:20.0164 3416 Mraid35x - ok
15:12:20.0211 3416 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:12:20.0211 3416 MRxDAV - ok
15:12:20.0226 3416 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:12:20.0226 3416 mrxsmb - ok
15:12:20.0258 3416 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:12:20.0273 3416 mrxsmb10 - ok
15:12:20.0320 3416 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:12:20.0320 3416 mrxsmb20 - ok
15:12:20.0336 3416 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
15:12:20.0351 3416 msahci - ok
15:12:20.0367 3416 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:12:20.0367 3416 msdsm - ok
15:12:20.0398 3416 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:12:20.0398 3416 MSDTC - ok
15:12:20.0445 3416 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:12:20.0445 3416 Msfs - ok
15:12:20.0492 3416 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:12:20.0492 3416 msisadrv - ok
15:12:20.0523 3416 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:12:20.0538 3416 MSiSCSI - ok
15:12:20.0554 3416 msiserver - ok
15:12:20.0570 3416 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:12:20.0570 3416 MSKSSRV - ok
15:12:20.0601 3416 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:12:20.0601 3416 MSPCLOCK - ok
15:12:20.0616 3416 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:12:20.0616 3416 MSPQM - ok
15:12:20.0679 3416 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:12:20.0694 3416 MsRPC - ok
15:12:20.0741 3416 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:12:20.0741 3416 mssmbios - ok
15:12:20.0757 3416 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:12:20.0757 3416 MSTEE - ok
15:12:20.0819 3416 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:12:20.0819 3416 Mup - ok
15:12:20.0882 3416 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:12:20.0897 3416 napagent - ok
15:12:20.0975 3416 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:12:21.0006 3416 NativeWifiP - ok
15:12:21.0147 3416 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:12:21.0162 3416 NDIS - ok
15:12:21.0209 3416 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:12:21.0225 3416 NdisTapi - ok
15:12:21.0225 3416 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:12:21.0225 3416 Ndisuio - ok
15:12:21.0272 3416 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:12:21.0272 3416 NdisWan - ok
15:12:21.0287 3416 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:12:21.0287 3416 NDProxy - ok
15:12:21.0365 3416 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
15:12:21.0365 3416 Net Driver HPZ12 - ok
15:12:21.0381 3416 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:12:21.0381 3416 NetBIOS - ok
15:12:21.0443 3416 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:12:21.0459 3416 netbt - ok
15:12:21.0474 3416 Netlogon (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
15:12:21.0474 3416 Netlogon - ok
15:12:21.0537 3416 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:12:21.0552 3416 Netman - ok
15:12:21.0599 3416 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:12:21.0599 3416 netprofm - ok
15:12:21.0677 3416 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:12:21.0693 3416 NetTcpPortSharing - ok
15:12:21.0740 3416 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:12:21.0740 3416 nfrd960 - ok
15:12:21.0771 3416 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:12:21.0786 3416 NlaSvc - ok
15:12:21.0849 3416 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:12:21.0849 3416 Npfs - ok
15:12:21.0864 3416 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:12:21.0864 3416 nsi - ok
15:12:21.0880 3416 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:12:21.0880 3416 nsiproxy - ok
15:12:22.0052 3416 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:12:22.0114 3416 Ntfs - ok
15:12:22.0145 3416 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:12:22.0145 3416 ntrigdigi - ok
15:12:22.0176 3416 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:12:22.0176 3416 Null - ok
15:12:22.0208 3416 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:12:22.0223 3416 nvraid - ok
15:12:22.0254 3416 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:12:22.0254 3416 nvstor - ok
15:12:22.0286 3416 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:12:22.0286 3416 nv_agp - ok
15:12:22.0286 3416 NwlnkFlt - ok
15:12:22.0286 3416 NwlnkFwd - ok
15:12:22.0488 3416 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:12:22.0504 3416 odserv - ok
15:12:22.0566 3416 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
15:12:22.0582 3416 OEM02Dev - ok
15:12:22.0613 3416 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
15:12:22.0613 3416 OEM02Vfx - ok
15:12:22.0676 3416 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:12:22.0676 3416 ohci1394 - ok
15:12:22.0738 3416 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:12:22.0754 3416 ose - ok
15:12:22.0894 3416 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:12:22.0956 3416 p2pimsvc - ok
15:12:22.0972 3416 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:12:22.0988 3416 p2psvc - ok
15:12:23.0050 3416 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:12:23.0050 3416 Parport - ok
15:12:23.0128 3416 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:12:23.0144 3416 partmgr - ok
15:12:23.0159 3416 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:12:23.0159 3416 Parvdm - ok
