Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with scour/redirect virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 Dennis s

Dennis s

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 17 August 2012 - 07:04 PM

My computer keeps redirecting when ever using google or bing search engine. Here is DDS.txt (apologize if this is duplicate post):

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by Family at 16:48:49 on 2012-08-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4533 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Windows\system32\svchost.exe -k SDRSVC
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUI.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Users\Family\Downloads\HijackThis (1).exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Adobe] rundll32.exe "C:\Users\Family\AppData\Local\ATI\Adobe\dutip.dll",CreateInstance
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Family\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ctfmon.lnk - C:\Windows\System32\rundll32.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{18BAEE32-7A7F-4151-B2E3-CD66400E704F} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO-X64: Somoto Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [NeroFilterCheck] C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-7-20 244624]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-11 935480]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-12 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-20 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-12 136176]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SaiH053C;SaiH053C;C:\Windows\system32\DRIVERS\SaiH053C.sys --> C:\Windows\system32\DRIVERS\SaiH053C.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-17 03:32:10 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BC389026-6222-4CD8-9BFB-1650C649A9E2}\mpengine.dll
2012-08-16 22:59:11 -------- d-----w- C:\Program Files\CCleaner
2012-08-16 04:34:16 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-16 04:34:09 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-16 02:26:31 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FB917075-0F6B-4847-B86C-EB1873CA1DDA}\gapaengine.dll
2012-08-16 02:26:28 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-16 02:22:45 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-08-16 02:22:42 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-08-16 02:17:58 237072 ------w- C:\Windows\SysWow64\MpSigStub.exe
2012-08-16 01:56:35 -------- d-----w- C:\Windows\pss
2012-08-15 03:00:50 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 03:00:50 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 03:00:48 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 03:00:48 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 03:00:48 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 03:00:48 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 03:00:47 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 03:00:47 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 03:00:47 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 03:00:46 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 03:00:45 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-07-19 00:17:30 -------- d-----w- C:\Users\Family\AppData\Local\{38293382-5E94-45EA-B30A-81304B14197B}
2012-07-19 00:17:19 -------- d-----w- C:\Users\Family\AppData\Local\{64308FB5-4C73-4D17-A9CD-3E84E131092D}
2012-07-19 00:17:06 -------- d-----w- C:\Users\Family\Tracing
2012-07-19 00:04:30 -------- d-----w- C:\Windows\en
2012-07-19 00:03:43 -------- d-----w- C:\Windows\fr
2012-07-19 00:02:40 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-07-18 23:59:33 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\60c8380d1cd654101\DSETUP.dll
2012-07-18 23:59:33 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\60c8380d1cd654101\DXSETUP.exe
2012-07-18 23:59:33 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\60c8380d1cd654101\dsetup32.dll
2012-07-18 23:59:33 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\60fa34f31cd654102\MeshBetaRemover.exe
2012-07-18 23:57:51 -------- d-----w- C:\Users\Family\AppData\Local\{F8960810-8993-46F0-95CE-15365DBEAE23}
2012-07-18 23:57:40 -------- d-----w- C:\Users\Family\AppData\Local\{9A4F050A-DD23-4403-9FE0-D455080B2271}
.
==================== Find3M ====================
.
2012-08-16 04:34:02 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-15 02:46:21 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 02:46:21 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-07 03:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 16:49:18.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 PM

Posted 19 August 2012 - 02:07 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Dennis s

Dennis s
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 19 August 2012 - 10:56 AM

A quick check during several google searches resulted in no problems, hopefully combo fix solved it. Did need to perform a 2nd reboot as instructions indicated. Combofix.txt:

ComboFix 12-08-18.03 - Family 08/19/2012 8:32.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4472 [GMT -7:00]
Running from: c:\users\Family\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\somototoolbar\vmNTemplatex.dll
c:\programdata\ras_0oed.pad
c:\users\Family\AppData\Local\ATI\Adobe\dutip.dll
c:\users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 07:21 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F95D09AE-33AF-4ED6-A5E2-2CD14A5D20EE}\mpengine.dll
2012-08-19 03:27 . 2012-08-19 03:27 -------- d-----w- c:\windows\LastGood.Tmp
2012-08-18 03:47 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-16 22:59 . 2012-08-16 22:59 -------- d-----w- c:\program files\CCleaner
2012-08-16 04:35 . 2012-08-16 04:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-16 04:34 . 2012-08-16 04:34 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-16 04:34 . 2012-08-16 04:34 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-16 04:34 . 2012-08-16 04:34 -------- d-----w- c:\program files (x86)\Java
2012-08-16 02:26 . 2012-08-16 02:26 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB917075-0F6B-4847-B86C-EB1873CA1DDA}\gapaengine.dll
2012-08-16 02:22 . 2012-08-16 02:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-16 02:22 . 2012-08-16 02:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-16 02:17 . 2012-01-31 12:59 237072 ------w- c:\windows\SysWow64\MpSigStub.exe
2012-08-15 03:00 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 03:00 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 03:00 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 03:00 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 03:00 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 03:00 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 03:00 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 03:00 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 03:00 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 03:00 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 03:00 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 03:00 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-12 16:52 . 2012-08-12 16:52 -------- d--h--r- c:\users\Family\AppData\Roaming\SecuROM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 04:34 . 2011-12-08 00:32 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-15 10:00 . 2011-11-25 17:27 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 02:46 . 2012-04-20 23:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 02:46 . 2011-07-21 05:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-02 22:19 . 2012-06-22 01:21 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:21 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 01:21 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:21 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 01:21 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 01:21 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 01:21 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-22 01:21 99840 ----a-w- c:\windows\system32\wudriver.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 02:43 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"NeroFilterCheck"="c:\program files (x86)\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-20 928096]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 SaiH053C;SaiH053C;c:\windows\system32\DRIVERS\SaiH053C.sys [2007-05-01 171144]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-25 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-11 77952]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-11 37504]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-10 202752]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-04-22 244624]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-10 6368256]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-10 188416]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-08-11 1014624]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 02:46]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 01:47]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 01:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Adobe - c:\users\Family\AppData\Local\ATI\Adobe\dutip.dll
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
.
**************************************************************************
.
Completion time: 2012-08-19 08:41:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-19 15:41
.
Pre-Run: 1,288,369,311,744 bytes free
Post-Run: 1,288,118,149,120 bytes free
.
- - End Of File - - 3958E2C909D455F412933154198C3684

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 PM

Posted 19 August 2012 - 12:17 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Dennis s

Dennis s
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 19 August 2012 - 04:08 PM

Here they are:

