Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit.0access.h


  • This topic is locked This topic is locked
23 replies to this topic

#1 StillAMeese

StillAMeese

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 16 August 2012 - 11:17 PM

I have had problems with the bitly.com website not loading properly for me for several days, so in trying to figure out if it was the website who got hacked or me, I ran Malwarebytes (just the freebie version) and discovered the rootkit.0access.h virus/trojan. I did some poking around online and followed all of the advice given in this thread: www.bleepingcomputer.com/forums/topic445217.html EXCEPT running the ComboFix because I didn't want to screw my computer up worse.

Prior to finding that thread, I had already downloaded tdsskiller and had clicked "cure" next to the line that said virus.win64.zaccess.b

In doing all of these steps, I assume that maybe I've gotten some of the bug out, but not everything. My computer seems to have sped up, Malwarebytes is no longer catching anything, the only thing showing up on tdsskiller now is stuff I know is not malware... however, I'm still getting website redirects and still cannot access the bitly website (I get a screen telling me the page has been blocked because it contains malware and directions to download Panda Cloud.)

What more can I do? Or can someone guide me through ComboFix?

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:45 AM

Posted 19 August 2012 - 01:56 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 StillAMeese

StillAMeese
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 19 August 2012 - 09:25 AM

Okay, I ran everything you requested with no problems. Computer seems to be running the same, meaning that for the most part it seems to be running at a smooth pace but I am still getting a redirect on the bitly website. I'm not sure if it is worth mentioning, but we only started noticing problems recently after we had replaced our wireless router about a week and a half ago. And additionally, a day or so ago when I was checking the security settings on the computer I noticed that the Windows Firewall had been turned off and I could not turn it back on (but I guess that is not surprising with this "bug"?) My husband and I are also noticing that we are having problems connecting our smartphones to the wireless network, although our Wii seems to be connecting fine since I ran the previous aforementioned utilities/fixes mentioned in my first post.

Here are the logs:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by MOM at 9:01:21 on 2012-08-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1691 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\MHotKey.exe
C:\Windows\ChiFuncExt.exe
C:\Windows\System32\wpcumi.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\MAGIX\Common\Database\bin\fabs.exe
C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://search.juno.com/search?action=minisearch&source=minisearch
uSearch Bar = Preserve
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1208&m=lx6810-01
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1208&m=lx6810-01
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.juno.com/search?action=minisearch&source=minisearch
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: LivingPlay Text: {4a0ba746-d4d6-41a6-81ef-413e52b5f8d6} - C:\Program Files (x86)\LivingPlay\lplaytl.dll
BHO: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - C:\Program Files (x86)\egamestoolbar\egamestoolbar.dll
BHO: Security Helper {A6BCD8FE-436D-4ad3-A5C5-A3DFCD61568A}: {a6bcd8fe-436d-4ad3-a5c5-a3dfcd61568a} - C:\Program Files (x86)\egamestoolbar\auxi\egamesb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - C:\Program Files (x86)\egamestoolbar\egamestoolbar.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Alexa Toolbar: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - C:\Program Files (x86)\Alexa Toolbar\AlexaToolbar.10.0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\MOM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: C:\Windows\system32\wpclsp.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Trusted Zone: hotmail.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: juno.com
Trusted Zone: live.com\login
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1382C867-F693-43B0-A71F-1B14D6A9E1E6} : DhcpNameServer = 192.168.2.1
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: LivingPlay Text: {4A0BA746-D4D6-41a6-81EF-413E52B5F8D6} - C:\Program Files (x86)\LivingPlay\lplaytl.dll
BHO-X64: LivingPlay Text - No File
BHO-X64: eGames Toolbar: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files (x86)\egamestoolbar\egamestoolbar.dll
BHO-X64: eGames Toolbar - No File
BHO-X64: Security Helper {A6BCD8FE-436D-4ad3-A5C5-A3DFCD61568A}: {A6BCD8FE-436D-4ad3-A5C5-A3DFCD61568A} - C:\Program Files (x86)\egamestoolbar\auxi\egamesb.dll
BHO-X64: Security Helper {A6BCD8FE-436D-4ad3-A5C5-A3DFCD61568A} - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB-X64: eGames Toolbar: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files (x86)\egamestoolbar\egamestoolbar.dll
TB-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Alexa Toolbar: {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Alexa Toolbar\AlexaToolbar.10.0.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
============= SERVICES / DRIVERS ===============
.
R0 exegacmp;exegacmp;C:\Windows\system32\DRIVERS\exegacmp.sys --> C:\Windows\system32\DRIVERS\exegacmp.sys [?]
R0 nvamacpi;Nvidia Away Mode System;C:\Windows\system32\DRIVERS\NVAMACPI.sys --> C:\Windows\system32\DRIVERS\NVAMACPI.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;C:\Windows\system32\drivers\AVer88xHD64.sys --> C:\Windows\system32\drivers\AVer88xHD64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-16 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-16 136176]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RTS5121.sys --> C:\Windows\system32\Drivers\RTS5121.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-16 257696]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-23 89920]
S4 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-12-6 24576]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2009-1-31 1527900]
S4 mdsrv;mdsrv;C:\Program Files (x86)\Messenger Detect\mdsrv.exe [2009-9-18 405504]
S4 UPnPService;UPnPService;C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2009-1-31 544768]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-18 16:48:02 -------- d-----w- C:\Users\MOM\AppData\Roaming\OpenOffice.org
2012-08-18 05:31:00 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-08-17 03:38:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-17 02:33:40 -------- d-----w- C:\_OTL
2012-08-17 00:37:29 -------- d-----w- C:\Users\MOM\AppData\Local\Amazon
2012-08-10 06:59:04 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0FB80789-66F8-483B-AA12-B67C235E19E6}\mpengine.dll
2012-08-08 22:41:30 -------- d-----w- C:\ProgramData\Affinegy
2012-08-05 20:37:18 -------- d-----w- C:\Program Files (x86)\Belkin
2012-08-01 21:00:43 -------- d-----w- C:\ProgramData\7531CC960000F6F9004E36192F3B707C
2012-07-25 16:35:34 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-25 16:35:28 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-07-24 23:11:55 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-07-24 23:09:35 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-07-24 23:09:35 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-07-24 23:09:23 -------- d-----w- C:\Users\MOM\AppData\Roaming\TestApp
2012-07-24 23:09:23 -------- d-----w- C:\ProgramData\PC Tools
2012-07-20 20:58:43 -------- d-----w- C:\Program Files (x86)\Alexa Toolbar
.
==================== Find3M ====================
.
2012-08-17 03:40:12 384512 ----a-w- C:\Windows\System32\services.exe
2012-07-29 23:00:12 2516 ----a-w- C:\Windows\SysWow64\KGyGaAvL.sys
2012-07-26 07:04:19 71 ----a-w- C:\Windows\System32\aipican.dll
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-19 14:08:26 34275360 ----a-w- C:\Users\MOM\dsb-deluxe_full965.exe
2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 20:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
.
============= FINISH: 9:01:46.60 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/5/2008 10:55:19 PM
System Uptime: 8/18/2012 7:00:55 AM (25 hours ago)
.
Motherboard: Gateway | | FMCP7AM
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 330.33 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2D45C30F&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2D45C30F&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP585: 7/26/2012 1:58:43 AM - Scheduled Checkpoint
RP586: 7/26/2012 3:00:10 AM - Windows Update
RP587: 7/27/2012 12:00:01 AM - Scheduled Checkpoint
RP589: 7/27/2012 10:10:01 AM - Windows Defender Checkpoint
RP590: 7/28/2012 12:00:04 AM - Scheduled Checkpoint
RP591: 7/28/2012 9:25:30 PM - Scheduled Checkpoint
RP592: 7/29/2012 2:16:24 PM - Scheduled Checkpoint
RP593: 7/31/2012 9:59:19 AM - Windows Update
RP594: 8/1/2012 10:48:34 AM - Scheduled Checkpoint
RP595: 8/2/2012 1:32:04 AM - Scheduled Checkpoint
RP596: 8/3/2012 9:01:00 AM - Scheduled Checkpoint
RP597: 8/4/2012 1:37:14 AM - Scheduled Checkpoint
RP598: 8/5/2012 8:17:04 AM - Scheduled Checkpoint
RP599: 8/6/2012 12:00:01 AM - Scheduled Checkpoint
RP600: 8/7/2012 12:00:03 AM - Scheduled Checkpoint
RP601: 8/7/2012 1:59:00 AM - Windows Update
RP602: 8/8/2012 12:00:02 AM - Scheduled Checkpoint
RP603: 8/9/2012 1:31:05 AM - Scheduled Checkpoint
RP604: 8/10/2012 12:00:01 AM - Scheduled Checkpoint
RP605: 8/11/2012 12:14:26 AM - Scheduled Checkpoint
RP606: 8/12/2012 12:00:02 AM - Scheduled Checkpoint
RP607: 8/13/2012 12:00:03 AM - Scheduled Checkpoint
RP608: 8/14/2012 12:00:02 AM - Scheduled Checkpoint
RP609: 8/14/2012 5:29:38 PM - Scheduled Checkpoint
RP610: 8/16/2012 1:21:18 AM - Scheduled Checkpoint
RP611: 8/16/2012 9:18:42 PM - Scheduled Checkpoint
RP612: 8/16/2012 9:34:02 PM - OTL Restore Point - 8/16/2012 9:34:02 PM
RP613: 8/16/2012 9:38:25 PM - OTL Restore Point - 8/16/2012 9:38:25 PM
RP614: 8/18/2012 12:26:55 AM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
RP615: 8/18/2012 12:27:59 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP616: 8/18/2012 12:29:44 AM - Installed Java™ 6 Update 22
RP617: 8/18/2012 12:30:21 AM - Installed OpenOffice.org 3.3
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
100,000 Mahjongg Games
1001 Japanese Crosswords
1001 Minigolf Challenge
1001 Tangram Puzzles
2002 Games
2002 Kakuro Puzzles
2002 Pentamino Puzzles
2002 Space Out Games
2002 Sudoku Games
3003 Crystal Mazes
500 Solitaire Games
Adobe Digital Editions
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS
Adobe Reader 8.1.3
Alexa Toolbar
Amazon Kindle
Anime Studio Debut 6.0
Anti-phishing Domain Advisor
Apple Application Support
Apple Software Update
Ask Toolbar
Audacity 1.2.6
AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5
Belkin Setup and Router Monitor
Best Games Hits 4
BitTorrent
calibre
Chess Brain Teasers 50,000
Chess Reversi 50,000
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro X
Crystal Caverns of Amon-Ra
CyberLink LabelPrint
CyberLink Power2Go
Diner Dash Hometown Hero - Gourmet
Dynasty of Egypt
EA Download Manager
eGames Toolbar
EPSON Scan
Evernote v. 4.5.7
Express Burn
Express Rip
Fab Fashion
Family Feud Battle of the Sexes
Firebird SQL Server - MAGIX Edition
Flip or Flop
Free M4a to MP3 Converter 7.1
FrostWire 4.21.7
Gateway Games
Gateway Recovery Management
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hexagon Mahjongg
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImageConverter Plus 7.1
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 23
Java™ 6 Update 5
Jewel Quest (remove only)
Jewels of the Nile
Kakuro Mania! 10,000
KB0817 Keyboard Driver
King Solomon's Lost Mines
Knoll Light Factory EZ Studio 15
Kobo
LAME v3.99.3 (for Windows)
Lexmark 2400 Series
LimeWire 5.2.13
LivingPlay
MAGIX Goya burnR 1.3.1.3 (US)
MAGIX Movie Edit Pro 14 7.5.3.1 (US)
MAGIX Photo Manager 8 6.0.1.466 (US)
MAGIX Ringtone Maker 3 silver 3.1.0.3 (US)
MAGIX Screenshare 4.3.6.1987 (US)
Malwarebytes Anti-Malware version 1.62.0.1300
Messenger Detect
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
MixPad
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mufin MusicFinder Base 1.5.3.247 (UK)
Mystery Case Files - Prime Suspects (remove only)
NVIDIA ForceWare Network Access Manager
OpenOffice.org 3.3
Picasa 3
Pinnacle Studio 15
Pinnacle Studio 15 Ultimate Plugins
Pinnacle Studio Bonus Content
Prison Tycoon 4
Puzzle and Board XP Championship
Puzzle XP Championship 3000
QuickTime
Realtek Card Reader
Realtek High Definition Audio Driver
Red Giant ToonIt Studio 15
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SimCity 4
SmartCopy
SmartLauncher
SmartSound Quicktracks Plugin
SoulSeek Client 156c
SoulSeek Client 157 test 11
Spybot - Search & Destroy
Sudoku Mania! 50,000
Super Word Games 10,000
SureThing Express Labeler
Switch Sound File Converter
Syberia
Taipei Mahjongg 25K
The Movies™
The Sims 2 Pets
The Sims™ 2 Deluxe
The Sims™ 2 Teen Style Stuff
The Sims™ 3
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 Pets
The Sims™ 3 World Adventures
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmoiper
TurboTax 2009 wmsiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmoiper
TurboTax 2010 wmsiper
TurboTax 2010 wrapper
Ulead VideoStudio 8.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Vegas Slots Bonus
VoiceOver Kit
WavePad Sound Editor
Wise Registry Cleaner 7.31
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
8/17/2012 8:03:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
8/16/2012 9:41:18 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
8/16/2012 9:33:41 PM, Error: Service Control Manager [7034] - The AffinegyService service terminated unexpectedly. It has done this 1 time(s).
8/16/2012 11:45:00 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user MOM-PC\MOM SID (S-1-5-21-799287411-2366509477-4261898777-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/16/2012 10:42:08 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/16/2012 10:42:08 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/16/2012 10:42:08 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/14/2012 5:31:13 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 00226869DAE8 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