15:12:23.0175 3416 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:12:23.0175 3416 PcaSvc - ok
15:12:23.0268 3416 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:12:23.0284 3416 pci - ok
15:12:23.0346 3416 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
15:12:23.0346 3416 pciide - ok
15:12:23.0378 3416 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:12:23.0378 3416 pcmcia - ok
15:12:23.0487 3416 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:12:23.0502 3416 PEAUTH - ok
15:12:23.0674 3416 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:12:23.0736 3416 pla - ok
15:12:23.0924 3416 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:12:23.0955 3416 PlugPlay - ok
15:12:24.0033 3416 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
15:12:24.0033 3416 Pml Driver HPZ12 - ok
15:12:24.0111 3416 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:12:24.0173 3416 PNRPAutoReg - ok
15:12:24.0189 3416 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:12:24.0189 3416 PNRPsvc - ok
15:12:24.0267 3416 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:12:24.0329 3416 PolicyAgent - ok
15:12:24.0423 3416 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:12:24.0423 3416 PptpMiniport - ok
15:12:24.0438 3416 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:12:24.0438 3416 Processor - ok
15:12:24.0485 3416 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:12:24.0501 3416 ProfSvc - ok
15:12:24.0516 3416 ProtectedStorage (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
15:12:24.0532 3416 ProtectedStorage - ok
15:12:24.0579 3416 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:12:24.0579 3416 PSched - ok
15:12:24.0641 3416 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
15:12:24.0657 3416 PxHelp20 - ok
15:12:24.0766 3416 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:12:24.0797 3416 ql2300 - ok
15:12:24.0844 3416 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:12:24.0844 3416 ql40xx - ok
15:12:24.0875 3416 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:12:24.0891 3416 QWAVE - ok
15:12:24.0922 3416 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:12:24.0922 3416 QWAVEdrv - ok
15:12:25.0094 3416 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
15:12:25.0187 3416 R300 - ok
15:12:25.0328 3416 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:12:25.0328 3416 RasAcd - ok
15:12:25.0359 3416 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:12:25.0359 3416 RasAuto - ok
15:12:25.0390 3416 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:12:25.0390 3416 Rasl2tp - ok
15:12:25.0452 3416 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:12:25.0484 3416 RasMan - ok
15:12:25.0530 3416 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:12:25.0530 3416 RasPppoe - ok
15:12:25.0562 3416 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:12:25.0562 3416 RasSstp - ok
15:12:25.0624 3416 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:12:25.0640 3416 rdbss - ok
15:12:25.0655 3416 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:12:25.0655 3416 RDPCDD - ok
15:12:25.0702 3416 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:12:25.0733 3416 rdpdr - ok
15:12:25.0749 3416 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:12:25.0749 3416 RDPENCDD - ok
15:12:25.0811 3416 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:12:25.0827 3416 RDPWD - ok
15:12:25.0858 3416 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:12:25.0858 3416 RemoteAccess - ok
15:12:25.0889 3416 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:12:25.0889 3416 RemoteRegistry - ok
15:12:25.0936 3416 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
15:12:25.0952 3416 RFCOMM - ok
15:12:25.0983 3416 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
15:12:25.0983 3416 rimmptsk - ok
15:12:26.0014 3416 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
15:12:26.0014 3416 rimsptsk - ok
15:12:26.0061 3416 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
15:12:26.0061 3416 RimUsb - ok
15:12:26.0108 3416 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
15:12:26.0108 3416 RimVSerPort - ok
15:12:26.0139 3416 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
15:12:26.0139 3416 rismxdp - ok
15:12:26.0170 3416 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
15:12:26.0170 3416 ROOTMODEM - ok
15:12:26.0248 3416 Roxio UPnP Renderer 9 (f3395d205dec030dce54d4575774cfba) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
15:12:26.0248 3416 Roxio UPnP Renderer 9 - ok
15:12:26.0279 3416 Roxio Upnp Server 9 (95519cbef94773af7cd2b26029dceea7) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
15:12:26.0295 3416 Roxio Upnp Server 9 - ok
15:12:26.0435 3416 RoxLiveShare9 (b9ea6e59e526b10a2a09f5b9d729797d) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
15:12:26.0466 3416 RoxLiveShare9 - ok
15:12:26.0638 3416 RoxMediaDB9 (3daf385624abf3c3bbfb05cff2aca7d6) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
15:12:26.0685 3416 RoxMediaDB9 - ok
15:12:26.0732 3416 RoxWatch9 (8f366d03a7fda7527f76f01f695b0205) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
15:12:26.0747 3416 RoxWatch9 - ok
15:12:26.0950 3416 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:12:26.0950 3416 RpcLocator - ok
15:12:27.0059 3416 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:12:27.0059 3416 RpcSs - ok
15:12:27.0106 3416 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:12:27.0106 3416 rspndr - ok
15:12:27.0122 3416 SamSs (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