13:48:31.0638 4120 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
13:48:32.0138 4120 ============================================================
13:48:32.0138 4120 Current date / time: 2012/08/19 13:48:32.0138
13:48:32.0138 4120 SystemInfo:
13:48:32.0138 4120
13:48:32.0138 4120 OS Version: 6.1.7601 ServicePack: 1.0
13:48:32.0138 4120 Product type: Workstation
13:48:32.0138 4120 ComputerName: LIVING
13:48:32.0138 4120 UserName: Family
13:48:32.0138 4120 Windows directory: C:\Windows
13:48:32.0138 4120 System windows directory: C:\Windows
13:48:32.0138 4120 Running under WOW64
13:48:32.0138 4120 Processor architecture: Intel x64
13:48:32.0138 4120 Number of processors: 6
13:48:32.0138 4120 Page size: 0x1000
13:48:32.0138 4120 Boot type: Normal boot
13:48:32.0138 4120 ============================================================
13:48:32.0621 4120 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:48:32.0652 4120 ============================================================
13:48:32.0652 4120 \Device\Harddisk0\DR0:
13:48:32.0652 4120 MBR partitions:
13:48:32.0652 4120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
13:48:32.0652 4120 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0xAC654B30
13:48:32.0652 4120 ============================================================
13:48:32.0699 4120 C: <-> \Device\Harddisk0\DR0\Partition2
13:48:32.0699 4120 ============================================================
13:48:32.0699 4120 Initialize success
13:48:32.0699 4120 ============================================================
13:48:34.0478 4620 ============================================================
13:48:34.0478 4620 Scan started
13:48:34.0478 4620 Mode: Manual;
13:48:34.0478 4620 ============================================================
13:48:34.0665 4620 ================ Scan services =============================
13:48:34.0868 4620 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
13:48:34.0868 4620 1394ohci - ok
13:48:34.0899 4620 [ e0a8525a951addb4655bc2068566407d ] 61883 C:\Windows\system32\DRIVERS\61883.sys
13:48:34.0914 4620 61883 - ok
13:48:34.0930 4620 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:48:34.0946 4620 ACPI - ok
13:48:34.0961 4620 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:48:34.0961 4620 AcpiPmi - ok
13:48:35.0039 4620 [ d19c4ee2ac7c47b8f5f84fff1a789d8a ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:48:35.0039 4620 AdobeARMservice - ok
13:48:35.0148 4620 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:48:35.0164 4620 AdobeFlashPlayerUpdateSvc - ok
13:48:35.0180 4620 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:48:35.0180 4620 adp94xx - ok
13:48:35.0195 4620 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:48:35.0195 4620 adpahci - ok
13:48:35.0211 4620 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:48:35.0211 4620 adpu320 - ok
13:48:35.0242 4620 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:48:35.0242 4620 AeLookupSvc - ok
13:48:35.0289 4620 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:48:35.0304 4620 AFD - ok
13:48:35.0336 4620 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:48:35.0336 4620 agp440 - ok
13:48:35.0351 4620 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
13:48:35.0367 4620 ALG - ok
13:48:35.0382 4620 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:48:35.0382 4620 aliide - ok
13:48:35.0414 4620 [ e0fd88ead5d8b1fae64a500d1d825c6d ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:48:35.0414 4620 AMD External Events Utility - ok
13:48:35.0429 4620 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
13:48:35.0429 4620 amdide - ok
13:48:35.0445 4620 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:48:35.0445 4620 AmdK8 - ok
13:48:35.0585 4620 [ 9337b5fabc03ca44cd355f700da9b25b ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
13:48:35.0741 4620 amdkmdag - ok
13:48:35.0757 4620 [ 560688a447e7a87f43774a2ff23a3e52 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:48:35.0757 4620 amdkmdap - ok
13:48:35.0772 4620 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:48:35.0772 4620 AmdPPM - ok
13:48:35.0788 4620 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:48:35.0804 4620 amdsata - ok
13:48:35.0804 4620 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:48:35.0804 4620 amdsbs - ok
13:48:35.0819 4620 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:48:35.0819 4620 amdxata - ok
13:48:35.0850 4620 [ 80a508d0c7a21bc13c01d4c671541203 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
13:48:35.0850 4620 amd_sata - ok
13:48:35.0866 4620 [ 2be940f3a632a1a301b22b096bf221f1 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
13:48:35.0866 4620 amd_xata - ok
13:48:35.0897 4620 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
13:48:35.0897 4620 AppID - ok
13:48:35.0913 4620 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:48:35.0913 4620 AppIDSvc - ok
13:48:35.0928 4620 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:48:35.0944 4620 Appinfo - ok
13:48:35.0991 4620 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:48:35.0991 4620 Apple Mobile Device - ok
13:48:36.0038 4620 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys
13:48:36.0038 4620 arc - ok
13:48:36.0053 4620 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:48:36.0053 4620 arcsas - ok
13:48:36.0069 4620 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:48:36.0084 4620 AsyncMac - ok
13:48:36.0100 4620 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
13:48:36.0100 4620 atapi - ok
13:48:36.0131 4620 [ 77c149e6d702737b2e372dee166faef8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
13:48:36.0131 4620 AtiHdmiService - ok
13:48:36.0147 4620 [ c07a040d6b5a42dd41ee386cf90974c8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
13:48:36.0147 4620 AtiPcie - ok
13:48:36.0178 4620 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:48:36.0194 4620 AudioEndpointBuilder - ok
13:48:36.0209 4620 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:48:36.0209 4620 AudioSrv - ok
13:48:36.0240 4620 [ 16fabe84916623d0607e4a975544032c ] Avc C:\Windows\system32\DRIVERS\avc.sys
13:48:36.0240 4620 Avc - ok
13:48:36.0396 4620 [ d67719bcfde5798f5c30d14efed3bcaf ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
13:48:36.0506 4620 AVGIDSAgent - ok
13:48:36.0537 4620 [ 1b2e9fcdc26dc7c81d4131430e2dc936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
13:48:36.0552 4620 AVGIDSDriver - ok
13:48:36.0568 4620 [ 0f293406f64b48d5d2f0d3a1117f3a83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
13:48:36.0568 4620 AVGIDSFilter - ok
13:48:36.0599 4620 [ cffc3a4a638f462e0561cb368b9a7a3a ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
13:48:36.0599 4620 AVGIDSHA - ok
13:48:36.0646 4620 [ 59955b4c288dd2a8b9fd2cd5158355c5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
13:48:36.0646 4620 Avgldx64 - ok
13:48:36.0677 4620 [ a6aec362aae5e2dda7445e7690cb0f33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
13:48:36.0677 4620 Avgmfx64 - ok
13:48:36.0708 4620 [ 645c7f0a0e39758a0024a9b1748273c0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
13:48:36.0708 4620 Avgrkx64 - ok
13:48:36.0755 4620 [ 1bee674ad792b1c63bb0dac5fa724b23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
13:48:36.0771 4620 Avgtdia - ok
13:48:36.0802 4620 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
13:48:36.0802 4620 avgwd - ok
13:48:36.0833 4620 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:48:36.0833 4620 AxInstSV - ok
13:48:36.0864 4620 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:48:36.0864 4620 b06bdrv - ok
13:48:36.0880 4620 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:48:36.0896 4620 b57nd60a - ok
13:48:36.0942 4620 [ 87f3bcf82a63e900af896cd930bf7e05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:48:36.0958 4620 BBSvc - ok
13:48:36.0989 4620 [ 78779ee07231c658b483b1f38b5088df ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:48:36.0989 4620 BBUpdate - ok
13:48:37.0005 4620 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:48:37.0005 4620 BDESVC - ok
13:48:37.0020 4620 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:48:37.0020 4620 Beep - ok
13:48:37.0067 4620 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
13:48:37.0083 4620 BFE - ok
13:48:37.0145 4620 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\system32\qmgr.dll
13:48:37.0176 4620 BITS - ok
13:48:37.0192 4620 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:48:37.0192 4620 blbdrive - ok
13:48:37.0301 4620 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:48:37.0301 4620 Bonjour Service - ok
