Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
19 replies to this topic

#1 McCragge

McCragge

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 20 August 2012 - 02:22 AM

Hello, it seems I have the same problem as a lot of people.

I seem to have the Google Redirect Virus on my machine, I don't know how I even got it, but I can't seem to get rid of it. I have tried several different things from AVG to TDSSKiller to get rid of it but nothing so far is working, any help would be really really appreciated too :)

So here is the DDS log report

+_+_+_+_+_+_+_+

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by ShadowBane Ind at 22:27:45 on 2012-08-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.941 [GMT -7:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Java\jre7\bin\jp2launcher.exe
C:\Program Files\Java\jre7\bin\java.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Download] "c:\users\shadowbane ind\appdata\local\supportsoft\ddoctorv2\shadowbane ind\SSGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{68F3D073-7DFD-4825-ABC0-19A194A64DF5} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shadowbane ind\appdata\roaming\mozilla\firefox\profiles\91vsuoll.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-9-4 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2012-5-8 25832]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-13 113120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-20 03:30:11 -------- d-----w- c:\users\shadowbane ind\appdata\local\{9DC8059A-7592-4737-91E8-318F66C35CB6}
2012-08-20 03:26:13 -------- d-----w- c:\windows\pss
2012-08-18 17:55:49 -------- d-----w- c:\users\shadowbane ind\appdata\local\{38BFF16F-15A0-411C-BC6A-86A54436FDC9}
2012-08-18 17:55:38 -------- d-----w- c:\users\shadowbane ind\appdata\local\{2186F0E6-4C93-4C96-A3C4-14A3C0A6AEA0}
2012-08-18 17:47:50 -------- d-----w- c:\windows\en
2012-08-18 17:44:36 19720 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2012-08-18 17:37:36 537432 ----a-w- c:\program files\common files\windows live\.cache\2756eb281cd7d6801\DXSETUP.exe
2012-08-18 17:37:35 89944 ----a-w- c:\program files\common files\windows live\.cache\2756eb281cd7d6801\DSETUP.dll
2012-08-18 17:37:35 1801048 ----a-w- c:\program files\common files\windows live\.cache\2756eb281cd7d6801\dsetup32.dll
2012-08-18 17:36:08 -------- d-----w- c:\users\shadowbane ind\appdata\local\{881DC451-768D-456A-B0F5-56C86A0C2C65}
2012-08-18 17:35:58 -------- d-----w- c:\users\shadowbane ind\appdata\local\{246C4320-764C-4123-B9CC-F49F3E732419}
2012-08-18 17:35:46 -------- d-----w- c:\users\shadowbane ind\appdata\local\{738C1B85-9912-4219-82CB-FAA117CAF8CB}
2012-08-18 17:35:31 -------- d-----w- c:\users\shadowbane ind\appdata\local\{90AA789D-1721-4458-8F32-A8EC71EB55AC}
2012-08-16 10:21:36 -------- d-----w- c:\users\shadowbane ind\appdata\local\{B2E06011-DAD9-4C12-BB75-50F4F77BEE11}
2012-08-16 10:21:22 -------- d-----w- c:\users\shadowbane ind\appdata\local\{08CC3178-AB5A-4039-8F7E-080A5FD1C619}
2012-08-16 10:01:09 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 14:24:29 -------- d-----w- c:\users\shadowbane ind\appdata\local\{58DE208E-2BDF-44D7-B904-99F7FD330D7D}
2012-08-15 14:24:15 -------- d-----w- c:\users\shadowbane ind\appdata\local\{ADA68E6F-789A-4F0F-8ADF-D8748EB3D097}
2012-08-15 03:40:10 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 03:08:03 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-12 01:49:38 -------- d-----w- c:\users\shadowbane ind\appdata\local\{14F260FF-84B7-44F3-9D7E-E6BECBEB2893}
2012-08-12 01:49:04 -------- d-----w- c:\users\shadowbane ind\appdata\local\{E0495510-7EBA-4677-976C-8C4DC510CB3C}
2012-08-11 19:47:15 -------- d-----w- c:\users\shadowbane ind\appdata\local\{6117EC62-37F3-458D-B5A6-B4FA1A00EEEC}
2012-08-11 19:46:28 -------- d-----w- c:\users\shadowbane ind\appdata\local\{F42489FD-6F26-41F8-981F-2719071D0E88}
2012-08-09 17:27:32 -------- d-----w- c:\users\shadowbane ind\appdata\local\{20F4C097-4748-42A0-8C1C-7537CB0E3EA0}
2012-08-09 17:26:40 -------- d-----w- c:\users\shadowbane ind\appdata\local\{53A8DF8A-C025-45AD-A0E4-6C32FB5AF7F3}
2012-08-08 16:23:03 -------- d-----w- c:\users\shadowbane ind\appdata\roaming\AVG
2012-08-08 10:42:29 -------- d-----w- c:\users\shadowbane ind\appdata\local\{1FA99FD7-903E-4EEE-9A8D-F8D7A6A237CA}
2012-08-08 10:42:06 -------- d-----w- c:\users\shadowbane ind\appdata\local\{5643A92C-19FB-4107-AF66-F1FA59922719}
2012-08-08 10:36:46 -------- d--h--w- C:\$AVG
2012-08-08 10:23:34 -------- d-----w- c:\users\shadowbane ind\appdata\local\{DE313F11-E73C-4E86-9EC4-549E50708446}
2012-08-08 10:23:20 -------- d-----w- c:\users\shadowbane ind\appdata\local\{DFDF239B-CCF7-42D5-B1BA-BF592C3612CD}
2012-08-08 09:23:54 -------- d-----w- c:\users\shadowbane ind\appdata\local\{EBCA9A59-605A-4E42-80B6-4B4E1CBA10B9}
2012-08-08 09:23:32 -------- d-----w- c:\users\shadowbane ind\appdata\local\{7F1CC82A-682F-462A-8DD2-4EC419F516BB}
2012-08-08 08:21:48 -------- d-----w- c:\users\shadowbane ind\appdata\local\{70EAE6D5-6379-41A3-BB08-66732EB9A581}
2012-08-08 08:21:38 -------- d-----w- c:\users\shadowbane ind\appdata\local\{651675A6-67AA-4D98-B5F6-C6A1BDCBED6A}
2012-08-08 07:21:03 -------- d-----w- c:\users\shadowbane ind\appdata\local\{6065EC8A-5CF7-4EC0-B5D4-26C28EC20AB1}
2012-08-08 07:20:32 -------- d-----w- c:\users\shadowbane ind\appdata\local\{9340639E-3061-47B8-9A31-F40C6D396253}
2012-08-05 20:21:02 -------- d-----w- c:\users\shadowbane ind\appdata\local\{931D4D5C-30AA-4273-B4DA-D073DD5936DC}
2012-08-05 20:20:49 -------- d-----w- c:\users\shadowbane ind\appdata\local\{0C7731F3-086B-4609-8441-D02B54558EE8}
2012-08-05 08:39:13 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2012-08-05 08:27:48 -------- d-----w- c:\program files\THQ
2012-08-05 03:37:06 -------- d-----w- c:\users\shadowbane ind\appdata\local\{BC2433FF-27B5-4B6C-A45D-1F47871F30F3}
2012-08-05 03:36:53 -------- d-----w- c:\users\shadowbane ind\appdata\local\{40D6BD63-61D9-4EA6-8259-F6BD15A0E00C}
.
==================== Find3M ====================
.
2012-08-18 17:36:14 1264 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-08-15 16:07:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 16:07:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 03:07:44 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 22:28:08.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 PM

Posted 20 August 2012 - 03:50 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 McCragge

McCragge
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 20 August 2012 - 10:19 PM

Wow, I wasn't expecting a reply so soon. Thank you very much for that :)

Anyway, I didn't have any problems downloading, running programs or following your well laid out instructions. The computer, when surfing the web seems to be a bit faster now, however I still have the Google Redirect Virus.

Here is the log from the Security Check first and then the Combofix afterwards.