Results of screen317's Security Check version 0.99.44
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Wise Registry Cleaner 7.31
Java™ 6 Update 23
Java™ 6 Update 22
Java™ 6 Update 5
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.12.36 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Google Chrome 21.0.1180.77
Google Chrome 21.0.1180.79
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:45 AM

Posted 19 August 2012 - 12:16 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 StillAMeese

StillAMeese
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 20 August 2012 - 11:34 AM

Okay, I ran ComboFix. I wound up having to restart it once because my Evernote program popped open a window prompting me to update and it caused ComboFix to stall. The second time it ran all the way through with no problems. When it restarted my desktop, however, I got a screen saying Windows Firewall was blocking some functions of my Belkin router. I just clicked the X in the top right corner and did not give instructions to keep blocking or to allow. Assuming this was a true message and was not the virus fighting deletion by disgusing itself in a manner that would make me click on something to keep it around - Windows Firewall now working again is an improvement. Websites appear to be loading much faster now too, so I am certain we're heading in the right direction.

However, it does not appear to be completely gone yet. Bitly is still giving me a redirect (I'm confused as to why that seems to be the only website this thing is messing with).

Here is the combofix log:


ComboFix 12-08-20.01 - MOM 08/20/2012 10:50:37.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1780 [GMT -5:00]
Running from: c:\users\MOM\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\alexa toolbar
c:\program files (x86)\alexa toolbar\AlexaToolbar.10.0.dll
c:\program files (x86)\alexa toolbar\AlexaToolbar.10.0.Uninstall.exe
c:\program files (x86)\alexa toolbar\AlexaToolbarSSB.10.0.dll
c:\program files (x86)\alexa toolbar\AlxSSBPS.dll
c:\program files (x86)\LivingPlay\lpLAytl.dll
c:\program files\SGPSA\mtWB3sh.dll
c:\users\Ashley & Kristen\Desktop\Internet Explorer.lnk
c:\users\MOM\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\users\MOM\Documents\~WRL0004.tmp
c:\users\MOM\slsk156c.exe
c:\users\MOM\slsk157NS13e.exe
c:\users\MOM\slsk157test11.exe
c:\users\Public\RemoveSGP0.exe
c:\windows\SysWow64\DC120fc7_32.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-20 16:07 . 2012-08-20 16:07 -------- d-----w- c:\users\Nicki\AppData\Local\temp
2012-08-20 16:07 . 2012-08-20 16:07 -------- d-----w- c:\users\Kristen\AppData\Local\temp
2012-08-20 16:07 . 2012-08-20 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-20 16:07 . 2012-08-20 16:07 -------- d-----w- c:\users\Ashley & Kristen\AppData\Local\temp
2012-08-18 16:48 . 2012-08-18 16:48 -------- d-----w- c:\users\MOM\AppData\Roaming\OpenOffice.org
2012-08-18 05:31 . 2012-08-18 05:31 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-08-17 03:38 . 2012-08-17 03:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-17 02:33 . 2012-08-17 02:33 -------- d-----w- C:\_OTL
2012-08-17 00:37 . 2012-08-17 00:37 -------- d-----w- c:\users\MOM\AppData\Local\Amazon
2012-08-10 06:59 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FB80789-66F8-483B-AA12-B67C235E19E6}\mpengine.dll
2012-08-08 22:41 . 2012-08-08 22:41 -------- d-----w- c:\programdata\Affinegy
2012-08-05 20:37 . 2012-08-05 20:37 -------- d-----w- c:\program files (x86)\Belkin
2012-08-01 21:00 . 2012-08-01 21:34 -------- d-----w- c:\programdata\7531CC960000F6F9004E36192F3B707C
2012-07-25 16:35 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-07-24 23:11 . 2012-07-24 23:57 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-24 23:09 . 2012-07-24 23:57 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-24 23:09 . 2012-06-22 20:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-07-24 23:09 . 2012-07-24 23:55 -------- d-----w- c:\programdata\PC Tools
2012-07-24 23:09 . 2012-07-24 23:09 -------- d-----w- c:\users\MOM\AppData\Roaming\TestApp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 03:40 . 2009-07-23 09:16 384512 ----a-w- c:\windows\system32\services.exe
2012-07-26 07:04 . 2010-06-01 04:56 71 ----a-w- c:\windows\system32\aipican.dll
2012-07-12 08:02 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-03 18:46 . 2009-08-31 01:44 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 14:08 . 2012-06-19 14:08 34275360 ----a-w- c:\users\MOM\dsb-deluxe_full965.exe
2012-06-13 13:58 . 2012-07-12 08:00 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 17:59 . 2012-07-11 12:58 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-11 12:58 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 12:58 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 12:58 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 12:58 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 12:58 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-19 13:03 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 13:03 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 13:03 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 13:03 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 13:03 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-19 13:03 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 13:03 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-19 13:03 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 13:03 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-19 13:03 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 20:19 . 2012-06-19 13:03 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:19 . 2012-06-19 13:03 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 20:15 . 2012-06-19 13:03 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 20:12 . 2012-06-19 13:03 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 12:49 . 2012-07-12 08:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 08:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 08:01 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 08:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 08:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 08:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 08:01 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 08:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 08:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 08:01 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 08:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 08:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 08:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 08:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 08:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 08:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 08:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 00:22 . 2012-07-11 12:58 347136 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 12:58 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 12:58 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 12:58 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 12:58 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}]
2009-05-12 22:07 86016 ----a-w- c:\program files (x86)\egamestoolbar\egamestoolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A6BCD8FE-436D-4ad3-A5C5-A3DFCD61568A}]
2009-07-02 19:49 254424 ----a-w- c:\program files (x86)\egamestoolbar\auxi\egamesb.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 18:29 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}"= "c:\program files (x86)\egamestoolbar\egamestoolbar.dll" [2009-05-12 86016]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2012-01-17 1884576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\MOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave1"=wdmaud.drv
.
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 257696]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 15:03]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 04:16]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 04:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
"combofix"="c:\combofix\CF1366.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1208&m=lx6810-01
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.juno.com/search?action=minisearch&source=minisearch
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\windows\system32\wpclsp.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Trusted Zone: hotmail.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: juno.com
Trusted Zone: live.com\login
TCP: DhcpNameServer = 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{EA582743-9076-4178-9AA6-7393FDF4D5CE} - c:\program files (x86)\Alexa Toolbar\AlexaToolbar.10.0.dll
SafeBoot-46149516.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-100,000 Mahjongg Games - c:\program files (x86)\100
AddRemove-Chess Brain Teasers 50,000 - c:\program files (x86)\Chess Brain Teasers 50
AddRemove-Chess Reversi 50,000 - c:\program files (x86)\Chess Reversi 50
AddRemove-Kakuro Mania! 10,000 - c:\program files (x86)\Kakuro Mania! 10
AddRemove-Lexmark 2400 Series - c:\program files (x86) (x86)\Lexmark 2400 Series\Install\x64\Uninst.exe
AddRemove-Sudoku Mania! 50,000 - c:\program files (x86)\Selectsoft\Sudoku Mania! 50
AddRemove-Super Word Games 10,000 - c:\program files (x86)\Super Word Games 10
AddRemove-TurboTax 2009 - c:\program files (x86)\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe
AddRemove-TurboTax 2010 - c:\program files (x86)\TurboTax\Premier 2010\Installer\TurboTax 2010 Installer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\MHotKey.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\windows\ChiFuncExt.exe
.
**************************************************************************
.
Completion time: 2012-08-20 11:19:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-20 16:19
.
Pre-Run: 353,989,611,520 bytes free
Post-Run: 353,584,295,936 bytes free
.
- - End Of File - - 79A15206AB75FAF3CE6EFB22C59E128C