15:12:27.0122 3416 SamSs - ok
15:12:27.0153 3416 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:12:27.0153 3416 sbp2port - ok
15:12:27.0340 3416 SBSDWSCService (c4cb6fa165448681ee81b00819114704) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
15:12:27.0356 3416 SBSDWSCService - ok
15:12:27.0418 3416 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:12:27.0434 3416 SCardSvr - ok
15:12:27.0574 3416 Schedule (323ae0bdfd2eb15b668dda50cc597329) C:\Windows\system32\schedsvc.dll
15:12:27.0605 3416 Schedule - ok
15:12:27.0683 3416 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:12:27.0683 3416 SCPolicySvc - ok
15:12:27.0746 3416 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
15:12:27.0746 3416 sdbus - ok
15:12:27.0777 3416 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:12:27.0792 3416 SDRSVC - ok
15:12:27.0824 3416 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:12:27.0824 3416 secdrv - ok
15:12:27.0839 3416 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:12:27.0839 3416 seclogon - ok
15:12:27.0855 3416 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
15:12:27.0870 3416 SENS - ok
15:12:27.0902 3416 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:12:27.0902 3416 Serenum - ok
15:12:27.0933 3416 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:12:27.0948 3416 Serial - ok
15:12:27.0995 3416 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:12:27.0995 3416 sermouse - ok
15:12:28.0058 3416 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:12:28.0073 3416 SessionEnv - ok
15:12:28.0120 3416 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
15:12:28.0120 3416 sffdisk - ok
15:12:28.0136 3416 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:12:28.0136 3416 sffp_mmc - ok
15:12:28.0182 3416 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:12:28.0182 3416 sffp_sd - ok
15:12:28.0198 3416 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:12:28.0198 3416 sfloppy - ok
15:12:28.0260 3416 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:12:28.0260 3416 SharedAccess - ok
15:12:28.0338 3416 ShellHWDetection (c818c44c201898399bf999bb6b35d4e3) C:\Windows\System32\shsvcs.dll
15:12:28.0354 3416 ShellHWDetection - ok
15:12:28.0385 3416 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:12:28.0385 3416 sisagp - ok
15:12:28.0416 3416 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:12:28.0416 3416 SiSRaid2 - ok
15:12:28.0432 3416 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:12:28.0448 3416 SiSRaid4 - ok
15:12:28.0682 3416 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:12:28.0791 3416 slsvc - ok
15:12:28.0947 3416 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:12:28.0962 3416 SLUINotify - ok
15:12:29.0025 3416 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:12:29.0025 3416 Smb - ok
15:12:29.0056 3416 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:12:29.0056 3416 SNMPTRAP - ok
15:12:29.0087 3416 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:12:29.0087 3416 spldr - ok
15:12:29.0134 3416 Spooler (524bfbea40e6e404737ccbc754647a2e) C:\Windows\System32\spoolsv.exe
15:12:29.0150 3416 Spooler - ok
15:12:29.0259 3416 sprtsvc_dellsupportcenter - ok
15:12:29.0321 3416 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys
15:12:29.0337 3416 srv - ok
15:12:29.0384 3416 srv2 (d69b44e3b000c2ff583f10c65489b4fb) C:\Windows\system32\DRIVERS\srv2.sys
15:12:29.0399 3416 srv2 - ok
15:12:29.0462 3416 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
15:12:29.0462 3416 srvnet - ok
15:12:29.0493 3416 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:12:29.0508 3416 SSDPSRV - ok
15:12:29.0555 3416 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:12:29.0571 3416 SstpSvc - ok
15:12:29.0586 3416 STacSV (7e6dd4b34acd36af6c711d2bde91b040) C:\Windows\system32\STacSV.exe
15:12:29.0602 3416 STacSV - ok
15:12:29.0633 3416 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
15:12:29.0664 3416 STHDA - ok
15:12:29.0758 3416 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:12:29.0805 3416 stisvc - ok
15:12:29.0930 3416 stllssvr (7489520e98a119b5a9a00857f4f87d16) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:12:29.0930 3416 stllssvr - ok
15:12:29.0961 3416 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:12:29.0961 3416 swenum - ok
15:12:30.0023 3416 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:12:30.0070 3416 swprv - ok
15:12:30.0117 3416 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:12:30.0117 3416 Symc8xx - ok
15:12:30.0132 3416 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:12:30.0132 3416 Sym_hi - ok
15:12:30.0148 3416 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:12:30.0148 3416 Sym_u3 - ok
15:12:30.0195 3416 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:12:30.0273 3416 SysMain - ok
15:12:30.0335 3416 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:12:30.0335 3416 TabletInputService - ok
15:12:30.0507 3416 TabletServicePen (dad1a4d96291139c0f834b138320e475) C:\Windows\system32\Pen_Tablet.exe
15:12:30.0569 3416 TabletServicePen - ok
15:12:30.0647 3416 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:12:30.0678 3416 TapiSrv - ok
15:12:30.0725 3416 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:12:30.0725 3416 TBS - ok
15:12:30.0850 3416 Tcpip (0e6b0885c3d5e4643ed2d043de3433d8) C:\Windows\system32\drivers\tcpip.sys
15:12:30.0866 3416 Tcpip - ok