+_+_+_+_+_+_+

Results of screen317's Security Check version 0.99.46
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
AVG PC Tuneup
Java™ 6 Update 31
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


+_+_+_+_+_+_+_+

ComboFix 12-08-20.02 - ShadowBane Ind 08/20/2012 20:00:04.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1268 [GMT -7:00]
Running from: c:\users\ShadowBane Ind\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))
.
.
2012-08-21 03:04 . 2012-08-21 03:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-18 17:47 . 2012-08-18 17:47 -------- d-----w- c:\windows\en
2012-08-18 17:44 . 2012-08-18 17:44 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-18 17:37 . 2012-08-18 17:37 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\2756eb281cd7d6801\DXSETUP.exe
2012-08-18 17:37 . 2012-08-18 17:37 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\2756eb281cd7d6801\dsetup32.dll
2012-08-18 17:37 . 2012-08-18 17:37 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\2756eb281cd7d6801\DSETUP.dll
2012-08-16 10:01 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 03:40 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 03:08 . 2012-08-15 03:08 -------- d-----w- c:\program files\Common Files\Java
2012-08-15 03:08 . 2012-08-15 03:07 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-08 16:23 . 2012-08-08 16:25 -------- d-----w- c:\users\ShadowBane Ind\AppData\Roaming\AVG
2012-08-08 10:36 . 2012-08-08 10:36 -------- d-----w- C:\$AVG
2012-08-05 08:39 . 2012-08-05 08:39 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2012-08-05 08:27 . 2012-08-05 08:27 -------- d-----w- c:\program files\THQ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 16:07 . 2012-04-03 20:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 16:07 . 2011-10-16 16:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 03:07 . 2010-10-14 06:15 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-05 16:47 . 2012-07-11 05:46 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 05:46 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 05:46 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 12:05 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 12:06 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 12:06 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:05 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 12:05 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 12:06 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 12:06 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 12:05 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-21 12:05 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 00:04 . 2012-07-11 05:46 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 05:46 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-19 02:38 . 2012-05-13 15:24 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-05 1353080]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"Download"="c:\users\ShadowBane Ind\AppData\Local\SupportSoft\ddoctorv2\ShadowBane Ind\SSGet.exe" [2012-01-11 987648]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:07]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\ShadowBane Ind\AppData\Roaming\Mozilla\Firefox\Profiles\91vsuoll.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-20 20:05
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-20 20:06:28
ComboFix-quarantined-files.txt 2012-08-21 03:06
.
Pre-Run: 101,851,475,968 bytes free
Post-Run: 101,888,086,016 bytes free
.
- - End Of File - - 05985EC800DE51F9D6BBEF82CA1BFA37

Edited by McCragge, 20 August 2012 - 10:20 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 PM

Posted 21 August 2012 - 12:54 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 McCragge

McCragge
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 21 August 2012 - 04:01 AM

Still getting the Google Redirect Virus, web browser loaded rather slowly, but seems to be browsing the web normally thus far.