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:45 AM

Posted 20 August 2012 - 11:36 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 StillAMeese

StillAMeese
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 21 August 2012 - 12:10 PM

Here are the reports:

12:05:57.0837 8288 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
12:05:58.0242 8288 ============================================================
12:05:58.0242 8288 Current date / time: 2012/08/21 12:05:58.0242
12:05:58.0242 8288 SystemInfo:
12:05:58.0242 8288
12:05:58.0242 8288 OS Version: 6.0.6002 ServicePack: 2.0
12:05:58.0242 8288 Product type: Workstation
12:05:58.0242 8288 ComputerName: MOM-PC
12:05:58.0242 8288 UserName: MOM
12:05:58.0242 8288 Windows directory: C:\Windows
12:05:58.0242 8288 System windows directory: C:\Windows
12:05:58.0242 8288 Running under WOW64
12:05:58.0242 8288 Processor architecture: Intel x64
12:05:58.0242 8288 Number of processors: 4
12:05:58.0242 8288 Page size: 0x1000
12:05:58.0242 8288 Boot type: Normal boot
12:05:58.0242 8288 ============================================================
12:05:58.0617 8288 Drive \Device\Harddisk0\DR0 - Size: 0x950B050000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:05:58.0664 8288 Drive \Device\Harddisk1\DR1 - Size: 0xF3000000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:05:58.0664 8288 ============================================================
12:05:58.0664 8288 \Device\Harddisk0\DR0:
12:05:58.0664 8288 MBR partitions:
12:05:58.0664 8288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4F800, BlocksNum 0x48B08000
12:05:58.0664 8288 \Device\Harddisk1\DR1:
12:05:58.0664 8288 MBR partitions:
12:05:58.0664 8288 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x797FD0
12:05:58.0664 8288 ============================================================
12:05:58.0710 8288 C: <-> \Device\Harddisk0\DR0\Partition1
12:05:58.0710 8288 ============================================================
12:05:58.0710 8288 Initialize success
12:05:58.0710 8288 ============================================================
12:06:45.0136 13156 ============================================================
12:06:45.0136 13156 Scan started
12:06:45.0136 13156 Mode: Manual;
12:06:45.0136 13156 ============================================================
12:06:45.0744 13156 ================ Scan system memory ========================
12:06:45.0744 13156 System memory - ok
12:06:45.0744 13156 ================ Scan services =============================
12:06:45.0885 13156 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:06:45.0885 13156 ACPI - ok
12:06:45.0963 13156 [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
12:06:45.0963 13156 Adobe LM Service - ok
12:06:46.0056 13156 [ 76D5A3D2A50402A0B9B6ED13C4371E79 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:06:46.0056 13156 AdobeFlashPlayerUpdateSvc - ok
12:06:46.0088 13156 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:06:46.0088 13156 adp94xx - ok
12:06:46.0119 13156 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:06:46.0119 13156 adpahci - ok
12:06:46.0134 13156 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:06:46.0134 13156 adpu160m - ok
12:06:46.0150 13156 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:06:46.0166 13156 adpu320 - ok
12:06:46.0166 13156 Aegmvcb - ok
12:06:46.0212 13156 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:06:46.0212 13156 AeLookupSvc - ok
12:06:46.0244 13156 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
12:06:46.0259 13156 AFD - ok
12:06:46.0368 13156 [ 4F2688F7399DC9A8C3078887E359095E ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
12:06:46.0368 13156 AffinegyService - ok
12:06:46.0400 13156 [ 8B0D8B5BAFD4C9D57B41426BC68B32F9 ] AgereModemAudio C:\Windows\system32\agr64svc.exe
12:06:46.0400 13156 AgereModemAudio - ok
12:06:46.0431 13156 [ 6051B172930F3B2723D04C555F7EC55A ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
12:06:46.0462 13156 AgereSoftModem - ok
12:06:46.0493 13156 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:06:46.0493 13156 agp440 - ok
12:06:46.0493 13156 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:06:46.0493 13156 aic78xx - ok
12:06:46.0524 13156 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
12:06:46.0524 13156 ALG - ok
12:06:46.0540 13156 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
12:06:46.0540 13156 aliide - ok
12:06:46.0540 13156 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
12:06:46.0540 13156 amdide - ok
12:06:46.0556 13156 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:06:46.0556 13156 AmdK8 - ok
12:06:46.0571 13156 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
12:06:46.0571 13156 Appinfo - ok
12:06:46.0618 13156 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:06:46.0618 13156 Apple Mobile Device - ok
12:06:46.0649 13156 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
12:06:46.0649 13156 arc - ok
12:06:46.0665 13156 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:06:46.0665 13156 arcsas - ok
12:06:46.0680 13156 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:06:46.0680 13156 AsyncMac - ok
12:06:46.0696 13156 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
12:06:46.0696 13156 atapi - ok
12:06:46.0712 13156 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:06:46.0727 13156 AudioEndpointBuilder - ok
12:06:46.0727 13156 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:06:46.0743 13156 AudioSrv - ok
12:06:46.0758 13156 [ 5E76DEBBA4311AC1C44DE83D59A9584E ] AVer88xHD C:\Windows\system32\drivers\AVer88xHD64.sys
12:06:46.0758 13156 AVer88xHD - ok
12:06:46.0790 13156 Beep - ok
12:06:46.0836 13156 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
12:06:46.0836 13156 BFE - ok
12:06:46.0868 13156 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:06:46.0868 13156 blbdrive - ok
12:06:46.0914 13156 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
12:06:46.0914 13156 Bonjour Service - ok
12:06:46.0930 13156 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:06:46.0946 13156 bowser - ok
12:06:46.0946 13156 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:06:46.0946 13156 BrFiltLo - ok
12:06:46.0961 13156 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:06:46.0961 13156 BrFiltUp - ok
12:06:46.0977 13156 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
12:06:46.0977 13156 Browser - ok
12:06:46.0992 13156 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
12:06:46.0992 13156 Brserid - ok
12:06:47.0008 13156 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:06:47.0008 13156 BrSerWdm - ok
12:06:47.0024 13156 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:06:47.0024 13156 BrUsbMdm - ok
12:06:47.0039 13156 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:06:47.0039 13156 BrUsbSer - ok
12:06:47.0055 13156 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:06:47.0070 13156 BTHMODEM - ok
12:06:47.0070 13156 catchme - ok
12:06:47.0102 13156 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:06:47.0102 13156 cdfs - ok
12:06:47.0117 13156 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:06:47.0117 13156 cdrom - ok
12:06:47.0148 13156 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
12:06:47.0148 13156 CertPropSvc - ok
12:06:47.0164 13156 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:06:47.0164 13156 circlass - ok
12:06:47.0180 13156 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
12:06:47.0195 13156 CLFS - ok
12:06:47.0226 13156 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:06:47.0226 13156 clr_optimization_v2.0.50727_32 - ok
12:06:47.0273 13156 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:06:47.0273 13156 clr_optimization_v2.0.50727_64 - ok
12:06:47.0351 13156 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:06:47.0351 13156 clr_optimization_v4.0.30319_32 - ok
12:06:47.0429 13156 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:06:47.0429 13156 clr_optimization_v4.0.30319_64 - ok
12:06:47.0445 13156 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:06:47.0445 13156 cmdide - ok
12:06:47.0445 13156 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:06:47.0445 13156 Compbatt - ok
12:06:47.0460 13156 COMSysApp - ok
12:06:47.0507 13156 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:06:47.0507 13156 crcdisk - ok
12:06:47.0554 13156 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:06:47.0554 13156 CryptSvc - ok
12:06:47.0585 13156 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:06:47.0601 13156 DcomLaunch - ok
12:06:47.0632 13156 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:06:47.0632 13156 DfsC - ok
12:06:47.0710 13156 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
12:06:47.0772 13156 DFSR - ok
12:06:47.0804 13156 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:06:47.0804 13156 Dhcp - ok
12:06:47.0819 13156 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
12:06:47.0835 13156 disk - ok
12:06:47.0882 13156 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:06:47.0882 13156 Dnscache - ok
12:06:47.0897 13156 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
12:06:47.0913 13156 dot3svc - ok
12:06:47.0928 13156 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
12:06:47.0928 13156 DPS - ok
12:06:47.0944 13156 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:06:47.0944 13156 drmkaud - ok
12:06:47.0975 13156 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:06:47.0991 13156 DXGKrnl - ok
12:06:48.0022 13156 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
12:06:48.0022 13156 E1G60 - ok
12:06:48.0053 13156 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
12:06:48.0053 13156 EapHost - ok
12:06:48.0084 13156 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
12:06:48.0084 13156 Ecache - ok
12:06:48.0116 13156 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:06:48.0131 13156 ehRecvr - ok
12:06:48.0131 13156 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
12:06:48.0147 13156 ehSched - ok
12:06:48.0147 13156 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
12:06:48.0147 13156 ehstart - ok
12:06:48.0178 13156 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:06:48.0178 13156 elxstor - ok
12:06:48.0225 13156 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:06:48.0225 13156 EMDMgmt - ok
12:06:48.0225 13156 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:06:48.0225 13156 ErrDev - ok
12:06:48.0287 13156 [ 4D06D9A26227AC485305133916888DF1 ] ETService C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
12:06:48.0287 13156 ETService - ok
12:06:48.0303 13156 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
12:06:48.0318 13156 EventSystem - ok
12:06:48.0350 13156 [ 5D7BE7F0E9AE0609F9DBC64631C189CE ] exegacmp C:\Windows\system32\DRIVERS\exegacmp.sys
12:06:48.0350 13156 exegacmp - ok
12:06:48.0381 13156 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
12:06:48.0381 13156 exfat - ok
12:06:48.0412 13156 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:06:48.0412 13156 fastfat - ok
12:06:48.0428 13156 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:06:48.0428 13156 fdc - ok
12:06:48.0428 13156 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
12:06:48.0428 13156 fdPHost - ok
12:06:48.0443 13156 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
12:06:48.0443 13156 FDResPub - ok