13:48:37.0317 4620 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:48:37.0332 4620 bowser - ok
13:48:37.0332 4620 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:48:37.0332 4620 BrFiltLo - ok
13:48:37.0348 4620 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:48:37.0348 4620 BrFiltUp - ok
13:48:37.0348 4620 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:48:37.0364 4620 BridgeMP - ok
13:48:37.0395 4620 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll
13:48:37.0395 4620 Browser - ok
13:48:37.0410 4620 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:48:37.0410 4620 Brserid - ok
13:48:37.0426 4620 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:48:37.0426 4620 BrSerWdm - ok
13:48:37.0442 4620 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:48:37.0442 4620 BrUsbMdm - ok
13:48:37.0488 4620 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:48:37.0488 4620 BrUsbSer - ok
13:48:37.0504 4620 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:48:37.0504 4620 BTHMODEM - ok
13:48:37.0520 4620 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
13:48:37.0520 4620 bthserv - ok
13:48:37.0551 4620 catchme - ok
13:48:37.0566 4620 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:48:37.0566 4620 cdfs - ok
13:48:37.0598 4620 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:48:37.0598 4620 cdrom - ok
13:48:37.0613 4620 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
13:48:37.0613 4620 CertPropSvc - ok
13:48:37.0613 4620 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys
13:48:37.0613 4620 circlass - ok
13:48:37.0644 4620 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
13:48:37.0660 4620 CLFS - ok
13:48:37.0691 4620 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:48:37.0691 4620 clr_optimization_v2.0.50727_32 - ok
13:48:37.0738 4620 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:48:37.0738 4620 clr_optimization_v2.0.50727_64 - ok
13:48:37.0785 4620 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:48:37.0785 4620 clr_optimization_v4.0.30319_32 - ok
13:48:37.0800 4620 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:48:37.0800 4620 clr_optimization_v4.0.30319_64 - ok
13:48:37.0816 4620 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
13:48:37.0816 4620 CmBatt - ok
13:48:37.0832 4620 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:48:37.0832 4620 cmdide - ok
13:48:37.0878 4620 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
13:48:37.0894 4620 CNG - ok
13:48:37.0910 4620 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:48:37.0910 4620 Compbatt - ok
13:48:37.0972 4620 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:48:37.0972 4620 CompositeBus - ok
13:48:37.0972 4620 COMSysApp - ok
13:48:37.0988 4620 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:48:37.0988 4620 crcdisk - ok
13:48:38.0050 4620 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:48:38.0066 4620 CryptSvc - ok
13:48:38.0081 4620 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:48:38.0097 4620 DcomLaunch - ok
13:48:38.0128 4620 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
13:48:38.0128 4620 defragsvc - ok
13:48:38.0144 4620 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:48:38.0144 4620 DfsC - ok
13:48:38.0237 4620 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
13:48:38.0253 4620 Dhcp - ok
13:48:38.0253 4620 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
13:48:38.0253 4620 discache - ok
13:48:38.0268 4620 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys
13:48:38.0284 4620 Disk - ok
13:48:38.0300 4620 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:48:38.0300 4620 Dnscache - ok
13:48:38.0315 4620 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:48:38.0315 4620 dot3svc - ok
13:48:38.0315 4620 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
13:48:38.0331 4620 DPS - ok
13:48:38.0346 4620 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:48:38.0346 4620 drmkaud - ok
13:48:38.0378 4620 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:48:38.0393 4620 DXGKrnl - ok
13:48:38.0409 4620 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:48:38.0409 4620 EapHost - ok
13:48:38.0487 4620 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:48:38.0565 4620 ebdrv - ok
13:48:38.0596 4620 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
13:48:38.0612 4620 EFS - ok
13:48:38.0674 4620 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:48:38.0690 4620 ehRecvr - ok
13:48:38.0721 4620 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
13:48:38.0721 4620 ehSched - ok
13:48:38.0752 4620 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:48:38.0768 4620 elxstor - ok
13:48:38.0783 4620 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:48:38.0783 4620 ErrDev - ok
13:48:38.0799 4620 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
13:48:38.0814 4620 EventSystem - ok
13:48:38.0814 4620 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
13:48:38.0830 4620 exfat - ok
13:48:38.0846 4620 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:48:38.0861 4620 fastfat - ok
13:48:38.0877 4620 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
13:48:38.0892 4620 Fax - ok
13:48:38.0892 4620 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys
13:48:38.0892 4620 fdc - ok
13:48:38.0924 4620 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:48:38.0924 4620 fdPHost - ok
13:48:38.0939 4620 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:48:38.0939 4620 FDResPub - ok
13:48:38.0939 4620 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:48:38.0939 4620 FileInfo - ok
13:48:38.0955 4620 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:48:38.0955 4620 Filetrace - ok
13:48:38.0970 4620 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:48:38.0970 4620 flpydisk - ok
13:48:38.0970 4620 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:48:38.0986 4620 FltMgr - ok
13:48:39.0002 4620 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
13:48:39.0017 4620 FontCache - ok
13:48:39.0048 4620 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:48:39.0048 4620 FontCache3.0.0.0 - ok
13:48:39.0064 4620 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:48:39.0064 4620 FsDepends - ok
13:48:39.0095 4620 [ 07da62c960ddccc2d35836aeab4fc578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
13:48:39.0095 4620 fssfltr - ok
13:48:39.0204 4620 [ 28ddeeec44e988657b732cf404d504cb ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:48:39.0251 4620 fsssvc - ok
13:48:39.0282 4620 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:48:39.0282 4620 Fs_Rec - ok
13:48:39.0298 4620 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:48:39.0298 4620 fvevol - ok
13:48:39.0314 4620 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:48:39.0314 4620 gagp30kx - ok
13:48:39.0376 4620 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
13:48:39.0376 4620 GamesAppService - ok
13:48:39.0423 4620 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:48:39.0423 4620 GEARAspiWDM - ok
13:48:39.0454 4620 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
13:48:39.0470 4620 gpsvc - ok
13:48:39.0516 4620 [ c9b2d1d3f86fd3673ef847def73b6f9e ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
13:48:39.0516 4620 GREGService - ok
13:48:39.0594 4620 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:48:39.0594 4620 gupdate - ok
13:48:39.0594 4620 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:48:39.0610 4620 gupdatem - ok
13:48:39.0610 4620 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:48:39.0610 4620 hcw85cir - ok
13:48:39.0641 4620 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:48:39.0641 4620 HdAudAddService - ok
13:48:39.0657 4620 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:48:39.0657 4620 HDAudBus - ok
13:48:39.0672 4620 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:48:39.0672 4620 HidBatt - ok
13:48:39.0672 4620 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:48:39.0672 4620 HidBth - ok
13:48:39.0672 4620 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:48:39.0672 4620 HidIr - ok
13:48:39.0688 4620 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
13:48:39.0688 4620 hidserv - ok
13:48:39.0719 4620 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:48:39.0719 4620 HidUsb - ok
13:48:39.0719 4620 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:48:39.0719 4620 hkmsvc - ok
13:48:39.0750 4620 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:48:39.0750 4620 HomeGroupListener - ok
13:48:39.0782 4620 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:48:39.0782 4620 HomeGroupProvider - ok