Here are the logs you requested, first is TDSSkiller followed by aswMBR

+_+_+_+_+_+_+_+_+

01:33:27.0091 6072 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
01:33:27.0683 6072 ============================================================
01:33:27.0683 6072 Current date / time: 2012/08/21 01:33:27.0683
01:33:27.0683 6072 SystemInfo:
01:33:27.0683 6072
01:33:27.0683 6072 OS Version: 6.0.6002 ServicePack: 2.0
01:33:27.0683 6072 Product type: Workstation
01:33:27.0683 6072 ComputerName: WIFEII
01:33:27.0683 6072 UserName: ShadowBane Ind
01:33:27.0683 6072 Windows directory: C:\Windows
01:33:27.0683 6072 System windows directory: C:\Windows
01:33:27.0683 6072 Processor architecture: Intel x86
01:33:27.0683 6072 Number of processors: 4
01:33:27.0683 6072 Page size: 0x1000
01:33:27.0683 6072 Boot type: Normal boot
01:33:27.0683 6072 ============================================================
01:33:28.0444 6072 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:33:28.0518 6072 ============================================================
01:33:28.0518 6072 \Device\Harddisk0\DR0:
01:33:28.0518 6072 MBR partitions:
01:33:28.0518 6072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
01:33:28.0518 6072 ============================================================
01:33:28.0579 6072 C: <-> \Device\Harddisk0\DR0\Partition1
01:33:28.0579 6072 ============================================================
01:33:28.0579 6072 Initialize success
01:33:28.0579 6072 ============================================================
01:33:31.0468 3604 ============================================================
01:33:31.0468 3604 Scan started
01:33:31.0468 3604 Mode: Manual;
01:33:31.0468 3604 ============================================================
01:33:31.0765 3604 ================ Scan system memory ========================
01:33:31.0766 3604 System memory - ok
01:33:31.0766 3604 ================ Scan services =============================
01:33:32.0838 3604 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
01:33:32.0844 3604 ACPI - ok
01:33:32.0993 3604 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
01:33:33.0022 3604 AdobeARMservice - ok
01:33:33.0117 3604 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:33:33.0121 3604 AdobeFlashPlayerUpdateSvc - ok
01:33:33.0190 3604 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:33:33.0207 3604 adp94xx - ok
01:33:33.0230 3604 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:33:33.0235 3604 adpahci - ok
01:33:33.0261 3604 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
01:33:33.0263 3604 adpu160m - ok
01:33:33.0288 3604 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:33:33.0291 3604 adpu320 - ok
01:33:33.0330 3604 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:33:33.0332 3604 AeLookupSvc - ok
01:33:33.0370 3604 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
01:33:33.0374 3604 AFD - ok
01:33:33.0413 3604 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:33:33.0415 3604 agp440 - ok
01:33:33.0450 3604 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
01:33:33.0452 3604 aic78xx - ok
01:33:33.0491 3604 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
01:33:33.0493 3604 ALG - ok
01:33:33.0507 3604 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
01:33:33.0509 3604 aliide - ok
01:33:33.0532 3604 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
01:33:33.0534 3604 amdagp - ok
01:33:33.0555 3604 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
01:33:33.0556 3604 amdide - ok
01:33:33.0579 3604 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
01:33:33.0581 3604 AmdK7 - ok
01:33:33.0599 3604 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:33:33.0601 3604 AmdK8 - ok
01:33:33.0654 3604 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
01:33:33.0656 3604 Appinfo - ok
01:33:33.0733 3604 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:33:33.0736 3604 Apple Mobile Device - ok
01:33:33.0791 3604 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
01:33:33.0793 3604 arc - ok
01:33:33.0823 3604 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:33:33.0826 3604 arcsas - ok
01:33:33.0870 3604 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:33:33.0871 3604 AsyncMac - ok
01:33:33.0899 3604 [ 4F4FCB8B6EA06784FB6D475B7EC7300F ] atapi C:\Windows\system32\drivers\atapi.sys
01:33:33.0900 3604 atapi - ok
01:33:33.0952 3604 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:33:33.0956 3604 AudioEndpointBuilder - ok
01:33:33.0968 3604 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
01:33:33.0971 3604 Audiosrv - ok
01:33:34.0469 3604 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
01:33:34.0565 3604 AVGIDSAgent - ok
01:33:34.0624 3604 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
01:33:34.0626 3604 AVGIDSDriver - ok
01:33:34.0675 3604 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
01:33:34.0676 3604 AVGIDSFilter - ok
01:33:34.0750 3604 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
01:33:34.0751 3604 AVGIDSHX - ok
01:33:34.0810 3604 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
01:33:34.0811 3604 AVGIDSShim - ok
01:33:34.0874 3604 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
01:33:34.0876 3604 Avgldx86 - ok
01:33:34.0907 3604 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
01:33:34.0908 3604 Avgmfx86 - ok
01:33:34.0950 3604 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
01:33:34.0952 3604 Avgrkx86 - ok
01:33:34.0982 3604 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
01:33:34.0987 3604 Avgtdix - ok
01:33:35.0048 3604 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
01:33:35.0051 3604 avgwd - ok
01:33:35.0136 3604 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
01:33:35.0137 3604 Beep - ok
01:33:35.0172 3604 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
01:33:35.0177 3604 BFE - ok
01:33:35.0225 3604 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
01:33:35.0242 3604 BITS - ok
01:33:35.0246 3604 blbdrive - ok
01:33:35.0304 3604 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:33:35.0310 3604 Bonjour Service - ok
01:33:35.0353 3604 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:33:35.0355 3604 bowser - ok
01:33:35.0404 3604 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
01:33:35.0406 3604 BrFiltLo - ok
01:33:35.0414 3604 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
01:33:35.0415 3604 BrFiltUp - ok
01:33:35.0455 3604 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
01:33:35.0456 3604 Browser - ok
01:33:35.0479 3604 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
01:33:35.0481 3604 Brserid - ok
01:33:35.0493 3604 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
01:33:35.0495 3604 BrSerWdm - ok
01:33:35.0507 3604 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
01:33:35.0509 3604 BrUsbMdm - ok
01:33:35.0513 3604 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
01:33:35.0514 3604 BrUsbSer - ok
01:33:35.0521 3604 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:33:35.0522 3604 BTHMODEM - ok
01:33:35.0616 3604 catchme - ok
01:33:35.0681 3604 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:33:35.0683 3604 cdfs - ok
01:33:35.0707 3604 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:33:35.0709 3604 cdrom - ok
01:33:35.0742 3604 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
01:33:35.0743 3604 CertPropSvc - ok
01:33:35.0777 3604 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
01:33:35.0779 3604 circlass - ok
01:33:35.0802 3604 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
01:33:35.0806 3604 CLFS - ok
01:33:35.0857 3604 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:33:35.0860 3604 clr_optimization_v2.0.50727_32 - ok
01:33:35.0976 3604 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:33:36.0011 3604 clr_optimization_v4.0.30319_32 - ok
01:33:36.0037 3604 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:33:36.0038 3604 cmdide - ok
01:33:36.0079 3604 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
01:33:36.0080 3604 Compbatt - ok
01:33:36.0085 3604 COMSysApp - ok
01:33:36.0104 3604 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:33:36.0106 3604 crcdisk - ok
01:33:36.0127 3604 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
01:33:36.0128 3604 Crusoe - ok
01:33:36.0165 3604 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:33:36.0168 3604 CryptSvc - ok
01:33:36.0284 3604 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
01:33:36.0285 3604 DAUpdaterSvc - ok
01:33:36.0341 3604 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:33:36.0358 3604 DcomLaunch - ok
01:33:36.0387 3604 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:33:36.0390 3604 DfsC - ok
01:33:36.0474 3604 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
01:33:36.0521 3604 DFSR - ok
01:33:36.0570 3604 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
01:33:36.0574 3604 Dhcp - ok
01:33:36.0607 3604 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
01:33:36.0609 3604 disk - ok
01:33:36.0658 3604 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:33:36.0660 3604 Dnscache - ok
01:33:36.0684 3604 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:33:36.0687 3604 dot3svc - ok
01:33:36.0734 3604 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
01:33:36.0738 3604 DPS - ok
01:33:36.0797 3604 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:33:36.0799 3604 drmkaud - ok
01:33:36.0851 3604 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:33:36.0868 3604 DXGKrnl - ok
01:33:36.0905 3604 [ 2269390A8AF6E2C1C381CC15AFCCF0AC ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
01:33:36.0910 3604 e1express - ok
01:33:36.0975 3604 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
01:33:36.0978 3604 E1G60 - ok
01:33:37.0009 3604 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
01:33:37.0011 3604 EapHost - ok
01:33:37.0061 3604 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
01:33:37.0064 3604 Ecache - ok
01:33:37.0118 3604 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:33:37.0122 3604 ehRecvr - ok
01:33:37.0145 3604 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
01:33:37.0147 3604 ehSched - ok
01:33:37.0154 3604 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
01:33:37.0155 3604 ehstart - ok
01:33:37.0177 3604 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:33:37.0182 3604 elxstor - ok
01:33:37.0224 3604 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
01:33:37.0241 3604 EMDMgmt - ok
01:33:37.0277 3604 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
01:33:37.0281 3604 EventSystem - ok
01:33:37.0317 3604 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
01:33:37.0320 3604 exfat - ok
01:33:37.0363 3604 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:33:37.0366 3604 fastfat - ok
01:33:37.0424 3604 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:33:37.0425 3604 fdc - ok
01:33:37.0441 3604 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
01:33:37.0442 3604 fdPHost - ok
01:33:37.0464 3604 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
01:33:37.0465 3604 FDResPub - ok
01:33:37.0521 3604 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:33:37.0523 3604 FileInfo - ok
01:33:37.0569 3604 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:33:37.0570 3604 Filetrace - ok
01:33:37.0611 3604 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:33:37.0613 3604 flpydisk - ok
01:33:37.0619 3604 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:33:37.0624 3604 FltMgr - ok
01:33:37.0705 3604 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
01:33:37.0722 3604 FontCache - ok
01:33:37.0770 3604 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:33:37.0772 3604 FontCache3.0.0.0 - ok
01:33:37.0813 3604 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:33:37.0833 3604 Fs_Rec - ok
01:33:37.0859 3604 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:33:37.0861 3604 gagp30kx - ok
01:33:37.0910 3604 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:33:37.0912 3604 GEARAspiWDM - ok
01:33:37.0952 3604 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
01:33:37.0970 3604 gpsvc - ok
01:33:38.0010 3604 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:33:38.0015 3604 HdAudAddService - ok
01:33:38.0046 3604 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:33:38.0064 3604 HDAudBus - ok
01:33:38.0078 3604 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:33:38.0080 3604 HidBth - ok
01:33:38.0099 3604 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
01:33:38.0101 3604 HidIr - ok
01:33:38.0109 3604 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
01:33:38.0110 3604 hidserv - ok
01:33:38.0131 3604 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:33:38.0133 3604 HidUsb - ok
01:33:38.0175 3604 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:33:38.0178 3604 hkmsvc - ok
01:33:38.0188 3604 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
01:33:38.0189 3604 HpCISSs - ok
01:33:38.0239 3604 [ 1882827F41DEE51C70E24C567C35BFB5 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
01:33:38.0281 3604 HSF_DPV - ok
01:33:38.0299 3604 [ 5F60F0AD32D43B9AB9AC9373117D8E54 ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys
01:33:38.0304 3604 HSXHWBS2 - ok
01:33:38.0323 3604 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:33:38.0339 3604 HTTP - ok
01:33:38.0363 3604 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
01:33:38.0364 3604 i2omp - ok
01:33:38.0405 3604 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
01:33:38.0406 3604 i8042prt - ok
01:33:38.0420 3604 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
01:33:38.0422 3604 iaStorV - ok
01:33:38.0459 3604 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:33:38.0476 3604 idsvc - ok
01:33:38.0503 3604 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:33:38.0506 3604 iirsp - ok