12:06:48.0443 13156 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:06:48.0443 13156 FileInfo - ok
12:06:48.0474 13156 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:06:48.0474 13156 Filetrace - ok
12:06:48.0568 13156 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
12:06:48.0584 13156 FirebirdServerMAGIXInstance - ok
12:06:48.0615 13156 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:06:48.0615 13156 flpydisk - ok
12:06:48.0646 13156 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:06:48.0646 13156 FltMgr - ok
12:06:48.0755 13156 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
12:06:48.0771 13156 FontCache - ok
12:06:48.0818 13156 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:06:48.0818 13156 FontCache3.0.0.0 - ok
12:06:48.0849 13156 [ EDFE4EE6513E9D9B33799C6838DA7B5F ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
12:06:48.0880 13156 ForceWare Intelligent Application Manager (IAM) - ok
12:06:48.0896 13156 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:06:48.0896 13156 Fs_Rec - ok
12:06:48.0911 13156 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:06:48.0911 13156 gagp30kx - ok
12:06:48.0974 13156 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
12:06:48.0974 13156 GameConsoleService - ok
12:06:48.0989 13156 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:06:48.0989 13156 GEARAspiWDM - ok
12:06:49.0020 13156 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
12:06:49.0036 13156 gpsvc - ok
12:06:49.0098 13156 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:06:49.0098 13156 gupdate - ok
12:06:49.0114 13156 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:06:49.0114 13156 gupdatem - ok
12:06:49.0145 13156 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:06:49.0145 13156 gusvc - ok
12:06:49.0161 13156 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:06:49.0161 13156 HdAudAddService - ok
12:06:49.0208 13156 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:06:49.0223 13156 HDAudBus - ok
12:06:49.0239 13156 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:06:49.0239 13156 HidBth - ok
12:06:49.0270 13156 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:06:49.0270 13156 HidIr - ok
12:06:49.0301 13156 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
12:06:49.0301 13156 hidserv - ok
12:06:49.0332 13156 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:06:49.0332 13156 HidUsb - ok
12:06:49.0348 13156 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
12:06:49.0348 13156 hkmsvc - ok
12:06:49.0379 13156 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:06:49.0379 13156 HpCISSs - ok
12:06:49.0410 13156 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:06:49.0426 13156 HTTP - ok
12:06:49.0457 13156 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:06:49.0457 13156 i2omp - ok
12:06:49.0473 13156 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:06:49.0488 13156 i8042prt - ok
12:06:49.0504 13156 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:06:49.0520 13156 iaStorV - ok
12:06:49.0566 13156 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:06:49.0582 13156 idsvc - ok
12:06:49.0582 13156 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:06:49.0582 13156 iirsp - ok
12:06:49.0613 13156 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
12:06:49.0629 13156 IKEEXT - ok
12:06:49.0691 13156 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys
12:06:49.0691 13156 int15 - ok
12:06:49.0738 13156 [ 6FDF709500C20362FFC5057F0D1E0C8D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:06:49.0754 13156 IntcAzAudAddService - ok
12:06:49.0769 13156 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
12:06:49.0769 13156 intelide - ok
12:06:49.0769 13156 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:06:49.0769 13156 intelppm - ok
12:06:49.0863 13156 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
12:06:49.0863 13156 IntuitUpdateService - ok
12:06:49.0878 13156 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:06:49.0878 13156 IPBusEnum - ok
12:06:49.0910 13156 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:06:49.0910 13156 IpFilterDriver - ok
12:06:49.0956 13156 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:06:49.0972 13156 iphlpsvc - ok
12:06:49.0972 13156 IpInIp - ok
12:06:49.0972 13156 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:06:49.0972 13156 IPMIDRV - ok
12:06:50.0003 13156 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:06:50.0003 13156 IPNAT - ok
12:06:50.0050 13156 [ 9B812A3484D89EB934982D67FB7D9313 ] iPod Service C:\Program Files (x86)\iPod\bin\iPodService.exe
12:06:50.0066 13156 iPod Service - ok
12:06:50.0081 13156 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:06:50.0081 13156 IRENUM - ok
12:06:50.0097 13156 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:06:50.0097 13156 isapnp - ok
12:06:50.0128 13156 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:06:50.0128 13156 iScsiPrt - ok
12:06:50.0128 13156 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:06:50.0128 13156 iteatapi - ok
12:06:50.0128 13156 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:06:50.0144 13156 iteraid - ok
12:06:50.0144 13156 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:06:50.0159 13156 kbdclass - ok
12:06:50.0175 13156 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:06:50.0175 13156 kbdhid - ok
12:06:50.0222 13156 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
12:06:50.0237 13156 KeyIso - ok
12:06:50.0284 13156 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:06:50.0300 13156 KSecDD - ok
12:06:50.0300 13156 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:06:50.0300 13156 ksthunk - ok
12:06:50.0346 13156 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
12:06:50.0346 13156 KtmRm - ok
12:06:50.0378 13156 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:06:50.0378 13156 LanmanServer - ok
12:06:50.0424 13156 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:06:50.0424 13156 LanmanWorkstation - ok
12:06:50.0440 13156 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:06:50.0440 13156 lltdio - ok
12:06:50.0456 13156 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:06:50.0471 13156 lltdsvc - ok
12:06:50.0487 13156 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:06:50.0487 13156 lmhosts - ok
12:06:50.0502 13156 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:06:50.0502 13156 LSI_FC - ok
12:06:50.0518 13156 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:06:50.0518 13156 LSI_SAS - ok
12:06:50.0549 13156 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:06:50.0549 13156 LSI_SCSI - ok
12:06:50.0565 13156 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
12:06:50.0565 13156 luafv - ok
12:06:50.0565 13156 lxcr_device - ok
12:06:50.0627 13156 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys
12:06:50.0627 13156 MarvinBus - ok
12:06:50.0627 13156 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:06:50.0643 13156 Mcx2Svc - ok
12:06:50.0690 13156 [ 2D2D3FFCC7E262530BDBDC0020CB45DA ] mdsrv C:\Program Files (x86)\Messenger Detect\mdsrv.exe
12:06:50.0690 13156 mdsrv - ok
12:06:50.0690 13156 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
12:06:50.0690 13156 megasas - ok
12:06:50.0721 13156 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
12:06:50.0721 13156 MegaSR - ok
12:06:50.0752 13156 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
12:06:50.0752 13156 MMCSS - ok
12:06:50.0752 13156 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
12:06:50.0752 13156 Modem - ok
12:06:50.0768 13156 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:06:50.0768 13156 monitor - ok
12:06:50.0783 13156 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:06:50.0783 13156 mouclass - ok
12:06:50.0799 13156 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:06:50.0799 13156 mouhid - ok
12:06:50.0814 13156 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:06:50.0814 13156 MountMgr - ok
12:06:50.0814 13156 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
12:06:50.0830 13156 mpio - ok
12:06:50.0830 13156 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:06:50.0846 13156 mpsdrv - ok
12:06:50.0892 13156 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
12:06:50.0908 13156 MpsSvc - ok
12:06:50.0908 13156 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:06:50.0908 13156 Mraid35x - ok
12:06:50.0924 13156 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:06:50.0939 13156 MRxDAV - ok
12:06:50.0955 13156 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:06:50.0955 13156 mrxsmb - ok
12:06:50.0970 13156 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:06:50.0986 13156 mrxsmb10 - ok
12:06:50.0986 13156 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:06:51.0002 13156 mrxsmb20 - ok
12:06:51.0017 13156 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
12:06:51.0017 13156 msahci - ok
12:06:51.0017 13156 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:06:51.0017 13156 msdsm - ok
12:06:51.0033 13156 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
12:06:51.0048 13156 MSDTC - ok
12:06:51.0080 13156 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:06:51.0080 13156 Msfs - ok
12:06:51.0080 13156 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:06:51.0080 13156 msisadrv - ok
12:06:51.0111 13156 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:06:51.0111 13156 MSiSCSI - ok
12:06:51.0126 13156 msiserver - ok
12:06:51.0158 13156 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:06:51.0158 13156 MSKSSRV - ok
12:06:51.0173 13156 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:06:51.0173 13156 MSPCLOCK - ok
12:06:51.0204 13156 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:06:51.0204 13156 MSPQM - ok
12:06:51.0236 13156 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:06:51.0236 13156 MsRPC - ok
12:06:51.0236 13156 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:06:51.0236 13156 mssmbios - ok
12:06:51.0267 13156 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:06:51.0267 13156 MSTEE - ok
12:06:51.0267 13156 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
12:06:51.0267 13156 Mup - ok
12:06:51.0298 13156 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
12:06:51.0314 13156 napagent - ok
12:06:51.0329 13156 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:06:51.0345 13156 NativeWifiP - ok
12:06:51.0360 13156 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:06:51.0376 13156 NDIS - ok
12:06:51.0392 13156 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:06:51.0392 13156 NdisTapi - ok
12:06:51.0407 13156 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:06:51.0407 13156 Ndisuio - ok
12:06:51.0423 13156 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:06:51.0423 13156 NdisWan - ok
12:06:51.0438 13156 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:06:51.0438 13156 NDProxy - ok
12:06:51.0454 13156 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:06:51.0454 13156 NetBIOS - ok
12:06:51.0485 13156 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:06:51.0485 13156 netbt - ok
12:06:51.0501 13156 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
12:06:51.0501 13156 Netlogon - ok
12:06:51.0516 13156 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
12:06:51.0532 13156 Netman - ok
12:06:51.0548 13156 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
12:06:51.0563 13156 netprofm - ok