13:48:39.0797 4620 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:48:39.0797 4620 HpSAMD - ok
13:48:39.0828 4620 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:48:39.0828 4620 HTTP - ok
13:48:39.0844 4620 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:48:39.0844 4620 hwpolicy - ok
13:48:39.0860 4620 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:48:39.0860 4620 i8042prt - ok
13:48:39.0906 4620 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:48:39.0922 4620 iaStorV - ok
13:48:39.0969 4620 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:48:39.0984 4620 idsvc - ok
13:48:40.0016 4620 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:48:40.0016 4620 iirsp - ok
13:48:40.0031 4620 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
13:48:40.0047 4620 IKEEXT - ok
13:48:40.0109 4620 [ 2e3b99e8c23be2bf32ebe1db5261f275 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:48:40.0125 4620 IntcAzAudAddService - ok
13:48:40.0140 4620 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
13:48:40.0140 4620 intelide - ok
13:48:40.0172 4620 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
13:48:40.0172 4620 intelppm - ok
13:48:40.0187 4620 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:48:40.0187 4620 IPBusEnum - ok
13:48:40.0203 4620 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:48:40.0203 4620 IpFilterDriver - ok
13:48:40.0218 4620 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:48:40.0234 4620 iphlpsvc - ok
13:48:40.0234 4620 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:48:40.0234 4620 IPMIDRV - ok
13:48:40.0250 4620 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:48:40.0250 4620 IPNAT - ok
13:48:40.0312 4620 [ 50d6ccc6ff5561f9f56946b3e6164fb8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:48:40.0328 4620 iPod Service - ok
13:48:40.0343 4620 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:48:40.0343 4620 IRENUM - ok
13:48:40.0343 4620 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:48:40.0359 4620 isapnp - ok
13:48:40.0359 4620 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:48:40.0374 4620 iScsiPrt - ok
13:48:40.0374 4620 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:48:40.0374 4620 kbdclass - ok
13:48:40.0390 4620 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:48:40.0390 4620 kbdhid - ok
13:48:40.0406 4620 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
13:48:40.0406 4620 KeyIso - ok
13:48:40.0437 4620 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:48:40.0437 4620 KSecDD - ok
13:48:40.0468 4620 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:48:40.0468 4620 KSecPkg - ok
13:48:40.0484 4620 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:48:40.0484 4620 ksthunk - ok
13:48:40.0530 4620 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
13:48:40.0546 4620 KtmRm - ok
13:48:40.0593 4620 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:48:40.0593 4620 LanmanServer - ok
13:48:40.0624 4620 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:48:40.0624 4620 LanmanWorkstation - ok
13:48:40.0702 4620 [ b705c7097f9a0ec941d02dce7c7d426c ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
13:48:40.0702 4620 Live Updater Service - ok
13:48:40.0733 4620 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:48:40.0733 4620 lltdio - ok
13:48:40.0749 4620 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:48:40.0764 4620 lltdsvc - ok
13:48:40.0764 4620 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:48:40.0780 4620 lmhosts - ok
13:48:40.0811 4620 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:48:40.0811 4620 LSI_FC - ok
13:48:40.0811 4620 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:48:40.0811 4620 LSI_SAS - ok
13:48:40.0827 4620 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:48:40.0827 4620 LSI_SAS2 - ok
13:48:40.0827 4620 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:48:40.0827 4620 LSI_SCSI - ok
13:48:40.0842 4620 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
13:48:40.0842 4620 luafv - ok
13:48:40.0842 4620 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:48:40.0858 4620 Mcx2Svc - ok
13:48:40.0858 4620 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys
13:48:40.0858 4620 megasas - ok
13:48:40.0874 4620 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:48:40.0874 4620 MegaSR - ok
13:48:40.0952 4620 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:48:40.0952 4620 Microsoft Office Groove Audit Service - ok
13:48:40.0983 4620 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
13:48:40.0983 4620 MMCSS - ok
13:48:40.0998 4620 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:48:40.0998 4620 Modem - ok
13:48:41.0030 4620 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:48:41.0030 4620 monitor - ok
13:48:41.0045 4620 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:48:41.0045 4620 mouclass - ok
13:48:41.0061 4620 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:48:41.0076 4620 mouhid - ok
13:48:41.0092 4620 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:48:41.0092 4620 mountmgr - ok
13:48:41.0123 4620 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
13:48:41.0123 4620 MpFilter - ok
13:48:41.0139 4620 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:48:41.0139 4620 mpio - ok
13:48:41.0154 4620 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:48:41.0154 4620 mpsdrv - ok
13:48:41.0186 4620 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:48:41.0201 4620 MpsSvc - ok
13:48:41.0217 4620 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:48:41.0217 4620 MRxDAV - ok
13:48:41.0248 4620 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:48:41.0248 4620 mrxsmb - ok
13:48:41.0264 4620 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:48:41.0264 4620 mrxsmb10 - ok
13:48:41.0295 4620 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:48:41.0295 4620 mrxsmb20 - ok
13:48:41.0310 4620 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:48:41.0310 4620 msahci - ok
13:48:41.0326 4620 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:48:41.0326 4620 msdsm - ok
13:48:41.0342 4620 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
13:48:41.0342 4620 MSDTC - ok
13:48:41.0388 4620 [ 72949a24d37a20a54b3d4d3dadbb55e9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
13:48:41.0404 4620 MSDV - ok
13:48:41.0420 4620 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:48:41.0420 4620 Msfs - ok
13:48:41.0435 4620 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:48:41.0451 4620 mshidkmdf - ok
13:48:41.0451 4620 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:48:41.0451 4620 msisadrv - ok
13:48:41.0466 4620 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:48:41.0466 4620 MSiSCSI - ok
13:48:41.0466 4620 msiserver - ok
13:48:41.0498 4620 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:48:41.0498 4620 MSKSSRV - ok
13:48:41.0529 4620 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:48:41.0529 4620 MsMpSvc - ok
13:48:41.0544 4620 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:48:41.0544 4620 MSPCLOCK - ok
13:48:41.0560 4620 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:48:41.0560 4620 MSPQM - ok
13:48:41.0576 4620 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:48:41.0576 4620 MsRPC - ok
13:48:41.0591 4620 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:48:41.0591 4620 mssmbios - ok
13:48:41.0607 4620 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:48:41.0622 4620 MSTEE - ok
13:48:41.0638 4620 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:48:41.0638 4620 MTConfig - ok
13:48:41.0654 4620 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:48:41.0654 4620 Mup - ok
13:48:41.0685 4620 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
13:48:41.0685 4620 napagent - ok
13:48:41.0716 4620 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:48:41.0732 4620 NativeWifiP - ok
13:48:41.0747 4620 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
13:48:41.0763 4620 NDIS - ok
13:48:41.0763 4620 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:48:41.0763 4620 NdisCap - ok
13:48:41.0778 4620 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:48:41.0778 4620 NdisTapi - ok
13:48:41.0778 4620 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:48:41.0778 4620 Ndisuio - ok
13:48:41.0794 4620 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:48:41.0794 4620 NdisWan - ok
13:48:41.0810 4620 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:48:41.0810 4620 NDProxy - ok
13:48:41.0825 4620 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:48:41.0825 4620 NetBIOS - ok