01:33:38.0565 3604 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
01:33:38.0572 3604 IKEEXT - ok
01:33:38.0596 3604 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
01:33:38.0597 3604 intelide - ok
01:33:38.0621 3604 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:33:38.0623 3604 intelppm - ok
01:33:38.0697 3604 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:33:38.0699 3604 IPBusEnum - ok
01:33:38.0738 3604 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:33:38.0739 3604 IpFilterDriver - ok
01:33:38.0772 3604 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:33:38.0775 3604 iphlpsvc - ok
01:33:38.0779 3604 IpInIp - ok
01:33:38.0804 3604 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
01:33:38.0806 3604 IPMIDRV - ok
01:33:38.0841 3604 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
01:33:38.0844 3604 IPNAT - ok
01:33:38.0920 3604 [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:33:38.0937 3604 iPod Service - ok
01:33:38.0984 3604 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:33:38.0986 3604 IRENUM - ok
01:33:39.0009 3604 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:33:39.0010 3604 isapnp - ok
01:33:39.0054 3604 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
01:33:39.0058 3604 iScsiPrt - ok
01:33:39.0071 3604 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
01:33:39.0072 3604 iteatapi - ok
01:33:39.0098 3604 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
01:33:39.0100 3604 iteraid - ok
01:33:39.0127 3604 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:33:39.0129 3604 kbdclass - ok
01:33:39.0144 3604 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
01:33:39.0146 3604 kbdhid - ok
01:33:39.0184 3604 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
01:33:39.0187 3604 KeyIso - ok
01:33:39.0249 3604 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:33:39.0266 3604 KSecDD - ok
01:33:39.0320 3604 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
01:33:39.0327 3604 KtmRm - ok
01:33:39.0363 3604 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
01:33:39.0368 3604 LanmanServer - ok
01:33:39.0395 3604 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:33:39.0400 3604 LanmanWorkstation - ok
01:33:39.0447 3604 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:33:39.0449 3604 lltdio - ok
01:33:39.0500 3604 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:33:39.0505 3604 lltdsvc - ok
01:33:39.0580 3604 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:33:39.0582 3604 lmhosts - ok
01:33:39.0636 3604 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:33:39.0638 3604 LSI_FC - ok
01:33:39.0652 3604 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:33:39.0653 3604 LSI_SAS - ok
01:33:39.0706 3604 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:33:39.0708 3604 LSI_SCSI - ok
01:33:39.0748 3604 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
01:33:39.0750 3604 luafv - ok
01:33:39.0793 3604 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:33:39.0796 3604 Mcx2Svc - ok
01:33:39.0813 3604 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
01:33:39.0814 3604 mdmxsdk - ok
01:33:39.0849 3604 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
01:33:39.0851 3604 megasas - ok
01:33:39.0887 3604 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
01:33:39.0889 3604 MMCSS - ok
01:33:39.0929 3604 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
01:33:39.0931 3604 Modem - ok
01:33:39.0950 3604 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:33:39.0952 3604 monitor - ok
01:33:39.0966 3604 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:33:39.0968 3604 mouclass - ok
01:33:39.0982 3604 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:33:39.0983 3604 mouhid - ok
01:33:40.0024 3604 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
01:33:40.0026 3604 MountMgr - ok
01:33:40.0068 3604 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:33:40.0070 3604 MozillaMaintenance - ok
01:33:40.0101 3604 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
01:33:40.0103 3604 mpio - ok
01:33:40.0138 3604 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:33:40.0139 3604 mpsdrv - ok
01:33:40.0170 3604 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
01:33:40.0178 3604 MpsSvc - ok
01:33:40.0203 3604 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
01:33:40.0205 3604 Mraid35x - ok
01:33:40.0238 3604 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:33:40.0241 3604 MRxDAV - ok
01:33:40.0260 3604 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:33:40.0263 3604 mrxsmb - ok
01:33:40.0289 3604 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:33:40.0293 3604 mrxsmb10 - ok
01:33:40.0308 3604 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:33:40.0310 3604 mrxsmb20 - ok
01:33:40.0327 3604 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
01:33:40.0329 3604 msahci - ok
01:33:40.0353 3604 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:33:40.0355 3604 msdsm - ok
01:33:40.0389 3604 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
01:33:40.0392 3604 MSDTC - ok
01:33:40.0472 3604 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:33:40.0476 3604 Msfs - ok
01:33:40.0504 3604 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:33:40.0506 3604 msisadrv - ok
01:33:40.0553 3604 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:33:40.0557 3604 MSiSCSI - ok
01:33:40.0561 3604 msiserver - ok
01:33:40.0605 3604 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:33:40.0606 3604 MSKSSRV - ok
01:33:40.0647 3604 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:33:40.0649 3604 MSPCLOCK - ok
01:33:40.0691 3604 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:33:40.0692 3604 MSPQM - ok
01:33:40.0727 3604 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:33:40.0731 3604 MsRPC - ok
01:33:40.0746 3604 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:33:40.0748 3604 mssmbios - ok
01:33:40.0760 3604 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:33:40.0762 3604 MSTEE - ok
01:33:40.0775 3604 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
01:33:40.0777 3604 Mup - ok
01:33:40.0801 3604 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
01:33:40.0807 3604 napagent - ok
01:33:40.0842 3604 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:33:40.0845 3604 NativeWifiP - ok
01:33:40.0877 3604 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:33:40.0894 3604 NDIS - ok
01:33:40.0918 3604 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:33:40.0919 3604 NdisTapi - ok
01:33:40.0947 3604 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:33:40.0949 3604 Ndisuio - ok
01:33:40.0977 3604 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:33:40.0979 3604 NdisWan - ok
01:33:41.0022 3604 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:33:41.0024 3604 NDProxy - ok
01:33:41.0034 3604 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:33:41.0035 3604 NetBIOS - ok
01:33:41.0045 3604 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
01:33:41.0049 3604 netbt - ok
01:33:41.0052 3604 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
01:33:41.0054 3604 Netlogon - ok
01:33:41.0104 3604 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
01:33:41.0108 3604 Netman - ok
01:33:41.0158 3604 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
01:33:41.0164 3604 netprofm - ok
01:33:41.0197 3604 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:33:41.0200 3604 NetTcpPortSharing - ok
01:33:41.0244 3604 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:33:41.0246 3604 nfrd960 - ok
01:33:41.0277 3604 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:33:41.0281 3604 NlaSvc - ok
01:33:41.0295 3604 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:33:41.0297 3604 Npfs - ok
01:33:41.0335 3604 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
01:33:41.0337 3604 nsi - ok
01:33:41.0379 3604 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:33:41.0380 3604 nsiproxy - ok
01:33:41.0425 3604 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:33:41.0468 3604 Ntfs - ok
01:33:41.0482 3604 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
01:33:41.0484 3604 ntrigdigi - ok
01:33:41.0507 3604 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
01:33:41.0508 3604 Null - ok
01:33:41.0739 3604 [ 377140A534D013BD661C69F1741DE43C ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:33:41.0943 3604 nvlddmkm - ok
01:33:41.0967 3604 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:33:41.0970 3604 nvraid - ok
01:33:41.0978 3604 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:33:41.0979 3604 nvstor - ok
01:33:42.0001 3604 [ 4ED813EFD77A9B7E57E341CDC1C5CBC4 ] nvsvc C:\Windows\system32\nvvsvc.exe
01:33:42.0005 3604 nvsvc - ok
01:33:42.0020 3604 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:33:42.0022 3604 nv_agp - ok
01:33:42.0026 3604 NwlnkFlt - ok
01:33:42.0032 3604 NwlnkFwd - ok
01:33:42.0094 3604 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
01:33:42.0096 3604 ohci1394 - ok
01:33:42.0131 3604 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
01:33:42.0147 3604 p2pimsvc - ok
01:33:42.0160 3604 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
01:33:42.0167 3604 p2psvc - ok
01:33:42.0191 3604 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
01:33:42.0193 3604 Parport - ok
01:33:42.0244 3604 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:33:42.0246 3604 partmgr - ok
01:33:42.0265 3604 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
01:33:42.0267 3604 Parvdm - ok
01:33:42.0310 3604 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
01:33:42.0312 3604 PcaSvc - ok
01:33:42.0333 3604 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
01:33:42.0336 3604 pci - ok
01:33:42.0348 3604 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
01:33:42.0350 3604 pciide - ok
01:33:42.0378 3604 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:33:42.0382 3604 pcmcia - ok
01:33:42.0423 3604 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:33:42.0439 3604 PEAUTH - ok
01:33:42.0508 3604 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
01:33:42.0542 3604 pla - ok
01:33:42.0598 3604 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:33:42.0603 3604 PlugPlay - ok
01:33:42.0617 3604 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
01:33:42.0624 3604 PNRPAutoReg - ok
01:33:42.0636 3604 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
01:33:42.0642 3604 PNRPsvc - ok
01:33:42.0676 3604 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:33:42.0683 3604 PolicyAgent - ok
01:33:42.0700 3604 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:33:42.0702 3604 PptpMiniport - ok
01:33:42.0722 3604 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
01:33:42.0724 3604 Processor - ok
01:33:42.0759 3604 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
01:33:42.0763 3604 ProfSvc - ok
01:33:42.0775 3604 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
01:33:42.0777 3604 ProtectedStorage - ok
01:33:42.0812 3604 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\system32\PSIService.exe
01:33:42.0817 3604 ProtexisLicensing - ok
01:33:42.0838 3604 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
01:33:42.0840 3604 PSched - ok
01:33:42.0884 3604 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:33:42.0901 3604 ql2300 - ok
01:33:42.0932 3604 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:33:42.0935 3604 ql40xx - ok
01:33:42.0975 3604 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
01:33:42.0981 3604 QWAVE - ok
01:33:43.0027 3604 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:33:43.0029 3604 QWAVEdrv - ok
01:33:43.0070 3604 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:33:43.0072 3604 RasAcd - ok
01:33:43.0119 3604 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
01:33:43.0122 3604 RasAuto - ok
01:33:43.0167 3604 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:33:43.0170 3604 Rasl2tp - ok
01:33:43.0202 3604 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
01:33:43.0207 3604 RasMan - ok
01:33:43.0231 3604 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:33:43.0233 3604 RasPppoe - ok
01:33:43.0239 3604 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:33:43.0241 3604 RasSstp - ok
01:33:43.0270 3604 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:33:43.0275 3604 rdbss - ok
01:33:43.0319 3604 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:33:43.0320 3604 RDPCDD - ok
01:33:43.0356 3604 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
01:33:43.0361 3604 rdpdr - ok
01:33:43.0373 3604 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:33:43.0375 3604 RDPENCDD - ok
01:33:43.0435 3604 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:33:43.0439 3604 RDPWD - ok
01:33:43.0499 3604 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:33:43.0502 3604 RemoteAccess - ok
01:33:43.0509 3604 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:33:43.0513 3604 RemoteRegistry - ok
01:33:43.0538 3604 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
01:33:43.0540 3604 RpcLocator - ok
01:33:43.0558 3604 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
01:33:43.0564 3604 RpcSs - ok
01:33:43.0623 3604 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:33:43.0625 3604 rspndr - ok
01:33:43.0629 3604 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
01:33:43.0632 3604 SamSs - ok
01:33:43.0663 3604 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:33:43.0666 3604 sbp2port - ok
01:33:43.0699 3604 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:33:43.0702 3604 SCardSvr - ok
01:33:43.0735 3604 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
01:33:43.0753 3604 Schedule - ok
01:33:43.0800 3604 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
01:33:43.0800 3604 SCPolicySvc - ok