12:06:51.0579 13156 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:06:51.0579 13156 NetTcpPortSharing - ok
12:06:51.0610 13156 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:06:51.0610 13156 nfrd960 - ok
12:06:51.0626 13156 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
12:06:51.0626 13156 NlaSvc - ok
12:06:51.0657 13156 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:06:51.0657 13156 Npfs - ok
12:06:51.0672 13156 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
12:06:51.0672 13156 nsi - ok
12:06:51.0688 13156 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:06:51.0688 13156 nsiproxy - ok
12:06:51.0704 13156 [ 0304AC408043C6CB9E88FA6C813CF841 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
12:06:51.0704 13156 nSvcIp - ok
12:06:51.0750 13156 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:06:51.0782 13156 Ntfs - ok
12:06:51.0782 13156 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
12:06:51.0782 13156 Null - ok
12:06:51.0813 13156 [ 2B0885148F27B49365D3AD489F7D7B70 ] nvamacpi C:\Windows\system32\DRIVERS\NVAMACPI.sys
12:06:51.0813 13156 nvamacpi - ok
12:06:51.0844 13156 [ CF2A023F422CE6E43302B139E4B87B05 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
12:06:51.0844 13156 NVENETFD - ok
12:06:52.0078 13156 [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:06:52.0281 13156 nvlddmkm - ok
12:06:52.0296 13156 [ CF2A023F422CE6E43302B139E4B87B05 ] NVNET C:\Windows\system32\DRIVERS\nvmfdx64.sys
12:06:52.0296 13156 NVNET - ok
12:06:52.0296 13156 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:06:52.0296 13156 nvraid - ok
12:06:52.0312 13156 [ 90731D8A25964715B850A5B8C3DBFD22 ] nvrd64 C:\Windows\system32\drivers\nvrd64.sys
12:06:52.0312 13156 nvrd64 - ok
12:06:52.0328 13156 [ A3AC469AD99AC3FD63AFCCFC29A90FA9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
12:06:52.0328 13156 nvsmu - ok
12:06:52.0359 13156 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:06:52.0359 13156 nvstor - ok
12:06:52.0359 13156 [ 39D974FD0937DB87B10E78AE90951FB1 ] nvstor64 C:\Windows\system32\drivers\nvstor64.sys
12:06:52.0359 13156 nvstor64 - ok
12:06:52.0406 13156 [ 4296114F1BAD12A7244DDFB57CEEEA9E ] nvsvc C:\Windows\system32\nvvsvc.exe
12:06:52.0406 13156 nvsvc - ok
12:06:52.0421 13156 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:06:52.0421 13156 nv_agp - ok
12:06:52.0421 13156 NwlnkFlt - ok
12:06:52.0437 13156 NwlnkFwd - ok
12:06:52.0484 13156 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:06:52.0499 13156 odserv - ok
12:06:52.0515 13156 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:06:52.0515 13156 ohci1394 - ok
12:06:52.0530 13156 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:06:52.0530 13156 ose - ok
12:06:52.0562 13156 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:06:52.0577 13156 p2pimsvc - ok
12:06:52.0608 13156 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
12:06:52.0624 13156 p2psvc - ok
12:06:52.0640 13156 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
12:06:52.0640 13156 Parport - ok
12:06:52.0671 13156 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:06:52.0671 13156 partmgr - ok
12:06:52.0686 13156 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
12:06:52.0702 13156 PcaSvc - ok
12:06:52.0702 13156 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
12:06:52.0702 13156 pci - ok
12:06:52.0718 13156 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
12:06:52.0718 13156 pciide - ok
12:06:52.0733 13156 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:06:52.0733 13156 pcmcia - ok
12:06:52.0764 13156 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:06:52.0780 13156 PEAUTH - ok
12:06:52.0811 13156 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:06:52.0811 13156 PerfHost - ok
12:06:52.0842 13156 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
12:06:52.0874 13156 pla - ok
12:06:52.0905 13156 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:06:52.0905 13156 PlugPlay - ok
12:06:52.0920 13156 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:06:52.0936 13156 PNRPAutoReg - ok
12:06:52.0952 13156 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:06:52.0967 13156 PNRPsvc - ok
12:06:52.0998 13156 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:06:53.0014 13156 PolicyAgent - ok
12:06:53.0045 13156 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:06:53.0045 13156 PptpMiniport - ok
12:06:53.0061 13156 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
12:06:53.0061 13156 Processor - ok
12:06:53.0092 13156 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
12:06:53.0092 13156 ProfSvc - ok
12:06:53.0108 13156 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
12:06:53.0108 13156 ProtectedStorage - ok
12:06:53.0123 13156 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:06:53.0123 13156 PSched - ok
12:06:53.0170 13156 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:06:53.0186 13156 ql2300 - ok
12:06:53.0186 13156 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:06:53.0201 13156 ql40xx - ok
12:06:53.0217 13156 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
12:06:53.0232 13156 QWAVE - ok
12:06:53.0248 13156 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:06:53.0248 13156 QWAVEdrv - ok
12:06:53.0248 13156 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:06:53.0248 13156 RasAcd - ok
12:06:53.0264 13156 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
12:06:53.0279 13156 RasAuto - ok
12:06:53.0279 13156 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:06:53.0279 13156 Rasl2tp - ok
12:06:53.0342 13156 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
12:06:53.0342 13156 RasMan - ok
12:06:53.0373 13156 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:06:53.0373 13156 RasPppoe - ok
12:06:53.0388 13156 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:06:53.0388 13156 RasSstp - ok
12:06:53.0420 13156 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:06:53.0420 13156 rdbss - ok
12:06:53.0435 13156 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:06:53.0435 13156 RDPCDD - ok
12:06:53.0466 13156 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:06:53.0466 13156 rdpdr - ok
12:06:53.0466 13156 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:06:53.0466 13156 RDPENCDD - ok
12:06:53.0513 13156 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:06:53.0513 13156 RDPWD - ok
12:06:53.0529 13156 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:06:53.0529 13156 RemoteAccess - ok
12:06:53.0560 13156 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:06:53.0560 13156 RemoteRegistry - ok
12:06:53.0576 13156 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
12:06:53.0576 13156 RpcLocator - ok
12:06:53.0607 13156 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll
12:06:53.0622 13156 RpcSs - ok
12:06:53.0654 13156 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:06:53.0654 13156 rspndr - ok
12:06:53.0685 13156 [ 1807EA271C9685A25571D94AE4E3A8DD ] RSUSBSTOR C:\Windows\system32\Drivers\RTS5121.sys
12:06:53.0685 13156 RSUSBSTOR - ok
12:06:53.0700 13156 Rts516xIR - ok
12:06:53.0732 13156 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
12:06:53.0732 13156 SamSs - ok
12:06:53.0732 13156 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:06:53.0732 13156 sbp2port - ok
12:06:53.0747 13156 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:06:53.0763 13156 SCardSvr - ok
12:06:53.0794 13156 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
12:06:53.0810 13156 Schedule - ok
12:06:53.0841 13156 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:06:53.0841 13156 SCPolicySvc - ok
12:06:53.0856 13156 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:06:53.0856 13156 SDRSVC - ok
12:06:53.0872 13156 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:06:53.0872 13156 secdrv - ok
12:06:53.0872 13156 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
12:06:53.0888 13156 seclogon - ok
12:06:53.0903 13156 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
12:06:53.0903 13156 SENS - ok
12:06:53.0903 13156 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:06:53.0919 13156 Serenum - ok
12:06:53.0919 13156 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:06:53.0919 13156 Serial - ok
12:06:53.0950 13156 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:06:53.0950 13156 sermouse - ok
12:06:53.0966 13156 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
12:06:53.0981 13156 SessionEnv - ok
12:06:53.0981 13156 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:06:53.0981 13156 sffdisk - ok
12:06:53.0997 13156 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:06:53.0997 13156 sffp_mmc - ok
12:06:54.0012 13156 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:06:54.0012 13156 sffp_sd - ok
12:06:54.0028 13156 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:06:54.0028 13156 sfloppy - ok
12:06:54.0075 13156 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:06:54.0090 13156 SharedAccess - ok
12:06:54.0137 13156 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:06:54.0137 13156 ShellHWDetection - ok
12:06:54.0153 13156 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:06:54.0168 13156 SiSRaid2 - ok
12:06:54.0184 13156 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:06:54.0184 13156 SiSRaid4 - ok
12:06:54.0246 13156 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
12:06:54.0293 13156 slsvc - ok
12:06:54.0309 13156 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:06:54.0309 13156 SLUINotify - ok
12:06:54.0340 13156 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:06:54.0340 13156 Smb - ok
12:06:54.0387 13156 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:06:54.0387 13156 SNMPTRAP - ok
12:06:54.0402 13156 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
12:06:54.0402 13156 spldr - ok
12:06:54.0434 13156 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
12:06:54.0434 13156 Spooler - ok
12:06:54.0449 13156 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
12:06:54.0465 13156 srv - ok
12:06:54.0480 13156 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:06:54.0480 13156 srv2 - ok
12:06:54.0512 13156 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:06:54.0512 13156 srvnet - ok
12:06:54.0512 13156 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:06:54.0527 13156 SSDPSRV - ok
12:06:54.0527 13156 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:06:54.0543 13156 SstpSvc - ok
12:06:54.0558 13156 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
12:06:54.0574 13156 stisvc - ok
12:06:54.0605 13156 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:06:54.0605 13156 swenum - ok
12:06:54.0636 13156 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
12:06:54.0652 13156 swprv - ok
12:06:54.0668 13156 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:06:54.0668 13156 Symc8xx - ok
12:06:54.0683 13156 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:06:54.0683 13156 Sym_hi - ok
12:06:54.0699 13156 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:06:54.0699 13156 Sym_u3 - ok
12:06:54.0746 13156 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
12:06:54.0777 13156 SysMain - ok
12:06:54.0777 13156 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:06:54.0777 13156 TabletInputService - ok
12:06:54.0808 13156 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:06:54.0808 13156 TapiSrv - ok