15:12:30.0881 3416 Tcpip6 (0e6b0885c3d5e4643ed2d043de3433d8) C:\Windows\system32\DRIVERS\tcpip.sys
15:12:30.0881 3416 Tcpip6 - ok
15:12:30.0944 3416 tcpipreg (b085a1c98f96ba7882a27b001becf5ac) C:\Windows\system32\drivers\tcpipreg.sys
15:12:30.0944 3416 tcpipreg - ok
15:12:30.0975 3416 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:12:30.0975 3416 TDPIPE - ok
15:12:31.0006 3416 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:12:31.0006 3416 TDTCP - ok
15:12:31.0037 3416 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:12:31.0037 3416 tdx - ok
15:12:31.0084 3416 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:12:31.0084 3416 TermDD - ok
15:12:31.0131 3416 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:12:31.0209 3416 TermService - ok
15:12:31.0271 3416 Themes (c818c44c201898399bf999bb6b35d4e3) C:\Windows\system32\shsvcs.dll
15:12:31.0271 3416 Themes - ok
15:12:31.0302 3416 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:12:31.0302 3416 THREADORDER - ok
15:12:31.0349 3416 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:12:31.0365 3416 TrkWks - ok
15:12:31.0412 3416 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:12:31.0412 3416 TrustedInstaller - ok
15:12:31.0458 3416 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:12:31.0458 3416 tssecsrv - ok
15:12:31.0458 3416 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:12:31.0458 3416 tunmp - ok
15:12:31.0474 3416 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
15:12:31.0474 3416 tunnel - ok
15:12:31.0505 3416 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:12:31.0505 3416 uagp35 - ok
15:12:31.0568 3416 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:12:31.0568 3416 udfs - ok
15:12:31.0614 3416 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:12:31.0614 3416 UI0Detect - ok
15:12:31.0646 3416 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:12:31.0646 3416 uliagpkx - ok
15:12:31.0661 3416 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:12:31.0677 3416 uliahci - ok
15:12:31.0724 3416 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:12:31.0724 3416 UlSata - ok
15:12:31.0755 3416 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:12:31.0755 3416 ulsata2 - ok
15:12:31.0786 3416 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:12:31.0786 3416 umbus - ok
15:12:31.0817 3416 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:12:31.0848 3416 upnphost - ok
15:12:31.0926 3416 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
15:12:31.0926 3416 USBAAPL - ok
15:12:31.0989 3416 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
15:12:31.0989 3416 usbaudio - ok
15:12:32.0036 3416 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:12:32.0036 3416 usbccgp - ok
15:12:32.0082 3416 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:12:32.0082 3416 usbcir - ok
15:12:32.0129 3416 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:12:32.0129 3416 usbehci - ok
15:12:32.0176 3416 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:12:32.0207 3416 usbhub - ok
15:12:32.0223 3416 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:12:32.0223 3416 usbohci - ok
15:12:32.0270 3416 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:12:32.0270 3416 usbprint - ok
15:12:32.0301 3416 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:12:32.0301 3416 usbscan - ok
15:12:32.0332 3416 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:12:32.0332 3416 USBSTOR - ok
15:12:32.0363 3416 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:12:32.0363 3416 usbuhci - ok
15:12:32.0410 3416 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:12:32.0426 3416 UxSms - ok
15:12:32.0504 3416 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:12:32.0504 3416 vds - ok
15:12:32.0535 3416 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:12:32.0535 3416 vga - ok
15:12:32.0550 3416 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:12:32.0550 3416 VgaSave - ok
15:12:32.0582 3416 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:12:32.0582 3416 viaagp - ok
15:12:32.0597 3416 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:12:32.0597 3416 ViaC7 - ok
15:12:32.0613 3416 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:12:32.0628 3416 viaide - ok
15:12:32.0644 3416 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:12:32.0644 3416 volmgr - ok
15:12:32.0753 3416 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:12:32.0769 3416 volmgrx - ok
15:12:32.0847 3416 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:12:32.0862 3416 volsnap - ok
15:12:32.0894 3416 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:12:32.0894 3416 vsmraid - ok
15:12:33.0003 3416 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:12:33.0034 3416 VSS - ok
15:12:33.0096 3416 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:12:33.0096 3416 W32Time - ok
15:12:33.0143 3416 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:12:33.0143 3416 WacomPen - ok
15:12:33.0206 3416 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\Windows\system32\DRIVERS\WacomVKHid.sys
15:12:33.0206 3416 WacomVKHid - ok
15:12:33.0221 3416 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:12:33.0221 3416 Wanarp - ok
15:12:33.0221 3416 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:12:33.0237 3416 Wanarpv6 - ok
15:12:33.0315 3416 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:12:33.0330 3416 wcncsvc - ok
15:12:33.0362 3416 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:12:33.0362 3416 WcsPlugInService - ok