01:33:43.0822 3604 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:33:43.0825 3604 SDRSVC - ok
01:33:43.0829 3604 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:33:43.0830 3604 secdrv - ok
01:33:43.0864 3604 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
01:33:43.0866 3604 seclogon - ok
01:33:43.0871 3604 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
01:33:43.0874 3604 SENS - ok
01:33:43.0887 3604 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
01:33:43.0889 3604 Serenum - ok
01:33:43.0898 3604 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
01:33:43.0900 3604 Serial - ok
01:33:43.0913 3604 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:33:43.0915 3604 sermouse - ok
01:33:43.0961 3604 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
01:33:43.0964 3604 SessionEnv - ok
01:33:43.0976 3604 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:33:43.0978 3604 sffdisk - ok
01:33:43.0992 3604 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:33:43.0993 3604 sffp_mmc - ok
01:33:44.0007 3604 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:33:44.0008 3604 sffp_sd - ok
01:33:44.0014 3604 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:33:44.0015 3604 sfloppy - ok
01:33:44.0036 3604 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:33:44.0041 3604 SharedAccess - ok
01:33:44.0087 3604 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:33:44.0092 3604 ShellHWDetection - ok
01:33:44.0117 3604 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
01:33:44.0119 3604 sisagp - ok
01:33:44.0135 3604 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
01:33:44.0137 3604 SiSRaid2 - ok
01:33:44.0150 3604 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:33:44.0152 3604 SiSRaid4 - ok
01:33:44.0248 3604 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
01:33:44.0278 3604 SkypeUpdate - ok
01:33:44.0387 3604 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
01:33:44.0485 3604 slsvc - ok
01:33:44.0506 3604 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
01:33:44.0509 3604 SLUINotify - ok
01:33:44.0520 3604 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:33:44.0522 3604 Smb - ok
01:33:44.0551 3604 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:33:44.0554 3604 SNMPTRAP - ok
01:33:44.0597 3604 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
01:33:44.0599 3604 spldr - ok
01:33:44.0649 3604 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
01:33:44.0654 3604 Spooler - ok
01:33:44.0723 3604 [ C3716EC0D36AD924B6888D794563E647 ] sprtsvc_ddoctorv2 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
01:33:44.0756 3604 sprtsvc_ddoctorv2 - ok
01:33:44.0792 3604 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
01:33:44.0796 3604 srv - ok
01:33:44.0832 3604 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:33:44.0835 3604 srv2 - ok
01:33:44.0843 3604 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:33:44.0846 3604 srvnet - ok
01:33:44.0856 3604 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:33:44.0860 3604 SSDPSRV - ok
01:33:44.0928 3604 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:33:44.0931 3604 SstpSvc - ok
01:33:44.0943 3604 Steam Client Service - ok
01:33:44.0986 3604 [ 29662881A46DB66730C62A4F1BFA3DC2 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:33:44.0989 3604 Stereo Service - ok
01:33:45.0037 3604 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
01:33:45.0054 3604 stisvc - ok
01:33:45.0069 3604 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:33:45.0071 3604 swenum - ok
01:33:45.0098 3604 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
01:33:45.0104 3604 swprv - ok
01:33:45.0134 3604 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
01:33:45.0136 3604 Symc8xx - ok
01:33:45.0146 3604 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
01:33:45.0149 3604 Sym_hi - ok
01:33:45.0166 3604 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
01:33:45.0168 3604 Sym_u3 - ok
01:33:45.0196 3604 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
01:33:45.0214 3604 SysMain - ok
01:33:45.0235 3604 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:33:45.0239 3604 TabletInputService - ok
01:33:45.0263 3604 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:33:45.0269 3604 TapiSrv - ok
01:33:45.0317 3604 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
01:33:45.0321 3604 TBS - ok
01:33:45.0393 3604 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:33:45.0410 3604 Tcpip - ok
01:33:45.0449 3604 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
01:33:45.0457 3604 Tcpip6 - ok
01:33:45.0477 3604 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:33:45.0479 3604 tcpipreg - ok
01:33:45.0536 3604 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:33:45.0538 3604 TDPIPE - ok
01:33:45.0581 3604 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:33:45.0583 3604 TDTCP - ok
01:33:45.0606 3604 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:33:45.0609 3604 tdx - ok
01:33:45.0635 3604 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:33:45.0636 3604 TermDD - ok
01:33:45.0650 3604 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
01:33:45.0667 3604 TermService - ok
01:33:45.0687 3604 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
01:33:45.0691 3604 Themes - ok
01:33:45.0703 3604 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
01:33:45.0705 3604 THREADORDER - ok
01:33:45.0755 3604 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
01:33:45.0759 3604 TrkWks - ok
01:33:45.0783 3604 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:33:45.0785 3604 TrustedInstaller - ok
01:33:45.0805 3604 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:33:45.0807 3604 tssecsrv - ok
01:33:45.0811 3604 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
01:33:45.0813 3604 tunmp - ok
01:33:45.0831 3604 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:33:45.0832 3604 tunnel - ok
01:33:45.0864 3604 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:33:45.0866 3604 uagp35 - ok
01:33:45.0901 3604 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:33:45.0905 3604 udfs - ok
01:33:45.0950 3604 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:33:45.0953 3604 UI0Detect - ok
01:33:45.0978 3604 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:33:45.0981 3604 uliagpkx - ok
01:33:46.0002 3604 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
01:33:46.0007 3604 uliahci - ok
01:33:46.0011 3604 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
01:33:46.0015 3604 UlSata - ok
01:33:46.0039 3604 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
01:33:46.0042 3604 ulsata2 - ok
01:33:46.0065 3604 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:33:46.0067 3604 umbus - ok
01:33:46.0112 3604 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
01:33:46.0118 3604 upnphost - ok
01:33:46.0173 3604 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
01:33:46.0175 3604 USBAAPL - ok
01:33:46.0232 3604 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:33:46.0234 3604 usbccgp - ok
01:33:46.0258 3604 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:33:46.0260 3604 usbcir - ok
01:33:46.0289 3604 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:33:46.0291 3604 usbehci - ok
01:33:46.0305 3604 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:33:46.0309 3604 usbhub - ok
01:33:46.0322 3604 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:33:46.0324 3604 usbohci - ok
01:33:46.0342 3604 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
01:33:46.0343 3604 usbprint - ok
01:33:46.0362 3604 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:33:46.0365 3604 USBSTOR - ok
01:33:46.0384 3604 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:33:46.0386 3604 usbuhci - ok
01:33:46.0400 3604 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
01:33:46.0404 3604 UxSms - ok
01:33:46.0426 3604 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
01:33:46.0443 3604 vds - ok
01:33:46.0462 3604 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:33:46.0463 3604 vga - ok
01:33:46.0510 3604 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
01:33:46.0512 3604 VgaSave - ok
01:33:46.0536 3604 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
01:33:46.0538 3604 viaagp - ok
01:33:46.0546 3604 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
01:33:46.0548 3604 ViaC7 - ok
01:33:46.0559 3604 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
01:33:46.0561 3604 viaide - ok
01:33:46.0581 3604 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:33:46.0583 3604 volmgr - ok
01:33:46.0612 3604 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:33:46.0617 3604 volmgrx - ok
01:33:46.0632 3604 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:33:46.0635 3604 volsnap - ok
01:33:46.0658 3604 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:33:46.0661 3604 vsmraid - ok
01:33:46.0710 3604 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
01:33:46.0735 3604 VSS - ok
01:33:46.0773 3604 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
01:33:46.0779 3604 W32Time - ok
01:33:46.0796 3604 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:33:46.0798 3604 WacomPen - ok
01:33:46.0841 3604 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
01:33:46.0843 3604 Wanarp - ok
01:33:46.0846 3604 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:33:46.0847 3604 Wanarpv6 - ok
01:33:46.0862 3604 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:33:46.0871 3604 wcncsvc - ok
01:33:46.0897 3604 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:33:46.0900 3604 WcsPlugInService - ok
01:33:46.0915 3604 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
01:33:46.0918 3604 Wd - ok
01:33:46.0965 3604 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:33:46.0981 3604 Wdf01000 - ok
01:33:47.0040 3604 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:33:47.0043 3604 WdiServiceHost - ok
01:33:47.0046 3604 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:33:47.0048 3604 WdiSystemHost - ok
01:33:47.0101 3604 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
01:33:47.0105 3604 WebClient - ok
01:33:47.0144 3604 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:33:47.0148 3604 Wecsvc - ok
01:33:47.0193 3604 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:33:47.0195 3604 wercplsupport - ok
01:33:47.0223 3604 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
01:33:47.0226 3604 WerSvc - ok
01:33:47.0248 3604 [ E096FFB754F1E45AE1BDDAC1275AE2C5 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
01:33:47.0264 3604 winachsf - ok
01:33:47.0350 3604 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
01:33:47.0356 3604 WinDefend - ok
01:33:47.0364 3604 WinHttpAutoProxySvc - ok
01:33:47.0474 3604 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:33:47.0477 3604 Winmgmt - ok
01:33:47.0538 3604 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
01:33:47.0563 3604 WinRM - ok
01:33:47.0618 3604 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
01:33:47.0634 3604 Wlansvc - ok
01:33:47.0754 3604 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:33:47.0787 3604 wlidsvc - ok
01:33:47.0838 3604 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:33:47.0839 3604 WmiAcpi - ok
01:33:47.0875 3604 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:33:47.0877 3604 wmiApSrv - ok
01:33:47.0942 3604 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
01:33:47.0959 3604 WMPNetworkSvc - ok
01:33:48.0006 3604 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:33:48.0011 3604 WPCSvc - ok
01:33:48.0059 3604 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:33:48.0064 3604 WPDBusEnum - ok
01:33:48.0109 3604 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
01:33:48.0129 3604 WpdUsb - ok
01:33:48.0281 3604 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:33:48.0297 3604 WPFFontCache_v0400 - ok
01:33:48.0339 3604 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:33:48.0341 3604 ws2ifsl - ok
01:33:48.0357 3604 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
01:33:48.0361 3604 wscsvc - ok
01:33:48.0366 3604 WSearch - ok
01:33:48.0453 3604 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
01:33:48.0493 3604 wuauserv - ok
01:33:48.0540 3604 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:33:48.0543 3604 WUDFRd - ok
01:33:48.0606 3604 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:33:48.0609 3604 wudfsvc - ok
01:33:48.0629 3604 [ E3FCF2870B5D7979B3BF10E98A71C847 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
01:33:48.0631 3604 XAudio - ok
01:33:48.0646 3604 [ 96DB5621857E1FDDD1AA60733748BF17 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
01:33:48.0663 3604 XAudioService - ok
01:33:48.0671 3604 ================ Scan global ===============================
01:33:48.0697 3604 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
01:33:48.0750 3604 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
01:33:48.0774 3604 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
01:33:48.0805 3604 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
01:33:48.0811 3604 [Global] - ok
01:33:48.0811 3604 ================ Scan MBR ==================================
01:33:48.0835 3604 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
01:33:50.0248 3604 \Device\Harddisk0\DR0 - ok
01:33:50.0248 3604 ================ Scan VBR ==================================
01:33:50.0318 3604 [ 741A9991C3CE71BE013893999A3FB6AC ] \Device\Harddisk0\DR0\Partition1
01:33:50.0320 3604 \Device\Harddisk0\DR0\Partition1 - ok
01:33:50.0320 3604 ============================================================
01:33:50.0320 3604 Scan finished
01:33:50.0320 3604 ============================================================
01:33:50.0328 4872 Detected object count: 0
01:33:50.0328 4872 Actual detected object count: 0