12:06:54.0824 13156 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
12:06:54.0824 13156 TBS - ok
12:06:54.0870 13156 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:06:54.0886 13156 Tcpip - ok
12:06:54.0917 13156 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:06:54.0917 13156 Tcpip6 - ok
12:06:54.0933 13156 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:06:54.0933 13156 tcpipreg - ok
12:06:54.0964 13156 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:06:54.0964 13156 TDPIPE - ok
12:06:54.0980 13156 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:06:54.0980 13156 TDTCP - ok
12:06:55.0011 13156 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:06:55.0011 13156 tdx - ok
12:06:55.0058 13156 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:06:55.0058 13156 TermDD - ok
12:06:55.0073 13156 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
12:06:55.0104 13156 TermService - ok
12:06:55.0120 13156 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
12:06:55.0120 13156 Themes - ok
12:06:55.0136 13156 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
12:06:55.0136 13156 THREADORDER - ok
12:06:55.0136 13156 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
12:06:55.0136 13156 TrkWks - ok
12:06:55.0167 13156 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:06:55.0167 13156 TrustedInstaller - ok
12:06:55.0198 13156 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:06:55.0198 13156 tssecsrv - ok
12:06:55.0214 13156 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:06:55.0214 13156 tunmp - ok
12:06:55.0229 13156 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:06:55.0229 13156 tunnel - ok
12:06:55.0245 13156 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:06:55.0260 13156 uagp35 - ok
12:06:55.0292 13156 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:06:55.0292 13156 udfs - ok
12:06:55.0307 13156 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:06:55.0307 13156 UI0Detect - ok
12:06:55.0338 13156 [ CA90D2C55EB3BB90687677BEA3DB0B59 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
12:06:55.0338 13156 UleadBurningHelper - ok
12:06:55.0354 13156 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:06:55.0370 13156 uliagpkx - ok
12:06:55.0370 13156 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:06:55.0385 13156 uliahci - ok
12:06:55.0385 13156 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:06:55.0385 13156 UlSata - ok
12:06:55.0401 13156 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:06:55.0401 13156 ulsata2 - ok
12:06:55.0416 13156 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:06:55.0416 13156 umbus - ok
12:06:55.0432 13156 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
12:06:55.0448 13156 upnphost - ok
12:06:55.0463 13156 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
12:06:55.0479 13156 UPnPService - ok
12:06:55.0510 13156 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:06:55.0510 13156 USBAAPL64 - ok
12:06:55.0541 13156 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:06:55.0541 13156 usbccgp - ok
12:06:55.0572 13156 USBCCID - ok
12:06:55.0604 13156 [ 8C39D53E1A343F4C47EE8F3C052126D8 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
12:06:55.0604 13156 usbcir - ok
12:06:55.0619 13156 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:06:55.0619 13156 usbehci - ok
12:06:55.0650 13156 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:06:55.0650 13156 usbhub - ok
12:06:55.0666 13156 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:06:55.0666 13156 usbohci - ok
12:06:55.0697 13156 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:06:55.0697 13156 usbprint - ok
12:06:55.0713 13156 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:06:55.0713 13156 usbscan - ok
12:06:55.0713 13156 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:06:55.0728 13156 USBSTOR - ok
12:06:55.0744 13156 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:06:55.0744 13156 usbuhci - ok
12:06:55.0791 13156 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
12:06:55.0791 13156 UxSms - ok
12:06:55.0806 13156 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
12:06:55.0822 13156 vds - ok
12:06:55.0853 13156 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:06:55.0853 13156 vga - ok
12:06:55.0884 13156 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:06:55.0884 13156 VgaSave - ok
12:06:55.0884 13156 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
12:06:55.0884 13156 viaide - ok
12:06:55.0900 13156 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:06:55.0900 13156 volmgr - ok
12:06:55.0931 13156 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:06:55.0931 13156 volmgrx - ok
12:06:55.0947 13156 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:06:55.0962 13156 volsnap - ok
12:06:55.0978 13156 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:06:55.0978 13156 vsmraid - ok
12:06:56.0009 13156 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
12:06:56.0040 13156 VSS - ok
12:06:56.0103 13156 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
12:06:56.0103 13156 W32Time - ok
12:06:56.0118 13156 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:06:56.0118 13156 WacomPen - ok
12:06:56.0150 13156 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:06:56.0150 13156 Wanarp - ok
12:06:56.0150 13156 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:06:56.0150 13156 Wanarpv6 - ok
12:06:56.0165 13156 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:06:56.0181 13156 wcncsvc - ok
12:06:56.0212 13156 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:06:56.0212 13156 WcsPlugInService - ok
12:06:56.0228 13156 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
12:06:56.0228 13156 Wd - ok
12:06:56.0243 13156 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:06:56.0259 13156 Wdf01000 - ok
12:06:56.0274 13156 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:06:56.0274 13156 WdiServiceHost - ok
12:06:56.0306 13156 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:06:56.0306 13156 WdiSystemHost - ok
12:06:56.0337 13156 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
12:06:56.0337 13156 WebClient - ok
12:06:56.0352 13156 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:06:56.0352 13156 Wecsvc - ok
12:06:56.0368 13156 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:06:56.0368 13156 wercplsupport - ok
12:06:56.0384 13156 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
12:06:56.0384 13156 WerSvc - ok
12:06:56.0399 13156 WinDefend - ok
12:06:56.0415 13156 WinHttpAutoProxySvc - ok
12:06:56.0462 13156 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:06:56.0477 13156 Winmgmt - ok
12:06:56.0540 13156 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
12:06:56.0586 13156 WinRM - ok
12:06:56.0680 13156 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:06:56.0696 13156 Wlansvc - ok
12:06:56.0696 13156 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:06:56.0696 13156 WmiAcpi - ok
12:06:56.0727 13156 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:06:56.0727 13156 wmiApSrv - ok
12:06:56.0742 13156 WMPNetworkSvc - ok
12:06:56.0774 13156 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:06:56.0774 13156 WPCSvc - ok
12:06:56.0789 13156 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:06:56.0789 13156 WPDBusEnum - ok
12:06:56.0820 13156 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
12:06:56.0820 13156 WpdUsb - ok
12:06:56.0930 13156 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:06:56.0945 13156 WPFFontCache_v0400 - ok
12:06:56.0945 13156 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:06:56.0945 13156 ws2ifsl - ok
12:06:56.0961 13156 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
12:06:56.0976 13156 wscsvc - ok
12:06:56.0976 13156 WSearch - ok
12:06:57.0054 13156 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:06:57.0101 13156 wuauserv - ok
12:06:57.0117 13156 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:06:57.0117 13156 WUDFRd - ok
12:06:57.0132 13156 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:06:57.0132 13156 wudfsvc - ok
12:06:57.0148 13156 ================ Scan global ===============================
12:06:57.0210 13156 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
12:06:57.0226 13156 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
12:06:57.0257 13156 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
12:06:57.0304 13156 [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe
12:06:57.0304 13156 [Global] - ok
12:06:57.0304 13156 ================ Scan MBR ==================================
12:06:57.0320 13156 [ EF9CDC51B437D322D54016B68F003416 ] \Device\Harddisk0\DR0
12:06:59.0441 13156 \Device\Harddisk0\DR0 - ok
12:06:59.0441 13156 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
12:07:01.0688 13156 \Device\Harddisk1\DR1 - ok
12:07:01.0688 13156 ================ Scan VBR ==================================
12:07:01.0688 13156 [ 0D57BEABD49577AABAE7DF3F80A201F8 ] \Device\Harddisk0\DR0\Partition1
12:07:01.0688 13156 \Device\Harddisk0\DR0\Partition1 - ok
12:07:01.0703 13156 [ CF41ACDD5F7453DBD72FCC8CB6ADC971 ] \Device\Harddisk1\DR1\Partition1
12:07:01.0703 13156 \Device\Harddisk1\DR1\Partition1 - ok
12:07:01.0703 13156 ============================================================
12:07:01.0703 13156 Scan finished
12:07:01.0703 13156 ============================================================
12:07:01.0719 11756 Detected object count: 0
12:07:01.0719 11756 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-21 10:19:22
-----------------------------
10:19:22.212 OS Version: Windows x64 6.0.6002 Service Pack 2
10:19:22.212 Number of processors: 4 586 0x1707
10:19:22.212 ComputerName: MOM-PC UserName: MOM
10:19:23.491 Initialize success
10:20:21.918 AVAST engine defs: 12082100
10:20:32.214 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
10:20:32.214 Disk 0 Vendor: NVIDIA__ 0100 Size: 610480MB BusType: 8
10:20:32.230 Disk 0 MBR read successfully
10:20:32.230 Disk 0 MBR scan
10:20:32.245 Disk 0 unknown MBR code
10:20:32.245 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
10:20:32.261 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 595472 MB offset 30734336
10:20:32.292 Disk 0 scanning C:\Windows\system32\drivers
10:20:38.782 Service scanning
10:20:53.836 Modules scanning
10:20:53.836 Disk 0 trace - called modules:
10:20:53.851 ntoskrnl.exe CLASSPNP.SYS disk.sys nvrd64.sys storport.sys hal.dll nvstor64.sys
10:20:53.867 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b21700]
10:20:54.382 3 CLASSPNP.SYS[fffffa6000a0ec33] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa8004920540]
10:20:54.382 5 nvrd64.sys[fffffa60009b25d0] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa8003e109e0]
10:20:55.723 AVAST engine scan C:\Windows
10:21:02.665 AVAST engine scan C:\Windows\system32
10:24:55.701 AVAST engine scan C:\Windows\system32\drivers
10:25:32.267 AVAST engine scan C:\Users\MOM
10:44:17.907 File: C:\Users\MOM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf.dll **INFECTED** Win32:Adware-gen [Adw]
11:23:45.920 AVAST engine scan C:\ProgramData
11:55:28.921 Scan finished successfully
12:04:40.101 Disk 0 MBR has been saved successfully to "C:\Users\MOM\Desktop\MBR.dat"
12:04:40.117 The log file has been saved successfully to "C:\Users\MOM\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:45 AM