15:12:33.0377 3416 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:12:33.0377 3416 Wd - ok
15:12:33.0424 3416 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:12:33.0440 3416 Wdf01000 - ok
15:12:33.0455 3416 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:12:33.0455 3416 WdiServiceHost - ok
15:12:33.0455 3416 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:12:33.0455 3416 WdiSystemHost - ok
15:12:33.0486 3416 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:12:33.0502 3416 WebClient - ok
15:12:33.0549 3416 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
15:12:33.0564 3416 Wecsvc - ok
15:12:33.0580 3416 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:12:33.0580 3416 wercplsupport - ok
15:12:33.0596 3416 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:12:33.0596 3416 WerSvc - ok
15:12:33.0658 3416 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:12:33.0674 3416 winachsf - ok
15:12:33.0767 3416 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:12:33.0783 3416 WinDefend - ok
15:12:33.0783 3416 WinHttpAutoProxySvc - ok
15:12:33.0892 3416 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:12:33.0908 3416 Winmgmt - ok
15:12:34.0001 3416 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
15:12:34.0032 3416 WinRM - ok
15:12:34.0110 3416 Wlansvc (766fdcf7e9aed0d0bef8a36c27d0ef91) C:\Windows\System32\wlansvc.dll
15:12:34.0126 3416 Wlansvc - ok
15:12:34.0126 3416 wltrysvc - ok
15:12:34.0188 3416 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:12:34.0188 3416 WmiAcpi - ok
15:12:34.0266 3416 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:12:34.0266 3416 wmiApSrv - ok
15:12:34.0407 3416 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:12:34.0438 3416 WMPNetworkSvc - ok
15:12:34.0485 3416 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
15:12:34.0500 3416 WPCSvc - ok
15:12:34.0532 3416 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
15:12:34.0532 3416 WPDBusEnum - ok
15:12:34.0610 3416 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
15:12:34.0610 3416 WpdUsb - ok
15:12:34.0656 3416 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:12:34.0656 3416 ws2ifsl - ok
15:12:34.0672 3416 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
15:12:34.0672 3416 wscsvc - ok
15:12:34.0688 3416 WSearch - ok
15:12:34.0875 3416 wuauserv (84a03bfe004b06e93408618976dc9c14) C:\Windows\system32\wuaueng.dll
15:12:34.0937 3416 wuauserv - ok
15:12:35.0109 3416 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:12:35.0109 3416 WUDFRd - ok
15:12:35.0156 3416 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:12:35.0156 3416 wudfsvc - ok
15:12:35.0171 3416 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
15:12:35.0171 3416 XAudio - ok
15:12:35.0202 3416 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
15:12:35.0265 3416 XAudioService - ok
15:12:35.0327 3416 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:12:35.0592 3416 \Device\Harddisk0\DR0 - ok
15:12:35.0624 3416 Boot (0x1200) (5e1dec58a8d2627e0aba2fed4f913ad3) \Device\Harddisk0\DR0\Partition0
15:12:35.0624 3416 \Device\Harddisk0\DR0\Partition0 - ok
15:12:35.0624 3416 Boot (0x1200) (f813895b7e38f0364258cbd26a366f8b) \Device\Harddisk0\DR0\Partition1
15:12:35.0639 3416 \Device\Harddisk0\DR0\Partition1 - ok
15:12:35.0639 3416 ============================================================
15:12:35.0639 3416 Scan finished
15:12:35.0639 3416 ============================================================
15:12:35.0639 0360 Detected object count: 0
15:12:35.0639 0360 Actual detected object count: 0
15:14:23.0435 3804 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-12 15:19:20
-----------------------------
15:19:20.137 OS Version: Windows 6.0.6002 Service Pack 2
15:19:20.137 Number of processors: 2 586 0x1706
15:19:20.137 ComputerName: TARRYN-PC UserName: Main
15:19:45.550 Initialize success
15:21:05.723 AVAST engine defs: 12081201
15:26:01.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:26:01.015 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
15:26:01.031 Disk 0 MBR read successfully
15:26:01.031 Disk 0 MBR scan
15:26:01.062 Disk 0 Windows VISTA default MBR code
15:26:01.062 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
15:26:01.078 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 178176
15:26:01.093 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 292356 MB offset 21149696
15:26:01.109 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 619896832
15:26:01.140 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 619898880
15:26:01.156 Disk 0 scanning sectors +625139712
15:26:01.218 Disk 0 scanning C:\Windows\system32\drivers
15:26:12.559 Service scanning
15:26:35.070 Modules scanning
15:26:45.195 Disk 0 trace - called modules:
15:26:45.241 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
15:26:45.257 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858d86f0]
15:26:45.257 3 CLASSPNP.SYS[8839f8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84e0b030]
15:26:47.457 AVAST engine scan C:\Windows
15:26:51.949 AVAST engine scan C:\Windows\system32
15:29:49.072 AVAST engine scan C:\Windows\system32\drivers
15:30:08.650 AVAST engine scan C:\Users\Main
15:33:09.813 AVAST engine scan C:\ProgramData
16:26:28.998 Disk 0 MBR has been saved successfully to "C:\Users\Main\Desktop\MBR.dat"
16:26:29.201 The log file has been saved successfully to "C:\Users\Main\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 AM