+_+_+_+_+_+_+_+_+



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-21 01:35:05
-----------------------------
01:35:05.065 OS Version: Windows 6.0.6002 Service Pack 2
01:35:05.065 Number of processors: 4 586 0xF07
01:35:05.066 ComputerName: WIFEII UserName:
01:35:16.113 Initialize success
01:38:18.448 AVAST engine defs: 12082100
01:38:26.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:38:26.503 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
01:38:26.513 Disk 0 MBR read successfully
01:38:26.516 Disk 0 MBR scan
01:38:26.522 Disk 0 Windows VISTA default MBR code
01:38:26.530 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
01:38:26.537 Disk 0 scanning sectors +625139712
01:38:26.612 Disk 0 scanning C:\Windows\system32\drivers
01:38:36.362 Service scanning
01:38:56.959 Modules scanning
01:39:01.520 Disk 0 trace - called modules:
01:39:01.542 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastorv.sys hal.dll
01:39:01.547 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ac3ac8]
01:39:01.554 3 CLASSPNP.SYS[87fa58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84a99030]
01:39:02.854 AVAST engine scan C:\Windows
01:39:08.326 AVAST engine scan C:\Windows\system32
01:42:10.483 AVAST engine scan C:\Windows\system32\drivers
01:42:22.164 AVAST engine scan C:\Users\ShadowBane Ind
01:48:37.458 AVAST engine scan C:\ProgramData
01:50:00.114 Scan finished successfully
01:50:16.286 Disk 0 MBR has been saved successfully to "C:\Users\ShadowBane Ind\Desktop\MBR.dat"
01:50:16.294 The log file has been saved successfully to "C:\Users\ShadowBane Ind\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 PM

Posted 21 August 2012 - 12:50 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 McCragge

McCragge
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 21 August 2012 - 01:20 PM

Hello Gringo :)

Still have the Google Redirect Virus (should I be reporting this with each post, I am not sure if you are just having me gather log reports or if these programs are actually trying to remove the virus?)

Loading of Firefox and browsing the web seems normal (although better then when we started, much faster)

Ok so here is the OTL report as requested.