Posted 21 August 2012 - 01:01 PM

Greetings StillAMeese

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\Users\MOM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
c:\program files (x86)\egamestoolbar
c:\program files (x86)\Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 StillAMeese

StillAMeese
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 21 August 2012 - 03:50 PM

Ugh... Ran ComboFix as instructed with the txt file. No problems in running it. However, it doesn't seem to have done anything. Computer is still running about the same... no major slow-downs but still getting webpage redirect on the bitly website to PandaCloud Antivirus.

Here is the latest ComboFix log:

ComboFix 12-08-21.01 - MOM 08/21/2012 14:54:05.3.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2663 [GMT -5:00]
Running from: c:\users\MOM\Desktop\ComboFix.exe
Command switches used :: c:\users\MOM\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_4f90.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\egamestoolbar
c:\program files (x86)\egamestoolbar\auxi\config.xml
c:\program files (x86)\egamestoolbar\auxi\egamesb.dll
c:\program files (x86)\egamestoolbar\chrome\bin\AuxBHO.dll
c:\program files (x86)\egamestoolbar\chrome\content\about.xml
c:\program files (x86)\egamestoolbar\chrome\content\egames.js
c:\program files (x86)\egamestoolbar\chrome\content\egamesPreferences.xml
c:\program files (x86)\egamestoolbar\chrome\content\egamesrsswin.xml
c:\program files (x86)\egamestoolbar\chrome\content\external.js
c:\program files (x86)\egamestoolbar\chrome\content\featured.xml
c:\program files (x86)\egamestoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\egamestoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\egamestoolbar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\egamestoolbar\chrome\content\lib\external.js
c:\program files (x86)\egamestoolbar\chrome\content\lib\windowmediator.js
c:\program files (x86)\egamestoolbar\chrome\content\neterror.xhtml
c:\program files (x86)\egamestoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\egamestoolbar\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\egamestoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\egamestoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\egamestoolbar\chrome\content\newtab\images\Thumbs.db
c:\program files (x86)\egamestoolbar\chrome\content\newtab\newtab.html
c:\program files (x86)\egamestoolbar\chrome\content\toolbar.htm
c:\program files (x86)\egamestoolbar\chrome\content\toolbar.xul
c:\program files (x86)\egamestoolbar\chrome\data\feeds\dynamicMenu.xsl
c:\program files (x86)\egamestoolbar\chrome\data\feeds\dynamicMenu2.xsl
c:\program files (x86)\egamestoolbar\chrome\data\feeds\featured.xml
c:\program files (x86)\egamestoolbar\chrome\data\feeds\newadditions.xml
c:\program files (x86)\egamestoolbar\chrome\data\feeds\onlinegames.xml
c:\program files (x86)\egamestoolbar\chrome\data\feeds\specialoffers.xml
c:\program files (x86)\egamestoolbar\chrome\data\feeds\top10.xml
c:\program files (x86)\egamestoolbar\chrome\data\search\engines.xml
c:\program files (x86)\egamestoolbar\chrome\data\search\search.xsl
c:\program files (x86)\egamestoolbar\chrome\skin\bg_end.gif
c:\program files (x86)\egamestoolbar\chrome\skin\bg_mdl.gif
c:\program files (x86)\egamestoolbar\chrome\skin\bg_start.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_featured.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_featured_on.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_freeonline.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_freeonline_on.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_newadd.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_newadd_on.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_offers.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_offers_on.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_search.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_search_on.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_search2.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_search2.png
c:\program files (x86)\egamestoolbar\chrome\skin\btn_search2_on.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_settings.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_settings_on.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_top10.gif
c:\program files (x86)\egamestoolbar\chrome\skin\btn_top10_on.gif
c:\program files (x86)\egamestoolbar\chrome\skin\categories.png
c:\program files (x86)\egamestoolbar\chrome\skin\divider.gif
c:\program files (x86)\egamestoolbar\chrome\skin\egames.css
c:\program files (x86)\egamestoolbar\chrome\skin\egames.png
c:\program files (x86)\egamestoolbar\chrome\skin\feature.png
c:\program files (x86)\egamestoolbar\chrome\skin\help.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\add.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\alexa\alexabutton.css
c:\program files (x86)\egamestoolbar\chrome\skin\lib\alexa\graphred0.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\alexa\graphred0_5.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\alexa\graphred1.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\alexa\graphred1_5.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\alexa\graphred2.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\alexa\graphred2_5.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\alexa\graphred3.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\alexa\graphred3_5.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\alexa\graphred4.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\alexa\graphred4_5.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\alexa\graphred5.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\alexa\graphredna.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\alexa\relatedlinks.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\alexa\siteinfo.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\blank.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\checkmark.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\chevron.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\collapse.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\dtx.css
c:\program files (x86)\egamestoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\edit-back.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\expand.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\found.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\highlight.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\lock.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\minus.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\modify.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\move.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\movetarget.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\plus.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\radio.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\reload.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\remove.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\rename.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\rss.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\search-go.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\search.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\separator.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\egamestoolbar\chrome\skin\lib\toolbarseparator.css
c:\program files (x86)\egamestoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\egamestoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\websiteinspector-norating.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\websiteinspector-verified.gif
c:\program files (x86)\egamestoolbar\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files (x86)\egamestoolbar\chrome\skin\logo.gif
c:\program files (x86)\egamestoolbar\chrome\skin\logo.png
c:\program files (x86)\egamestoolbar\chrome\skin\logo_over.gif
c:\program files (x86)\egamestoolbar\chrome\skin\menuback-hot.gif
c:\program files (x86)\egamestoolbar\chrome\skin\menuback.gif
c:\program files (x86)\egamestoolbar\chrome\skin\modify.png
c:\program files (x86)\egamestoolbar\chrome\skin\new.png
c:\program files (x86)\egamestoolbar\chrome\skin\news.png
c:\program files (x86)\egamestoolbar\chrome\skin\offers.png
c:\program files (x86)\egamestoolbar\chrome\skin\options.png
c:\program files (x86)\egamestoolbar\chrome\skin\options\options-main.gif
c:\program files (x86)\egamestoolbar\chrome\skin\options\options-search.png
c:\program files (x86)\egamestoolbar\chrome\skin\options\options-widgets.png
c:\program files (x86)\egamestoolbar\chrome\skin\rss-delete.png
c:\program files (x86)\egamestoolbar\chrome\skin\rss-feed.png
c:\program files (x86)\egamestoolbar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\egamestoolbar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\egamestoolbar\chrome\skin\rss-folder.png
c:\program files (x86)\egamestoolbar\chrome\skin\rss-found.png
c:\program files (x86)\egamestoolbar\chrome\skin\rss-reload.png
c:\program files (x86)\egamestoolbar\chrome\skin\rss-subscribe.png
c:\program files (x86)\egamestoolbar\chrome\skin\rss.png
c:\program files (x86)\egamestoolbar\chrome\skin\rssback.gif
c:\program files (x86)\egamestoolbar\chrome\skin\rsstopback.gif
c:\program files (x86)\egamestoolbar\chrome\skin\save.png
c:\program files (x86)\egamestoolbar\chrome\skin\search.png
c:\program files (x86)\egamestoolbar\chrome\skin\search_web.gif
c:\program files (x86)\egamestoolbar\chrome\skin\searchbox.gif
c:\program files (x86)\egamestoolbar\chrome\skin\slider.gif
c:\program files (x86)\egamestoolbar\chrome\skin\template\01.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\010.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\02.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\03.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\04.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\05.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\06.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\07.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\08.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\09.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\477_gsl.gif
c:\program files (x86)\egamestoolbar\chrome\skin\template\515_gsl.gif
c:\program files (x86)\egamestoolbar\chrome\skin\template\btn_search2.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\dynamicMenu.xsl
c:\program files (x86)\egamestoolbar\chrome\skin\template\dynamicMenu2.xsl
c:\program files (x86)\egamestoolbar\chrome\skin\template\ico_featured.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\ico_freeonline.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\ico_newadd.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\ico_offers.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\ico_top10.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\next.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\pnl_btmcenter.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\pnl_btmleft.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\pnl_btmright.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\pnl_mdlcenter.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\pnl_mdlleft.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\pnl_mdright.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\pnl_mdright2.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\pnl_upcenter.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\pnl_upleft.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\pnl_upright.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\popup.html
c:\program files (x86)\egamestoolbar\chrome\skin\template\question.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\scroll_arrowtop.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\scroll_btm.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\scroll_mdl.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\scroll_toarrowbtm.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\scroll_top.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\scrollbar_btm.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\scrollbar_mdl.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\scrollbar_top.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\stars\stars0.0.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\stars\stars0.5.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\stars\stars1.0.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\stars\stars1.5.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\stars\stars2.0.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\stars\stars2.5.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\stars\stars3.0.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\stars\stars3.5.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\stars\stars4.0.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\stars\stars4.5.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\stars\stars5.0.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\stars_on_search.png
c:\program files (x86)\egamestoolbar\chrome\skin\template\table.html
c:\program files (x86)\egamestoolbar\chrome\skin\template\table.js
c:\program files (x86)\egamestoolbar\chrome\skin\template\table_top.html
c:\program files (x86)\egamestoolbar\chrome\skin\template\xp_close_small.gif
c:\program files (x86)\egamestoolbar\chrome\skin\throbber.gif
c:\program files (x86)\egamestoolbar\chrome\skin\Top.png
c:\program files (x86)\egamestoolbar\chrome\skin\web.png
c:\program files (x86)\egamestoolbar\chrome\skin\yahoosearch.png
c:\program files (x86)\egamestoolbar\egames.dll
c:\program files (x86)\egamestoolbar\egamestoolbar.dll
c:\program files (x86)\egamestoolbar\install.ico
c:\program files (x86)\egamestoolbar\manifest.xml
c:\program files (x86)\egamestoolbar\uninstall.exe
c:\users\MOM\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\users\MOM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
c:\users\MOM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\chrome.manifest
c:\users\MOM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\chrome\lptextlinks.jar
c:\users\MOM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf.dll
c:\users\MOM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf.xpt
c:\users\MOM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))
.
.
2012-08-21 20:16 . 2012-08-21 20:16 -------- d-----w- c:\users\Nicki\AppData\Local\temp
2012-08-21 20:16 . 2012-08-21 20:16 -------- d-----w- c:\users\Kristen\AppData\Local\temp
2012-08-21 20:16 . 2012-08-21 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-21 20:16 . 2012-08-21 20:16 -------- d-----w- c:\users\Ashley & Kristen\AppData\Local\temp
2012-08-18 16:48 . 2012-08-18 16:48 -------- d-----w- c:\users\MOM\AppData\Roaming\OpenOffice.org
2012-08-18 05:31 . 2012-08-18 05:31 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-08-17 03:38 . 2012-08-17 03:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-17 02:33 . 2012-08-17 02:33 -------- d-----w- C:\_OTL
2012-08-17 00:37 . 2012-08-17 00:37 -------- d-----w- c:\users\MOM\AppData\Local\Amazon
2012-08-10 06:59 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FB80789-66F8-483B-AA12-B67C235E19E6}\mpengine.dll
2012-08-08 22:41 . 2012-08-08 22:41 -------- d-----w- c:\programdata\Affinegy
2012-08-05 20:37 . 2012-08-05 20:37 -------- d-----w- c:\program files (x86)\Belkin
2012-08-01 21:00 . 2012-08-01 21:34 -------- d-----w- c:\programdata\7531CC960000F6F9004E36192F3B707C
2012-07-25 16:35 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-07-24 23:11 . 2012-07-24 23:57 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-24 23:09 . 2012-07-24 23:57 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-24 23:09 . 2012-06-22 20:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-07-24 23:09 . 2012-07-24 23:55 -------- d-----w- c:\programdata\PC Tools
2012-07-24 23:09 . 2012-07-24 23:09 -------- d-----w- c:\users\MOM\AppData\Roaming\TestApp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 03:40 . 2009-07-23 09:16 384512 ----a-w- c:\windows\system32\services.exe
2012-07-26 07:04 . 2010-06-01 04:56 71 ----a-w- c:\windows\system32\aipican.dll
2012-07-12 08:02 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-03 18:46 . 2009-08-31 01:44 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 14:08 . 2012-06-19 14:08 34275360 ----a-w- c:\users\MOM\dsb-deluxe_full965.exe
2012-06-13 13:58 . 2012-07-12 08:00 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 17:59 . 2012-07-11 12:58 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-11 12:58 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 12:58 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 12:58 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 12:58 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 12:58 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-19 13:03 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 13:03 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 13:03 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 13:03 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 13:03 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-19 13:03 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 13:03 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-19 13:03 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 13:03 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-19 13:03 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 20:19 . 2012-06-19 13:03 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:19 . 2012-06-19 13:03 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 20:15 . 2012-06-19 13:03 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 20:12 . 2012-06-19 13:03 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 12:49 . 2012-07-12 08:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 08:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 08:01 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 08:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 08:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 08:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 08:01 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 08:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 08:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 08:01 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 08:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 08:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 08:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 08:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 08:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 08:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 08:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 00:22 . 2012-07-11 12:58 347136 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 12:58 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 12:58 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 12:58 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 12:58 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-20_16.11.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-08-21 20:18 54514 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-08-21 20:19 87530 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-31 23:49 . 2012-08-21 20:19 11090 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-799287411-2366509477-4261898777-1000_UserData.bin
+ 2012-08-21 20:17 . 2012-08-21 20:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-20 16:10 . 2012-08-20 16:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-21 20:17 . 2012-08-21 20:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-20 16:10 . 2012-08-20 16:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-01 03:23 . 2012-08-21 12:07 447644 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-01-31 23:16 . 2012-08-21 14:39 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-31 23:16 . 2012-08-19 16:07 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-11 00:01 . 2012-08-21 20:16 411876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-11 00:01 . 2012-08-20 16:09 411876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-01-31 23:16 . 2012-08-21 14:39 3883008 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-31 23:16 . 2012-08-19 16:07 3883008 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-09 21:51 . 2012-08-21 19:09 1141220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-799287411-2366509477-4261898777-1000-12288.dat
+ 2009-01-31 23:16 . 2012-08-21 14:39 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-31 23:16 . 2012-08-19 16:07 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-19 08:18 . 2012-08-21 20:16 37395020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-799287411-2366509477-4261898777-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files (x86)\Alexa Toolbar\AlexaToolbar.10.0.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2012-01-17 1884576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\MOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave1"=wdmaud.drv
.
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 257696]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 15:03]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 04:16]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 04:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1208&m=lx6810-01
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.juno.com/search?action=minisearch&source=minisearch
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\windows\system32\wpclsp.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Trusted Zone: hotmail.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: juno.com
Trusted Zone: live.com\login
TCP: DhcpNameServer = 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - c:\program files (x86)\egamestoolbar\egamestoolbar.dll
BHO-{A6BCD8FE-436D-4ad3-A5C5-A3DFCD61568A} - c:\program files (x86)\egamestoolbar\auxi\egamesb.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - c:\program files (x86)\egamestoolbar\egamestoolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-egamestoolbar - c:\program files (x86)\egamestoolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\MHotKey.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\windows\ChiFuncExt.exe
.
**************************************************************************
.
Completion time: 2012-08-21 15:26:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-21 20:26
ComboFix2.txt 2012-08-20 16:19
.
Pre-Run: 355,161,022,464 bytes free
Post-Run: 355,038,466,048 bytes free
.
- - End Of File - - 47131590780B4C3EBA1653E2E1A33CFC