Posted 12 August 2012 - 04:48 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Fairdeal

Fairdeal
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 12 August 2012 - 05:36 PM

Gringo,
Just after reading your last post I got the Blue Screen of Death (something to do with Memory Management). That's the first time that has happened on this computer so I'm really CONCERNED.
It automatically rebooted after the BSOD and I ran that script the result of which is below.
I'd like to hear your comments about what has happened. Also, is it ok now to try and do a windows update.
Thanks.

ComboFix 12-08-10.02 - Main 08/12/2012 17:03:19.1.2 - x86
Running from: c:\users\Main\Desktop\ComboFix.exe
Command switches used :: c:\users\Main\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 22:18 . 2012-08-12 22:18 -------- d-----w- c:\users\Main\AppData\Local\temp
2012-08-12 22:18 . 2012-08-12 22:18 -------- d-----w- c:\users\Tarryn\AppData\Local\temp
2012-08-12 22:18 . 2012-08-12 22:18 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-12 22:18 . 2012-08-12 22:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 16:04 . 2012-08-07 16:04 -------- d-----w- c:\program files\AVAST Software
2012-08-06 04:02 . 2012-08-06 04:02 -------- d-----w- c:\users\Main\AppData\Roaming\SUPERAntiSpyware.com
2012-08-06 04:01 . 2012-08-06 04:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-06 01:16 . 2012-08-06 01:16 -------- d-----w- C:\785001842a4494b28f
2012-08-05 23:24 . 2012-08-05 23:24 -------- d-----w- c:\users\Main\AppData\Roaming\Ad-Aware Antivirus
2012-08-05 23:19 . 2012-08-05 23:19 -------- d-----w- c:\users\Main\AppData\Local\Sunbelt Software
2012-08-05 17:44 . 2012-08-05 17:44 -------- d-----w- c:\users\Main\AppData\Local\AVG Secure Search
2012-08-05 17:43 . 2012-08-05 17:43 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-05 17:43 . 2012-08-05 17:44 -------- d-----w- c:\program files\AVG Secure Search
2012-08-05 17:38 . 2012-08-05 17:38 -------- d-----w- C:\$AVG
2012-08-04 17:56 . 2012-08-04 17:56 -------- d-----w- c:\users\Main\AppData\Roaming\Malwarebytes
2012-08-04 17:56 . 2012-08-04 17:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-02 20:51 . 2012-08-02 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-27 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Main^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-773118394-718012962-2229649070-1000Core.job
- c:\users\Tarryn\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-24 15:36]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-773118394-718012962-2229649070-1000UA.job
- c:\users\Tarryn\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-24 15:36]
.
2012-08-12 c:\windows\Tasks\User_Feed_Synchronization-{D1F4FC8A-9CC1-4C22-A6F2-4FE986354A2A}.job
- c:\windows\system32\msfeedssync.exe [2009-07-15 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
FF - ProfilePath - c:\users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\s823i5zv.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-12 17:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-12 17:21:21
ComboFix-quarantined-files.txt 2012-08-12 22:21
ComboFix2.txt 2012-08-12 18:52
ComboFix3.txt 2012-08-12 17:06
.
Pre-Run: 230,561,472,512 bytes free
Post-Run: 230,581,293,056 bytes free
.
- - End Of File - - BF5EEEABB28BA2D9EE9E4D1E14C860BB