13:48:41.0841 4620 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:48:41.0841 4620 NetBT - ok
13:48:41.0856 4620 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
13:48:41.0856 4620 Netlogon - ok
13:48:41.0888 4620 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
13:48:41.0903 4620 Netman - ok
13:48:41.0919 4620 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
13:48:41.0934 4620 netprofm - ok
13:48:41.0966 4620 [ af5f224a600f50b7d2b77f4ae59c1abe ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
13:48:41.0981 4620 netr28x - ok
13:48:41.0997 4620 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:48:42.0012 4620 NetTcpPortSharing - ok
13:48:42.0028 4620 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:48:42.0028 4620 nfrd960 - ok
13:48:42.0059 4620 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:48:42.0059 4620 NisDrv - ok
13:48:42.0090 4620 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
13:48:42.0090 4620 NisSrv - ok
13:48:42.0122 4620 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:48:42.0137 4620 NlaSvc - ok
13:48:42.0153 4620 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:48:42.0153 4620 Npfs - ok
13:48:42.0184 4620 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:48:42.0184 4620 nsi - ok
13:48:42.0200 4620 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:48:42.0200 4620 nsiproxy - ok
13:48:42.0262 4620 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:48:42.0309 4620 Ntfs - ok
13:48:42.0309 4620 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
13:48:42.0324 4620 Null - ok
13:48:42.0340 4620 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:48:42.0340 4620 nvraid - ok
13:48:42.0371 4620 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:48:42.0371 4620 nvstor - ok
13:48:42.0387 4620 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:48:42.0387 4620 nv_agp - ok
13:48:42.0480 4620 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:48:42.0480 4620 odserv - ok
13:48:42.0512 4620 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:48:42.0512 4620 ohci1394 - ok
13:48:42.0558 4620 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:48:42.0574 4620 ose - ok
13:48:42.0605 4620 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:48:42.0605 4620 p2pimsvc - ok
13:48:42.0636 4620 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:48:42.0652 4620 p2psvc - ok
13:48:42.0668 4620 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys
13:48:42.0668 4620 Parport - ok
13:48:42.0699 4620 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:48:42.0699 4620 partmgr - ok
13:48:42.0714 4620 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:48:42.0714 4620 PcaSvc - ok
13:48:42.0730 4620 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
13:48:42.0730 4620 pci - ok
13:48:42.0746 4620 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
13:48:42.0746 4620 pciide - ok
13:48:42.0746 4620 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:48:42.0761 4620 pcmcia - ok
13:48:42.0777 4620 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:48:42.0777 4620 pcw - ok
13:48:42.0792 4620 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:48:42.0808 4620 PEAUTH - ok
13:48:42.0870 4620 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:48:42.0870 4620 PerfHost - ok
13:48:42.0933 4620 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
13:48:42.0948 4620 pla - ok
13:48:42.0995 4620 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:48:42.0995 4620 PlugPlay - ok
13:48:43.0011 4620 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:48:43.0011 4620 PNRPAutoReg - ok
13:48:43.0026 4620 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:48:43.0026 4620 PNRPsvc - ok
13:48:43.0073 4620 [ 4f0878fd62d5f7444c5f1c4c66d9d293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
13:48:43.0073 4620 Point64 - ok
13:48:43.0120 4620 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:48:43.0120 4620 PolicyAgent - ok
13:48:43.0151 4620 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
13:48:43.0151 4620 Power - ok
13:48:43.0182 4620 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:48:43.0182 4620 PptpMiniport - ok
13:48:43.0182 4620 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys
13:48:43.0182 4620 Processor - ok
13:48:43.0214 4620 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:48:43.0229 4620 ProfSvc - ok
13:48:43.0229 4620 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:48:43.0245 4620 ProtectedStorage - ok
13:48:43.0260 4620 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:48:43.0260 4620 Psched - ok
13:48:43.0292 4620 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:48:43.0323 4620 ql2300 - ok
13:48:43.0323 4620 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:48:43.0323 4620 ql40xx - ok
13:48:43.0323 4620 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
13:48:43.0338 4620 QWAVE - ok
13:48:43.0338 4620 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:48:43.0338 4620 QWAVEdrv - ok
13:48:43.0338 4620 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:48:43.0338 4620 RasAcd - ok
13:48:43.0370 4620 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:48:43.0370 4620 RasAgileVpn - ok
13:48:43.0370 4620 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
13:48:43.0385 4620 RasAuto - ok
13:48:43.0385 4620 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:48:43.0401 4620 Rasl2tp - ok
13:48:43.0416 4620 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
13:48:43.0416 4620 RasMan - ok
13:48:43.0432 4620 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:48:43.0432 4620 RasPppoe - ok
13:48:43.0432 4620 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:48:43.0432 4620 RasSstp - ok
13:48:43.0448 4620 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:48:43.0448 4620 rdbss - ok
13:48:43.0448 4620 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
13:48:43.0448 4620 rdpbus - ok
13:48:43.0463 4620 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:48:43.0463 4620 RDPCDD - ok
13:48:43.0463 4620 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:48:43.0463 4620 RDPENCDD - ok
13:48:43.0463 4620 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:48:43.0463 4620 RDPREFMP - ok
13:48:43.0510 4620 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:48:43.0526 4620 RDPWD - ok
13:48:43.0541 4620 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:48:43.0541 4620 rdyboost - ok
13:48:43.0557 4620 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:48:43.0572 4620 RemoteAccess - ok
13:48:43.0572 4620 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:48:43.0588 4620 RemoteRegistry - ok
13:48:43.0604 4620 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:48:43.0604 4620 RpcEptMapper - ok
13:48:43.0619 4620 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
13:48:43.0619 4620 RpcLocator - ok
13:48:43.0650 4620 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
13:48:43.0650 4620 RpcSs - ok
13:48:43.0682 4620 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:48:43.0682 4620 rspndr - ok
13:48:43.0713 4620 [ 7ea8d2eb9bbfd2ab8a3117a1e96d3b3a ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:48:43.0713 4620 RTL8167 - ok
13:48:43.0775 4620 [ 248abd858ff7dcc966e5a54529ddd225 ] SaiH053C C:\Windows\system32\DRIVERS\SaiH053C.sys
13:48:43.0791 4620 SaiH053C - ok
13:48:43.0791 4620 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
13:48:43.0791 4620 SamSs - ok
13:48:43.0806 4620 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:48:43.0806 4620 sbp2port - ok
13:48:43.0806 4620 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:48:43.0822 4620 SCardSvr - ok
13:48:43.0838 4620 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:48:43.0838 4620 scfilter - ok
13:48:43.0869 4620 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
13:48:43.0884 4620 Schedule - ok
13:48:43.0916 4620 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
13:48:43.0916 4620 SCPolicySvc - ok
13:48:43.0916 4620 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:48:43.0916 4620 SDRSVC - ok
13:48:43.0947 4620 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:48:43.0947 4620 secdrv - ok
13:48:43.0947 4620 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
13:48:43.0947 4620 seclogon - ok
13:48:43.0962 4620 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
13:48:43.0978 4620 SENS - ok
13:48:43.0994 4620 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:48:43.0994 4620 SensrSvc - ok
13:48:44.0009 4620 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys
13:48:44.0009 4620 Serenum - ok
13:48:44.0025 4620 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys
13:48:44.0025 4620 Serial - ok
13:48:44.0040 4620 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:48:44.0040 4620 sermouse - ok
13:48:44.0087 4620 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:48:44.0087 4620 SessionEnv - ok
13:48:44.0087 4620 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:48:44.0103 4620 sffdisk - ok
13:48:44.0118 4620 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:48:44.0118 4620 sffp_mmc - ok
13:48:44.0118 4620 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:48:44.0118 4620 sffp_sd - ok
13:48:44.0118 4620 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:48:44.0134 4620 sfloppy - ok
13:48:44.0150 4620 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:48:44.0150 4620 SharedAccess - ok
13:48:44.0165 4620 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:48:44.0181 4620 ShellHWDetection - ok
13:48:44.0181 4620 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:48:44.0181 4620 SiSRaid2 - ok
13:48:44.0196 4620 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:48:44.0196 4620 SiSRaid4 - ok
13:48:44.0196 4620 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:48:44.0212 4620 Smb - ok
13:48:44.0212 4620 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:48:44.0228 4620 SNMPTRAP - ok
13:48:44.0243 4620 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:48:44.0243 4620 spldr - ok
13:48:44.0274 4620 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:48:44.0290 4620 Spooler - ok
13:48:44.0384 4620 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
13:48:44.0462 4620 sppsvc - ok
13:48:44.0477 4620 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:48:44.0477 4620 sppuinotify - ok
13:48:44.0540 4620 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
13:48:44.0555 4620 srv - ok
13:48:44.0571 4620 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:48:44.0571 4620 srv2 - ok
13:48:44.0586 4620 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:48:44.0586 4620 srvnet - ok
13:48:44.0586 4620 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:48:44.0602 4620 SSDPSRV - ok
13:48:44.0602 4620 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:48:44.0602 4620 SstpSvc - ok
13:48:44.0618 4620 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:48:44.0618 4620 stexstor - ok
13:48:44.0789 4620 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
13:48:44.0805 4620 stisvc - ok
13:48:44.0820 4620 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:48:44.0820 4620 swenum - ok
13:48:44.0836 4620 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
13:48:44.0852 4620 swprv - ok
13:48:44.0898 4620 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
13:48:44.0930 4620 SysMain - ok
13:48:44.0945 4620 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:48:44.0945 4620 TabletInputService - ok
13:48:44.0976 4620 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:48:44.0976 4620 TapiSrv - ok
13:48:44.0992 4620 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
13:48:44.0992 4620 TBS - ok
13:48:45.0070 4620 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:48:45.0132 4620 Tcpip - ok
13:48:45.0179 4620 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:48:45.0179 4620 TCPIP6 - ok
13:48:45.0210 4620 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:48:45.0210 4620 tcpipreg - ok
13:48:45.0226 4620 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:48:45.0226 4620 TDPIPE - ok
13:48:45.0242 4620 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:48:45.0257 4620 TDTCP - ok
13:48:45.0273 4620 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:48:45.0273 4620 tdx - ok
13:48:45.0288 4620 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:48:45.0304 4620 TermDD - ok
13:48:45.0320 4620 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
13:48:45.0335 4620 TermService - ok
13:48:45.0351 4620 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
13:48:45.0351 4620 Themes - ok
13:48:45.0366 4620 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
13:48:45.0366 4620 THREADORDER - ok
13:48:45.0382 4620 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
13:48:45.0382 4620 TrkWks - ok
13:48:45.0429 4620 [ 8de922cd4fea6f83b10805df965b9a08 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
13:48:45.0444 4620 truecrypt - ok
13:48:45.0476 4620 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:48:45.0491 4620 TrustedInstaller - ok
13:48:45.0507 4620 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:48:45.0507 4620 tssecsrv - ok
13:48:45.0538 4620 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:48:45.0538 4620 TsUsbFlt - ok
13:48:45.0554 4620 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:48:45.0554 4620 TsUsbGD - ok
13:48:45.0600 4620 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:48:45.0600 4620 tunnel - ok
13:48:45.0632 4620 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:48:45.0632 4620 uagp35 - ok
13:48:45.0663 4620 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:48:45.0663 4620 udfs - ok
13:48:45.0725 4620 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:48:45.0725 4620 UI0Detect - ok
13:48:45.0741 4620 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:48:45.0741 4620 uliagpkx - ok
13:48:45.0756 4620 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:48:45.0756 4620 umbus - ok
13:48:45.0772 4620 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys
13:48:45.0772 4620 UmPass - ok
13:48:45.0788 4620 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
13:48:45.0803 4620 upnphost - ok
13:48:45.0834 4620 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:48:45.0834 4620 USBAAPL64 - ok
13:48:45.0866 4620 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:48:45.0866 4620 usbccgp - ok
13:48:45.0897 4620 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:48:45.0897 4620 usbcir - ok
13:48:45.0928 4620 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:48:45.0928 4620 usbehci - ok
13:48:45.0944 4620 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:48:45.0944 4620 usbhub - ok
13:48:45.0990 4620 [ 5c4219c10b5887dff85e1d2779aed55b ] usbio C:\Windows\system32\Drivers\dsiarhwprog_x64.sys
13:48:45.0990 4620 usbio - ok
13:48:46.0006 4620 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:48:46.0006 4620 usbohci - ok
13:48:46.0022 4620 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:48:46.0037 4620 usbprint - ok
13:48:46.0053 4620 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:48:46.0053 4620 usbscan - ok
13:48:46.0068 4620 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:48:46.0068 4620 USBSTOR - ok
13:48:46.0068 4620 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:48:46.0084 4620 usbuhci - ok
13:48:46.0100 4620 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
13:48:46.0100 4620 UxSms - ok
13:48:46.0100 4620 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
13:48:46.0100 4620 VaultSvc - ok
13:48:46.0131 4620 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:48:46.0131 4620 vdrvroot - ok
13:48:46.0162 4620 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
13:48:46.0162 4620 vds - ok
13:48:46.0193 4620 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:48:46.0193 4620 vga - ok
13:48:46.0209 4620 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
13:48:46.0209 4620 VgaSave - ok
13:48:46.0224 4620 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:48:46.0224 4620 vhdmp - ok
13:48:46.0240 4620 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:48:46.0240 4620 viaide - ok
13:48:46.0256 4620 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:48:46.0271 4620 volmgr - ok
13:48:46.0271 4620 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:48:46.0287 4620 volmgrx - ok
13:48:46.0287 4620 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:48:46.0287 4620 volsnap - ok
13:48:46.0318 4620 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:48:46.0318 4620 vsmraid - ok
13:48:46.0349 4620 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
13:48:46.0365 4620 VSS - ok
13:48:46.0505 4620 [ 5fa45791413acce628d5361458f32dde ] vToolbarUpdater11.1.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
13:48:46.0521 4620 vToolbarUpdater11.1.0 - ok
13:48:46.0552 4620 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:48:46.0552 4620 vwifibus - ok
13:48:46.0568 4620 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:48:46.0568 4620 vwififlt - ok
13:48:46.0583 4620 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:48:46.0583 4620 vwifimp - ok
13:48:46.0614 4620 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
13:48:46.0614 4620 W32Time - ok