+_+_+_+_+_+_+

OTL logfile created on: 8/21/2012 11:07:55 AM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\ShadowBane Ind\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.89% Memory free
4.22 Gb Paging File | 3.09 Gb Available in Paging File | 73.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 94.87 Gb Free Space | 31.83% Space Free | Partition Type: NTFS
Drive D: | 559.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WIFEII | User Name: ShadowBane Ind | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ShadowBane Ind\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe (AVG)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\System32\PSIService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (sprtsvc_ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\SHADOW~1\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3849441781-1122662647-3370659476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3849441781-1122662647-3370659476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3849441781-1122662647-3370659476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 D6 F6 9A 11 1D CD 01 [binary data]
IE - HKU\S-1-5-21-3849441781-1122662647-3370659476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3849441781-1122662647-3370659476-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3849441781-1122662647-3370659476-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3849441781-1122662647-3370659476-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3849441781-1122662647-3370659476-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/08/08 03:37:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/08 03:37:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 19:38:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/14 20:08:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 19:38:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/14 20:08:03 | 000,000,000 | ---D | M]

[2010/08/30 11:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ShadowBane Ind\AppData\Roaming\Mozilla\Extensions
[2012/07/29 02:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ShadowBane Ind\AppData\Roaming\Mozilla\Firefox\Profiles\91vsuoll.default\extensions
[2010/09/03 22:48:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ShadowBane Ind\AppData\Roaming\Mozilla\Firefox\Profiles\91vsuoll.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/13 08:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 02:46:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/08/08 03:37:02 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2008/01/18 22:49:12 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\SHADOWBANE IND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\91VSUOLL.DEFAULT\EXTENSIONS\IJJNIUZAWM@IJJNIUZAWM.ORG.XPI
[2012/07/18 19:38:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/08 01:40:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/08 01:40:28 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/20 20:04:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-3849441781-1122662647-3370659476-1000..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-3849441781-1122662647-3370659476-1000..\Run: [Download] C:\Users\ShadowBane Ind\AppData\Local\SupportSoft\ddoctorv2\ShadowBane Ind\SSGet.exe ()
O4 - HKU\S-1-5-21-3849441781-1122662647-3370659476-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3849441781-1122662647-3370659476-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3849441781-1122662647-3370659476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68F3D073-7DFD-4825-ABC0-19A194A64DF5}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ShadowBane Ind\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\ShadowBane Ind\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/12/14 12:50:58 | 000,000,065 | R--- | M] () - D:\AutoRun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/21 11:05:17 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\ShadowBane Ind\Desktop\OTL.exe
[2012/08/21 01:29:19 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\ShadowBane Ind\Desktop\aswMBR.exe
[2012/08/21 01:28:25 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ShadowBane Ind\Desktop\tdsskiller.exe
[2012/08/20 20:06:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/20 20:06:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/20 19:58:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/20 19:58:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/20 19:58:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/20 19:58:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/20 19:58:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/20 19:55:58 | 004,734,695 | R--- | C] (Swearware) -- C:\Users\ShadowBane Ind\Desktop\ComboFix.exe
[2012/08/19 20:30:11 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{9DC8059A-7592-4737-91E8-318F66C35CB6}
[2012/08/19 20:26:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/18 10:55:49 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{38BFF16F-15A0-411C-BC6A-86A54436FDC9}
[2012/08/18 10:55:38 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{2186F0E6-4C93-4C96-A3C4-14A3C0A6AEA0}
[2012/08/18 10:47:50 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/08/18 10:36:08 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{881DC451-768D-456A-B0F5-56C86A0C2C65}
[2012/08/18 10:35:58 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{246C4320-764C-4123-B9CC-F49F3E732419}
[2012/08/18 10:35:46 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{738C1B85-9912-4219-82CB-FAA117CAF8CB}
[2012/08/18 10:35:31 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{90AA789D-1721-4458-8F32-A8EC71EB55AC}
[2012/08/16 03:21:36 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{B2E06011-DAD9-4C12-BB75-50F4F77BEE11}
[2012/08/16 03:21:22 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{08CC3178-AB5A-4039-8F7E-080A5FD1C619}
[2012/08/16 03:01:09 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/15 07:24:29 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{58DE208E-2BDF-44D7-B904-99F7FD330D7D}
[2012/08/15 07:24:15 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{ADA68E6F-789A-4F0F-8ADF-D8748EB3D097}
[2012/08/15 03:01:43 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/15 03:01:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/15 03:01:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/15 03:01:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/15 03:01:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/15 03:01:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/15 03:01:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 20:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/14 20:08:03 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/08/14 20:08:03 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/11 18:49:38 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{14F260FF-84B7-44F3-9D7E-E6BECBEB2893}
[2012/08/11 18:49:04 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{E0495510-7EBA-4677-976C-8C4DC510CB3C}
[2012/08/11 12:47:15 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{6117EC62-37F3-458D-B5A6-B4FA1A00EEEC}
[2012/08/11 12:46:28 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{F42489FD-6F26-41F8-981F-2719071D0E88}
[2012/08/09 10:27:32 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{20F4C097-4748-42A0-8C1C-7537CB0E3EA0}
[2012/08/09 10:26:40 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{53A8DF8A-C025-45AD-A0E4-6C32FB5AF7F3}
[2012/08/08 09:23:03 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Roaming\AVG
[2012/08/08 09:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/08 09:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/08/08 03:42:29 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{1FA99FD7-903E-4EEE-9A8D-F8D7A6A237CA}
[2012/08/08 03:42:06 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{5643A92C-19FB-4107-AF66-F1FA59922719}
[2012/08/08 03:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/08 03:36:46 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/08/08 03:23:34 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{DE313F11-E73C-4E86-9EC4-549E50708446}
[2012/08/08 03:23:20 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{DFDF239B-CCF7-42D5-B1BA-BF592C3612CD}
[2012/08/08 02:23:54 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{EBCA9A59-605A-4E42-80B6-4B4E1CBA10B9}
[2012/08/08 02:23:32 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{7F1CC82A-682F-462A-8DD2-4EC419F516BB}
[2012/08/08 01:21:48 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{70EAE6D5-6379-41A3-BB08-66732EB9A581}
[2012/08/08 01:21:38 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{651675A6-67AA-4D98-B5F6-C6A1BDCBED6A}
[2012/08/08 00:21:03 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{6065EC8A-5CF7-4EC0-B5D4-26C28EC20AB1}
[2012/08/08 00:20:32 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{9340639E-3061-47B8-9A31-F40C6D396253}
[2012/08/05 13:21:02 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{931D4D5C-30AA-4273-B4DA-D073DD5936DC}
[2012/08/05 13:20:49 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{0C7731F3-086B-4609-8441-D02B54558EE8}
[2012/08/05 01:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012/08/05 01:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2012/08/04 20:37:06 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{BC2433FF-27B5-4B6C-A45D-1F47871F30F3}
[2012/08/04 20:36:53 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\AppData\Local\{40D6BD63-61D9-4EA6-8259-F6BD15A0E00C}
[2012/08/04 20:07:59 | 000,000,000 | ---D | C] -- C:\Users\ShadowBane Ind\Desktop\Stuff
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/21 11:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/21 11:05:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ShadowBane Ind\Desktop\OTL.exe
[2012/08/21 09:54:46 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 09:54:46 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 07:53:09 | 104,538,293 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/21 02:01:08 | 000,604,284 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/21 02:01:08 | 000,103,984 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/21 01:54:55 | 000,057,077 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/08/21 01:54:55 | 000,057,077 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/08/21 01:54:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/21 01:54:41 | 2136,809,472 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/21 01:50:16 | 000,000,512 | ---- | M] () -- C:\Users\ShadowBane Ind\Desktop\MBR.dat
[2012/08/21 01:30:00 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\ShadowBane Ind\Desktop\aswMBR.exe
[2012/08/21 01:28:34 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ShadowBane Ind\Desktop\tdsskiller.exe
[2012/08/20 20:04:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/20 19:56:14 | 004,734,695 | R--- | M] (Swearware) -- C:\Users\ShadowBane Ind\Desktop\ComboFix.exe
[2012/08/19 22:25:36 | 000,000,000 | ---- | M] () -- C:\Users\ShadowBane Ind\defogger_reenable
[2012/08/19 20:48:54 | 000,000,316 | ---- | M] () -- C:\Users\ShadowBane Ind\Documents\backup_reg_001.reg
[2012/08/18 10:36:14 | 000,001,264 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2012/08/16 15:52:18 | 000,126,682 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/16 03:20:45 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/15 09:07:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/15 09:07:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/14 20:07:44 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/08/14 20:07:44 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/08/14 20:07:44 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/14 20:07:44 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/14 20:07:44 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/08 09:21:56 | 000,000,959 | ---- | M] () -- C:\Users\ShadowBane Ind\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/08/08 03:37:27 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/05 01:39:13 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2012/08/05 01:38:05 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\Winter Assault.lnk
[2012/08/05 01:38:05 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\Dawn of War.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/21 01:50:16 | 000,000,512 | ---- | C] () -- C:\Users\ShadowBane Ind\Desktop\MBR.dat
[2012/08/20 19:58:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/20 19:58:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/20 19:58:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/20 19:58:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/20 19:58:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/19 22:25:36 | 000,000,000 | ---- | C] () -- C:\Users\ShadowBane Ind\defogger_reenable
[2012/08/19 20:48:54 | 000,000,316 | ---- | C] () -- C:\Users\ShadowBane Ind\Documents\backup_reg_001.reg
[2012/08/08 09:21:56 | 000,000,959 | ---- | C] () -- C:\Users\ShadowBane Ind\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/08/05 01:39:13 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2012/08/05 01:38:05 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Winter Assault.lnk
[2012/08/05 01:38:05 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\Dawn of War.lnk
[2012/07/20 20:44:23 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/01/18 02:48:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/09 22:14:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/09 22:13:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/09 22:13:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/09/12 11:56:58 | 000,001,264 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/09/05 11:46:15 | 000,011,776 | ---- | C] () -- C:\Users\ShadowBane Ind\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/30 11:28:32 | 000,057,077 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/08/30 11:28:32 | 000,057,077 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/23 23:31:52 | 000,000,680 | ---- | C] () -- C:\Users\ShadowBane Ind\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 PM