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 AM

Posted 12 August 2012 - 08:55 PM

Hello



don't see any reason why you would get a blue screen

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Fairdeal

Fairdeal
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 12 August 2012 - 09:21 PM

Gringo,
Ok, it's copied below. The only thing there that I would definitely like to get rid of is that Gameztar Toolbar which I thought had been removed via a previous scan for spyware.
Thanks,
Fairdeal


2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.2 (remove only)
Ad-Aware
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.3.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
BlackBerry Desktop Software 4.3
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Canon RAW Codec
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HDA D330 MDC V.92 Modem
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Digital Line Detect
EDocs
Gameztar Toolbar
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java™ 6 Update 5
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Modem Diagnostic Tool
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NetWaiting
Pen Tablet
Picasa 3
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Media Manager
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB956358)
Skype web features
Skype™ 4.1
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb970012)
WIDCOMM Bluetooth Software 6.0.1.3100

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 AM

Posted 13 August 2012 - 12:04 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 8.3.1
Browser Address Error Redirector
Gameztar Toolbar
Java™ 6 Update 5
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Edited by gringo_pr, 13 August 2012 - 12:04 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Fairdeal

Fairdeal
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 13 August 2012 - 04:21 PM

Gringo,
Sorry for the delay, I've spent several hours today trying to do as instructed and I'm not succeeding to well.
I couldn't get Revo working (it kept giving me a 'Directory name is invalid' error but after googling found that adding a temp folder in windows (which wasn't there) made it work. It removed Browser Address Error Redirector fine. It battled with Adobe Reader and Java but seemed to work eventually. The Gameztar toolbar doesn't appear with Revo or the Add/Remove program of windows.
I then tried to download Adobe but it wouldn't run - keeps coming up with 'metafile download failed' at about 33%. Even using a different browser and different download site I was unsuccessful.

Another strange thing that I noticed was I clicked on Notepad on the recent panel under the Start button and it took me to the Control Panel. When I clicked in Notepad under programs it booted up fine. (maybe this is just a diversion and will get sorted out as we proceed).

I ran Malware ok (actually before I ran cccleaner by mistake) the log is posted below.

HijackThis wouldn't run it said it is not a valid Win32 application. So I'm not sure what to do about that and what to do about Adobe not installing and I haven't tried installing Java yet.

Thanks for your ongoing help.
Fairdeal.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Main :: TARRYN-PC [administrator]

8/13/2012 3:38:04 PM
mbam-log-2012-08-13 (15-38-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237250
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95F19350-A3A2-491B-A404-54BDD34DB49D} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Gameztar Toolbar (Adware.Gameztar) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Tarryn\Desktop\TelevisionFanatic.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.

(end)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 AM

Posted 13 August 2012 - 07:35 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Fairdeal

Fairdeal
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 13 August 2012 - 09:29 PM

Gringo,
I downloaded it fine and it's been running for more than an hour. It's difficult to tell if it's not halted - it just says Manual File Scan - Getting file Structure..
I'll keep waiting unless I receive other instructions.
Thanks.
Fairdeal.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 AM

Posted 14 August 2012 - 01:33 AM

did it finish?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Fairdeal

Fairdeal
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 14 August 2012 - 07:10 AM

Good Morning Gringo,
It obviously was working. It took several hours. Here it is below:
Thank,
Fairdeal


OTL logfile created on: 8/13/2012 8:17:41 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Main\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.61% Memory free
4.21 Gb Paging File | 3.14 Gb Available in Paging File | 74.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 208.91 Gb Free Space | 73.17% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.80 Gb Free Space | 37.96% Space Free | Partition Type: NTFS

Computer Name: TARRYN-PC | User Name: Main | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Main\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Windows\System32\lxdqcoms.exe ( )
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Windows\System32\wermgr.exe (Microsoft Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (lxdq_device) -- C:\Windows\System32\lxdqcoms.exe ( )
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Main\AppData\Local\Temp\catchme.sys File not found
DRV - (BCM42RLY) -- system32\drivers\BCM42RLY.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-773118394-718012962-2229649070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-773118394-718012962-2229649070-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-773118394-718012962-2229649070-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-773118394-718012962-2229649070-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS_en
IE - HKU\S-1-5-21-773118394-718012962-2229649070-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/21 12:15:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/13 12:28:00 | 000,000,000 | ---D | M]

[2011/05/24 18:11:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Main\AppData\Roaming\Mozilla\Extensions
[2011/05/24 18:11:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\s823i5zv.default\extensions
[2009/10/05 20:26:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/05 12:43:16 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Secure Search = C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.1.0.21_0\
CHR - Extension: avast! WebRep = C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: AVG Do Not Track = C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/08/12 12:04:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-773118394-718012962-2229649070-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Tarryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Tarryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-773118394-718012962-2229649070-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-773118394-718012962-2229649070-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zone.msn.com/binary/Chess.cab57176.cab (ZoneChess Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF9D1887-E502-45EB-8F98-021EE154CFA0}: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAEE0131-65CE-40AB-AD7B-898E1F4D2D06}: DhcpNameServer = 69.65.192.1 129.118.1.9
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 20:11:09 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Main\Desktop\OTL.exe
[2012/08/13 15:59:30 | 003,907,920 | ---- | C] (Piriform Ltd) -- C:\Users\Main\Desktop\ccsetup321.exe
[2012/08/13 15:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/13 15:37:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/13 15:36:05 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Main\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/13 12:27:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/13 12:20:39 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/08/13 12:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/08/13 12:18:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/13 12:02:55 | 000,000,000 | ---D | C] -- C:\Revo
[2012/08/12 17:21:23 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Local\temp
[2012/08/12 17:20:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/12 17:00:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/12 15:18:55 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Main\Desktop\aswMBR.exe
[2012/08/12 15:10:47 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Main\Desktop\tdsskiller.exe
[2012/08/12 11:51:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/12 11:51:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/12 11:51:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/12 11:51:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/12 11:38:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/12 11:37:40 | 004,729,547 | R--- | C] (Swearware) -- C:\Users\Main\Desktop\ComboFix.exe
[2012/08/09 22:34:42 | 000,000,000 | ---D | C] -- C:\Users\Main\Desktop\gmer
[2012/08/09 22:23:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Main\Desktop\dds.com
[2012/08/08 15:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2012/08/07 11:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/07 11:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/05 23:02:46 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Roaming\SUPERAntiSpyware.com
[2012/08/05 23:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/05 23:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/08/05 20:16:56 | 000,000,000 | ---D | C] -- C:\785001842a4494b28f
[2012/08/05 18:24:16 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Roaming\Ad-Aware Antivirus
[2012/08/05 18:19:01 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Local\Sunbelt Software
[2012/08/05 12:44:21 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Local\AVG Secure Search
[2012/08/05 12:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/08/05 12:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/08/05 12:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/08/05 12:38:44 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/08/04 12:56:25 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Roaming\Malwarebytes
[2012/08/04 12:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/04 12:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/02 15:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/02 15:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/08/02 15:47:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/08/02 15:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