13:48:46.0614 4620 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:48:46.0614 4620 WacomPen - ok
13:48:46.0646 4620 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:48:46.0646 4620 WANARP - ok
13:48:46.0646 4620 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:48:46.0646 4620 Wanarpv6 - ok
13:48:46.0692 4620 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:48:46.0708 4620 WatAdminSvc - ok
13:48:46.0755 4620 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
13:48:46.0786 4620 wbengine - ok
13:48:46.0802 4620 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:48:46.0817 4620 WbioSrvc - ok
13:48:46.0817 4620 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:48:46.0833 4620 wcncsvc - ok
13:48:46.0848 4620 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:48:46.0848 4620 WcsPlugInService - ok
13:48:46.0848 4620 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys
13:48:46.0848 4620 Wd - ok
13:48:46.0864 4620 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:48:46.0864 4620 Wdf01000 - ok
13:48:46.0911 4620 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:48:46.0911 4620 WdiServiceHost - ok
13:48:46.0911 4620 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:48:46.0926 4620 WdiSystemHost - ok
13:48:46.0926 4620 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:48:46.0942 4620 WebClient - ok
13:48:46.0942 4620 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:48:46.0942 4620 Wecsvc - ok
13:48:46.0958 4620 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:48:46.0958 4620 wercplsupport - ok
13:48:46.0989 4620 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:48:46.0989 4620 WerSvc - ok
13:48:47.0004 4620 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:48:47.0004 4620 WfpLwf - ok
13:48:47.0020 4620 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:48:47.0020 4620 WIMMount - ok
13:48:47.0051 4620 WinDefend - ok
13:48:47.0051 4620 WinHttpAutoProxySvc - ok
13:48:47.0098 4620 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:48:47.0098 4620 Winmgmt - ok
13:48:47.0160 4620 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
13:48:47.0207 4620 WinRM - ok
13:48:47.0254 4620 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:48:47.0254 4620 WinUsb - ok
13:48:47.0285 4620 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
13:48:47.0301 4620 Wlansvc - ok
13:48:47.0363 4620 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:48:47.0363 4620 wlcrasvc - ok
13:48:47.0457 4620 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:48:47.0519 4620 wlidsvc - ok
13:48:47.0535 4620 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:48:47.0535 4620 WmiAcpi - ok
13:48:47.0550 4620 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:48:47.0550 4620 wmiApSrv - ok
13:48:47.0566 4620 WMPNetworkSvc - ok
13:48:47.0582 4620 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:48:47.0582 4620 WPCSvc - ok
13:48:47.0597 4620 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:48:47.0597 4620 WPDBusEnum - ok
13:48:47.0613 4620 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:48:47.0613 4620 ws2ifsl - ok
13:48:47.0628 4620 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
13:48:47.0628 4620 wscsvc - ok
13:48:47.0628 4620 WSearch - ok
13:48:47.0722 4620 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:48:47.0816 4620 wuauserv - ok
13:48:47.0831 4620 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:48:47.0831 4620 WudfPf - ok
13:48:47.0847 4620 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:48:47.0847 4620 WUDFRd - ok
13:48:47.0847 4620 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:48:47.0862 4620 wudfsvc - ok
13:48:47.0878 4620 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
13:48:47.0878 4620 WwanSvc - ok
13:48:47.0894 4620 ================ Scan global ===============================
13:48:47.0909 4620 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
13:48:47.0956 4620 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
13:48:47.0972 4620 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
13:48:47.0987 4620 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
13:48:48.0018 4620 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
13:48:48.0034 4620 [Global] - ok
13:48:48.0034 4620 ================ Scan MBR ==================================
13:48:48.0050 4620 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:48:48.0237 4620 \Device\Harddisk0\DR0 - ok
13:48:48.0237 4620 ================ Scan VBR ==================================
13:48:48.0237 4620 Boot (0x1200) (756b4b01046fd8c5147a75fab55f88a1) \Device\Harddisk0\DR0\Partition1
13:48:48.0237 4620 \Device\Harddisk0\DR0\Partition1 - ok
13:48:48.0284 4620 Boot (0x1200) (1c4ea4a984121ede8d445886a64f78ad) \Device\Harddisk0\DR0\Partition2
13:48:48.0284 4620 \Device\Harddisk0\DR0\Partition2 - ok
13:48:48.0284 4620 ============================================================
13:48:48.0284 4620 Scan finished
13:48:48.0284 4620 ============================================================
13:48:48.0315 2200 Detected object count: 0
13:48:48.0315 2200 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-17 17:06:39
-----------------------------
17:06:39.723 OS Version: Windows x64 6.1.7601 Service Pack 1
17:06:39.723 Number of processors: 6 586 0xA00
17:06:39.723 ComputerName: LIVING UserName: Family
17:06:42.063 Initialize success
17:09:58.634 AVAST engine defs: 12081701
17:10:00.100 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
17:10:00.100 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 11
17:10:00.116 Disk 0 MBR read successfully
17:10:00.131 Disk 0 MBR scan
17:10:00.194 Disk 0 Windows 7 default MBR code
17:10:00.209 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18432 MB offset 2048
17:10:00.240 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 37750784
17:10:00.256 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1412265 MB offset 37955584
17:10:00.303 Disk 0 scanning C:\Windows\system32\drivers
17:10:13.625 Service scanning
17:10:36.308 Modules scanning
17:10:36.323 Disk 0 trace - called modules:
17:10:36.339 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
17:10:36.354 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f5a060]
17:10:36.354 3 CLASSPNP.SYS[fffff88001b6743f] -> nt!IofCallDriver -> [0xfffffa80059fbac0]
17:10:36.354 5 amd_xata.sys[fffff88001120900] -> nt!IofCallDriver -> \Device\00000058[0xfffffa80059f79c0]
17:10:38.928 AVAST engine scan C:\Windows
17:10:43.515 AVAST engine scan C:\Windows\system32
17:14:26.346 AVAST engine scan C:\Windows\system32\drivers
17:14:48.154 AVAST engine scan C:\Users\Family
17:18:05.476 Disk 0 MBR has been saved successfully to "C:\Users\Family\Desktop\MBR.dat"
17:18:05.523 The log file has been saved successfully to "C:\Users\Family\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-19 13:51:13
-----------------------------
13:51:13.353 OS Version: Windows x64 6.1.7601 Service Pack 1
13:51:13.353 Number of processors: 6 586 0xA00
13:51:13.353 ComputerName: LIVING UserName: Family
13:51:15.128 Initialize success
13:54:41.121 AVAST engine defs: 12081900
13:54:43.087 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
13:54:43.087 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 11
13:54:43.102 Disk 0 MBR read successfully
13:54:43.102 Disk 0 MBR scan
13:54:43.118 Disk 0 Windows 7 default MBR code
13:54:43.118 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18432 MB offset 2048
13:54:43.149 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 37750784
13:54:43.149 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1412265 MB offset 37955584
13:54:43.180 Disk 0 scanning C:\Windows\system32\drivers
13:54:50.138 Service scanning
13:55:04.771 Modules scanning
13:55:04.786 Disk 0 trace - called modules:
13:55:04.802 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
13:55:05.317 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f76060]
13:55:05.317 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8005a18ac0]
13:55:05.332 5 amd_xata.sys[fffff880010c8900] -> nt!IofCallDriver -> \Device\00000059[0xfffffa8005a138b0]
13:55:08.234 AVAST engine scan C:\Windows
13:55:11.916 AVAST engine scan C:\Windows\system32
13:57:08.729 AVAST engine scan C:\Windows\system32\drivers
13:57:17.059 AVAST engine scan C:\Users\Family
14:05:56.952 AVAST engine scan C:\ProgramData
14:06:52.379 Scan finished successfully
14:07:08.041 Disk 0 MBR has been saved successfully to "C:\Users\Family\Desktop\MBR.dat"
14:07:08.057 The log file has been saved successfully to "C:\Users\Family\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 PM