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:45 AM

Posted 21 August 2012 - 05:03 PM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 StillAMeese

StillAMeese
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 22 August 2012 - 08:59 AM

Here you go:

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: MOM [Admin rights]
Mode: Scan -- Date: 08/22/2012 08:53:23

¤¤¤ Bad processes: 3 ¤¤¤
[SUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]
[SUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]
[SUSP PATH] ChiFuncExt.exe -- C:\Windows\ChiFuncExt.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{716142ad-b019-dbba-d04c-73aec0e094d4}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{716142ad-b019-dbba-d04c-73aec0e094d4}\L --> FOUND
[ZeroAccess][FOLDER] U : c:\users\mom\appdata\local\{716142ad-b019-dbba-d04c-73aec0e094d4}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\mom\appdata\local\{716142ad-b019-dbba-d04c-73aec0e094d4}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: NVIDIA STRIPE 596.17G0100 +++++
--- User ---
[MBR] 80dfe5d268e4fa22bbfc9779292a121b
[BSP] 8e1a7391ab0f81f2a95562c42fb00a81 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 15005 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30734336 | Size: 595472 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:45 AM

Posted 22 August 2012 - 09:55 AM

--Run RogueKiller--

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 StillAMeese

StillAMeese
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 22 August 2012 - 06:20 PM

Yay! I think it might be gone! I'm not getting page redirects, at least.

Here is the report:

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: MOM [Admin rights]
Mode: Remove -- Date: 08/22/2012 18:14:11

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{716142ad-b019-dbba-d04c-73aec0e094d4}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\installer\{716142ad-b019-dbba-d04c-73aec0e094d4}\L --> REMOVED
[ZeroAccess][FOLDER] U : c:\users\mom\appdata\local\{716142ad-b019-dbba-d04c-73aec0e094d4}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\users\mom\appdata\local\{716142ad-b019-dbba-d04c-73aec0e094d4}\L --> REMOVED

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: NVIDIA STRIPE 596.17G0100 +++++
--- User ---
[MBR] 80dfe5d268e4fa22bbfc9779292a121b
[BSP] 8e1a7391ab0f81f2a95562c42fb00a81 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 15005 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30734336 | Size: 595472 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:45 AM

Posted 22 August 2012 - 08:55 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8.1.3
Alexa Toolbar
Ask Toolbar
BitTorrent
FrostWire 4.21.7
Java™ 6 Update 22
Java™ 6 Update 23
Java™ 6 Update 5
LimeWire 5.2.13
SoulSeek Client 156c
SoulSeek Client 157 test 11
Spybot - Search & Destroy
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 StillAMeese

StillAMeese
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 23 August 2012 - 06:19 PM

Thanks for the prompt about the P2P programs. No one in my house has used any of those for quite some time and I had meant to get rid of them a long time ago and just never did. I'm pretty sure that I had everything set to not share any files at all on those programs, but with kids in the house, anything is possible!

I did everything in your instructions. I had a "brain fart" when I started uninstalling from the list you gave me and started using the Windows uninstaller, and when I got to the Ask toolbar, I got an error message that said this: "Error 1905.module c:\program files (x86)\ask.com\generic ask toolbar.dll failed to unregister HResult -2147220472 Contact your support personnel". That error message "woke me up" and I downloaded ccleaner as you recommended and used that for the rest of the list. There were no additional error messages. (Alexa toolbar was not listed as you suggested might happen).

Just prior to coming to this website to check for messages, my internet seemed to be VERY slow, taking a long time to load pages and I was typing faster than what was showing up on my monitor. After running all of the utilities and such that you instructed, it doesn't appear to be doing that anymore and seems to be running at normal speed now.

Here are the reports:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.23.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
MOM :: MOM-PC [administrator]

8/23/2012 5:42:05 PM
mbam-log-2012-08-23 (17-42-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 276728
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:51:06 PM, on 8/23/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\MHotKey.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\ChiFuncExt.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Users\MOM\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1208&m=lx6810-01
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.juno.com/search?action=minisearch&source=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: eGames Toolbar - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files (x86)\egamestoolbar\egamestoolbar.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Security Helper {A6BCD8FE-436D-4ad3-A5C5-A3DFCD61568A} - {A6BCD8FE-436D-4ad3-A5C5-A3DFCD61568A} - C:\Program Files (x86)\egamestoolbar\auxi\egamesb.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: eGames Toolbar - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files (x86)\egamestoolbar\egamestoolbar.dll (file missing)
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Alexa Toolbar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Alexa Toolbar\AlexaToolbar.10.0.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.hotmail.com
O15 - Trusted Zone: *.juno.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9600 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users