========== Files - Modified Within 30 Days ==========

[2012/08/14 04:50:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D1F4FC8A-9CC1-4C22-A6F2-4FE986354A2A}.job
[2012/08/14 04:20:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-773118394-718012962-2229649070-1000UA.job
[2012/08/14 04:16:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 04:16:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 20:11:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Main\Desktop\OTL.exe
[2012/08/13 17:20:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-773118394-718012962-2229649070-1000Core.job
[2012/08/13 16:23:12 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/13 16:23:12 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/13 16:15:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/13 16:15:31 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 16:14:33 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/13 16:08:31 | 000,077,118 | ---- | M] () -- C:\Users\Main\Desktop\HijackThis.exe
[2012/08/13 16:01:52 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/13 15:59:33 | 003,907,920 | ---- | M] (Piriform Ltd) -- C:\Users\Main\Desktop\ccsetup321.exe
[2012/08/13 15:37:15 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/13 15:36:12 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Main\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/13 12:20:40 | 000,001,059 | ---- | M] () -- C:\Users\Main\Desktop\Revo Uninstaller.lnk
[2012/08/12 16:26:29 | 000,000,512 | ---- | M] () -- C:\Users\Main\Desktop\MBR.dat
[2012/08/12 15:18:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Main\Desktop\aswMBR.exe
[2012/08/12 15:11:01 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Main\Desktop\tdsskiller.exe
[2012/08/12 12:04:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/12 11:37:53 | 004,729,547 | R--- | M] (Swearware) -- C:\Users\Main\Desktop\ComboFix.exe
[2012/08/12 11:34:07 | 000,093,141 | ---- | M] () -- C:\Users\Main\Desktop\SecurityCheck.exe
[2012/08/10 20:48:28 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/08/10 20:48:28 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/08/09 22:19:38 | 000,294,216 | ---- | M] () -- C:\Users\Main\Desktop\gmer.zip
[2012/08/09 22:15:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Main\Desktop\dds.com
[2012/08/05 19:48:34 | 000,001,356 | ---- | M] () -- C:\Users\Main\AppData\Local\d3d9caps.dat
[2012/08/05 19:34:14 | 000,000,134 | ---- | M] () -- C:\Users\Main\Desktop\Microsoft Fix it.url

========== Files Created - No Company Name ==========

[2012/08/13 16:08:31 | 000,077,118 | ---- | C] () -- C:\Users\Main\Desktop\HijackThis.exe
[2012/08/13 16:01:52 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/13 15:37:15 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/13 12:20:40 | 000,001,059 | ---- | C] () -- C:\Users\Main\Desktop\Revo Uninstaller.lnk
[2012/08/12 16:26:28 | 000,000,512 | ---- | C] () -- C:\Users\Main\Desktop\MBR.dat
[2012/08/12 14:03:10 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/12 11:51:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/12 11:51:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/12 11:51:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/12 11:51:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/12 11:51:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/12 11:34:05 | 000,093,141 | ---- | C] () -- C:\Users\Main\Desktop\SecurityCheck.exe
[2012/08/09 22:23:55 | 000,294,216 | ---- | C] () -- C:\Users\Main\Desktop\gmer.zip
[2012/08/02 16:57:11 | 000,000,134 | ---- | C] () -- C:\Users\Main\Desktop\Microsoft Fix it.url
[2011/05/28 16:30:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/05/28 16:29:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/27 20:35:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/27 20:35:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/05/20 16:27:26 | 000,023,040 | ---- | C] () -- C:\Users\Main\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/20 16:03:04 | 000,001,356 | ---- | C] () -- C:\Users\Main\AppData\Local\d3d9caps.dat
[2009/08/09 22:14:28 | 000,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users