Posted 21 August 2012 - 04:57 PM

Hello McCragge

Still have the Google Redirect Virus (should I be reporting this with each post, I am not sure if you are just having me gather log reports or if these programs are actually trying to remove the virus?)

yes always give me status of the computer after you run each tool, some of the tools are trying to fix and some are just scanners

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4  
    [2008/01/18 22:49:12 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\SHADOWBANE IND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\91VSUOLL.DEFAULT\EXTENSIONS\IJJNIUZAWM@IJJNIUZAWM.ORG.XPI
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 McCragge

McCragge
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 21 August 2012 - 10:02 PM

Sorry for the delay Gringo, I was at work.

Anyway, I did as you instructed and so far, it seems to have worked, no Google Redirect Virus. If this indeed removed the virus, how do I keep from getting reinfected since I don't even know how I got infected in the first place?

Here is the log you requested.

+_+_+_+_+_+_+_+

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:0B4227B4 .
C:\Users\ShadowBane Ind\AppData\Roaming\Mozilla\Firefox\Profiles\91vsuoll.default\extensions\ijjniuzawm@ijjniuzawm.org.xpi moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ShadowBane Ind\Desktop\cmd.bat deleted successfully.
C:\Users\ShadowBane Ind\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: ShadowBane Ind
->Java cache emptied: 70830 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: ShadowBane Ind
->Flash cache emptied: 2738 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08212012_193821

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 PM

Posted 22 August 2012 - 07:16 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 McCragge

McCragge
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 22 August 2012 - 12:33 PM

The computer seems to be running ok, Firefox browsers seems to be lagging a bit from time to time, but that code just be my ISP or the websites I go to since it isn't consistent, and it isn't enough of a lag for me to be concerned with really.

Also, still no Google Redirecting, so that is definitely good.

No problems running combofix, although it asked to update which I let it do, I hope that was ok. And here is the log you asked for

+_+_+_+_+_+_+_+

ComboFix 12-08-22.01 - ShadowBane Ind 08/22/2012 10:18:41.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1441 [GMT -7:00]
Running from: c:\users\ShadowBane Ind\Desktop\ComboFix.exe
Command switches used :: c:\users\ShadowBane Ind\Desktop\CFScript.txt
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-22 17:23 . 2012-08-22 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-22 02:38 . 2012-08-22 02:38 -------- d-----w- C:\_OTL
2012-08-18 17:47 . 2012-08-18 17:47 -------- d-----w- c:\windows\en
2012-08-18 17:44 . 2012-08-18 17:44 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-18 17:37 . 2012-08-18 17:37 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\2756eb281cd7d6801\DXSETUP.exe
2012-08-18 17:37 . 2012-08-18 17:37 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\2756eb281cd7d6801\dsetup32.dll
2012-08-18 17:37 . 2012-08-18 17:37 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\2756eb281cd7d6801\DSETUP.dll
2012-08-16 10:01 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 03:40 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 03:08 . 2012-08-15 03:08 -------- d-----w- c:\program files\Common Files\Java
2012-08-15 03:08 . 2012-08-15 03:07 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-08 16:23 . 2012-08-08 16:25 -------- d-----w- c:\users\ShadowBane Ind\AppData\Roaming\AVG
2012-08-08 10:36 . 2012-08-08 10:36 -------- d-----w- C:\$AVG
2012-08-05 08:39 . 2012-08-05 08:39 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2012-08-05 08:27 . 2012-08-05 08:27 -------- d-----w- c:\program files\THQ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 16:07 . 2012-04-03 20:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 16:07 . 2011-10-16 16:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 03:07 . 2010-10-14 06:15 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-05 16:47 . 2012-07-11 05:46 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 05:46 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 05:46 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 12:05 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 12:06 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 12:06 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:05 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 12:05 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 12:06 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 12:06 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 12:05 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-21 12:05 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 00:04 . 2012-07-11 05:46 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 05:46 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-19 02:38 . 2012-05-13 15:24 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-05 1353080]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"Download"="c:\users\ShadowBane Ind\AppData\Local\SupportSoft\ddoctorv2\ShadowBane Ind\SSGet.exe" [2012-01-11 987648]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:07]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\ShadowBane Ind\AppData\Roaming\Mozilla\Firefox\Profiles\91vsuoll.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-22 10:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-22 10:25:25
ComboFix-quarantined-files.txt 2012-08-22 17:25
ComboFix2.txt 2012-08-21 03:06
.
Pre-Run: 94,398,844,928 bytes free
Post-Run: 94,549,512,192 bytes free
.
- - End Of File - - 4FBECFD019D0658C7DFAFB07B3494393

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 PM

Posted 22 August 2012 - 12:51 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 31 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 McCragge

McCragge
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 22 August 2012 - 10:14 PM

Still no google redirect virus, which is really great :)

Also the computer seems to be running much faster now. Surfing the web seems a lot more responsive.

Here are the logs you asked for.

First MBAM, then Hijackthis

+_+_+_+_+_+_+_+

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.23.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
ShadowBane Ind :: WIFEII [administrator]

Protection: Enabled

8/22/2012 7:51:30 PM
mbam-log-2012-08-22 (19-51-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187814
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


+_+_+_+_+_+_+_+



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:00:02 PM, on 8/22/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG2012\avgcfgex.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\notepad.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Users\ShadowBane Ind\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ShadowBane Ind\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [Download] "C:\Users\ShadowBane Ind\AppData\Local\SupportSoft\ddoctorv2\ShadowBane Ind\SSGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7786 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 PM

Posted 22 August 2012 - 10:20 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
      O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
      O4 - HKCU\..\Run: [Download] "C:\Users\ShadowBane Ind\AppData\Local\SupportSoft\ddoctorv2\ShadowBane Ind\SSGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 PM

Posted 22 August 2012 - 10:21 PM

double post



gringo

Edited by gringo_pr, 22 August 2012 - 10:22 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users