Posted 19 August 2012 - 05:21 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Dennis s

Dennis s
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 19 August 2012 - 06:50 PM

Combo fix log follows. No problems so far, I had to re read your directions on restarting carefully after running combofix!


ComboFix 12-08-18.03 - Family 08/19/2012 16:28:08.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4557 [GMT -7:00]
Running from: c:\users\Family\Desktop\ComboFix.exe
Command switches used :: c:\users\Family\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Family\AppData\Local\Temp\{3ED84589-7077-47AB-9673-E11AC7BF5B31}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 23:33 . 2012-08-19 23:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-19 07:21 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F95D09AE-33AF-4ED6-A5E2-2CD14A5D20EE}\mpengine.dll
2012-08-18 03:47 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-16 22:59 . 2012-08-16 22:59 -------- d-----w- c:\program files\CCleaner
2012-08-16 04:35 . 2012-08-16 04:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-16 04:34 . 2012-08-16 04:34 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-16 04:34 . 2012-08-16 04:34 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-16 04:34 . 2012-08-16 04:34 -------- d-----w- c:\program files (x86)\Java
2012-08-16 02:26 . 2012-08-16 02:26 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB917075-0F6B-4847-B86C-EB1873CA1DDA}\gapaengine.dll
2012-08-16 02:22 . 2012-08-16 02:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-16 02:22 . 2012-08-16 02:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-16 02:17 . 2012-01-31 12:59 237072 ------w- c:\windows\SysWow64\MpSigStub.exe
2012-08-15 03:00 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 03:00 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 03:00 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 03:00 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 03:00 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 03:00 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 03:00 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 03:00 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 03:00 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 03:00 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 03:00 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 03:00 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-12 16:52 . 2012-08-12 16:52 -------- d--h--r- c:\users\Family\AppData\Roaming\SecuROM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 04:34 . 2011-12-08 00:32 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-15 10:00 . 2011-11-25 17:27 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 02:46 . 2012-04-20 23:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 02:46 . 2011-07-21 05:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-02 22:19 . 2012-06-22 01:21 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:21 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 01:21 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:21 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 01:21 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 01:21 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 01:21 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-22 01:21 99840 ----a-w- c:\windows\system32\wudriver.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-19_15.37.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-08-19 15:53 42662 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-19 15:53 33806 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-11-25 16:51 . 2012-08-16 01:59 8634 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-380015750-2753814591-3328809547-1001_UserData.bin
+ 2011-11-25 16:51 . 2012-08-19 15:53 8634 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-380015750-2753814591-3328809547-1001_UserData.bin
+ 2012-08-19 23:34 . 2012-08-19 23:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-19 15:36 . 2012-08-19 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-19 23:34 . 2012-08-19 23:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-19 15:36 . 2012-08-19 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-25 20:16 . 2012-08-19 23:22 306124 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-08-19 15:55 626290 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-18 05:04 626290 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-19 15:55 107566 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-18 05:04 107566 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-19 15:35 392508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-19 23:33 392508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-25 17:44 . 2012-08-19 23:33 44263364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-380015750-2753814591-3328809547-1001-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 02:43 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"NeroFilterCheck"="c:\program files (x86)\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-20 928096]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 SaiH053C;SaiH053C;c:\windows\system32\DRIVERS\SaiH053C.sys [2007-05-01 171144]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-25 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-11 77952]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-11 37504]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-10 202752]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-04-22 244624]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-10 6368256]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-10 188416]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-08-11 1014624]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 02:46]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 01:47]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-13 01:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
.
**************************************************************************
.
Completion time: 2012-08-19 16:42:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-19 23:42
ComboFix2.txt 2012-08-19 15:41
.
Pre-Run: 1,281,178,959,872 bytes free
Post-Run: 1,281,218,543,616 bytes free
.
- - End Of File - - C9D44EDD3965DDD590DC90140436FF28

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 PM

Posted 19 August 2012 - 09:11 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Dennis s

Dennis s
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 19 August 2012 - 10:23 PM

MBAM and Hijack this logs:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Family :: LIVING [administrator]

Protection: Enabled

8/19/2012 8:14:12 PM
mbam-log-2012-08-19 (20-14-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197650
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Family\Downloads\7zip_installer_1650 (1).exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\Family\Downloads\7zip_installer_1650.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:20:30 PM, on 8/19/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Family\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11057 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 PM

Posted 19 August 2012 - 10:36 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Dennis s

Dennis s
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 20 August 2012 - 06:46 PM

ESET report follows:

C:\Users\Family\Downloads\windows-dvd-maker-new.exe Win32/Somoto application

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 PM

Posted 21 August 2012 - 04:29 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Family\Downloads\windows-dvd-maker-new.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Dennis s

Dennis s
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 21 August 2012 - 07:00 PM

Thank you very much all went well!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 PM

Posted 21 August 2012 - 07:22 PM

you are more than welcome



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 PM

Posted 23 August 2012 - 11:29 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users