Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Crypt.XPACK.Gen2 and more


  • This topic is locked This topic is locked
17 replies to this topic

#1 CypherPhilter

CypherPhilter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 09 September 2012 - 12:59 PM

Thank you in advance to whom ever takes this case, I think it's a doosey but I hope I'm wrong on that assumption! My computers infection happened on 8/21 to my knowledge. I was surfing along then a mass of extra windows began to pour in. It locked my screen to a randsomware's advisory with payment instructions and even my webcam on and recording. It instantly began taking over my systems security's, even locking me out of taskmanager. I quickly regained access and began my virus scans(AVG & webroot). Neither ever encountered locked files before but this time AVG had almost 450 items it could not view. In panic I did sys recover and reset to 5 days earlier. I have slowly been trying to regain access to locked files & folders by restoring administrator rights to files and folders one at a time. Every so often as I unlock files AVG's realtime scanner picks up viral files.
4 thus far:
script/exploit.kit in F5F9Dd01
Trojan horse Cryptic.EGJ in Load_49[1].exe
IDP.Trojan.797EAD58 in wpbt0.dll
"Unknown" in rpcnetp.exe <- False positive? I have absolute software but thought that file is not implemented till lo-jack is set...

Still thinking the computer is at risk I downloaded more antivirus scanners, Avira and Clam AV (Immunet). Avira does not detect anything in the scan (67 hidden objects though), but while the scan is running the realtime scanner keeps picking up activity and quite a bit at that. It picks up the signs of 3 virus across various files and can not capture them.
they are:
TR/Crypt.XPACK.Gen (in Clam Av\temp files)
TR/Crypt.XPACK.Gen2 (In non existant win\temp files)
HTML/ExpKit.Gen2 (In Clam AV\temp\javascript files)

Here is the DSS logs, GMER log and aswMBR log, if any of the AV scan logs are needed I can send them too.

Thank you

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dave at 20:36:47 on 2012-09-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1652 [GMT -4:00]
.
AV: Immunet 3.0 *Enabled/Updated* {065276D9-6EBF-968C-B5ED-7B8B1DCF4059}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Immunet\3.0.6\agent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Drafix\PRO Landscape\PRO Landscape Dashboard.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Immunet\3.0.6\iptray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [PRO Landscape Dashboard] C:\Program Files (x86)\Drafix\PRO Landscape\PRO Landscape Dashboard.exe /hide
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -update plugin
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Immunet Protect] "C:\Program Files\Immunet\3.0.6\iptray.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{11D03065-F473-41BF-87B0-1CDB2ADA64F7} : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{11D03065-F473-41BF-87B0-1CDB2ADA64F7}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{11D03065-F473-41BF-87B0-1CDB2ADA64F7}\441445144495E454 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{11D03065-F473-41BF-87B0-1CDB2ADA64F7}\C616572733E69636D27657563747 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{11D03065-F473-41BF-87B0-1CDB2ADA64F7}\C696E6B6379737 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{11D03065-F473-41BF-87B0-1CDB2ADA64F7}\E4544574541425 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Immunet Protect] "C:\Program Files\Immunet\3.0.6\iptray.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\2k6h8u8e.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\system32\DRIVERS\ImmunetProtect.sys --> C:\Windows\system32\DRIVERS\ImmunetProtect.sys [?]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys --> C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-5-10 10920]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-9-5 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-9-5 110032]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-1 13336]
R2 ImmunetProtect;Immunet 3.0;C:\Program Files\Immunet\3.0.6\agent.exe [2012-9-2 446904]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-1 1692480]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-1 2320920]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-1-15 712040]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-1 89600]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-29 129976]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-09-05 16:59:49 -------- d-----w- C:\Users\Dave\AppData\Roaming\Avira
2012-09-05 16:54:00 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-09-05 16:54:00 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-09-05 16:53:54 -------- d-----w- C:\ProgramData\Avira
2012-09-05 16:53:54 -------- d-----w- C:\Program Files (x86)\Avira
2012-09-02 21:09:29 -------- d-----w- C:\Users\Dave\AppData\Local\ElevatedDiagnostics
2012-09-02 17:06:24 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2012-09-02 17:05:45 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-09-02 10:27:37 -------- d-----w- C:\Users\Dave\AppData\Local\Immunet
2012-09-02 10:27:36 -------- d-----w- C:\ProgramData\Immunet
2012-09-02 10:26:58 32584 ----a-w- C:\Windows\System32\drivers\ImmunetSelfProtect.sys
2012-09-02 10:26:56 57160 ----a-w- C:\Windows\System32\drivers\ImmunetProtect.sys
2012-09-02 10:26:53 284232 ----a-w- C:\Windows\System32\drivers\Trufos.sys
2012-09-02 10:26:48 -------- d-----w- C:\Program Files\Immunet
2012-08-23 23:21:11 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-23 23:16:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-08-23 23:16:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-08-23 23:16:59 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-08-23 23:16:59 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-08-23 22:51:01 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
.
==================== Find3M ====================
.
2012-09-06 15:52:56 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2012-09-02 17:08:55 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe
2012-09-02 17:08:50 58288 ------w- C:\Windows\SysWow64\rpcnet.exe
2012-09-02 17:05:45 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2012-08-28 06:29:18 149688 ----a-w- C:\Windows\SysWow64\WRusr.dll
2012-08-28 06:29:18 110096 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2012-08-28 06:29:18 102832 ----a-w- C:\Windows\System32\WRusr.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-07 04:58:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-07 04:58:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-13 06:50:52 0 ----a-w- C:\Windows\SysWow64\SET47AA.tmp
.
============= FINISH: 20:43:52.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:07 PM

Posted 09 September 2012 - 01:04 PM

Greetings and Welcome to The Forums!!


My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:


AV: Immunet 3.0
AV: AVG Anti-Virus Free Edition 2012
AV: Avira Desktop
AV: Webroot SecureAnywhere


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 CypherPhilter

CypherPhilter
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 09 September 2012 - 05:43 PM

Sorry about the attachments. Down to just Avira for VS. Uninstalled Webroot but it still pops up in the sys tray. Requested scans completed without a hitch and listed below.

Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.3.300.262 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



ComboFix 12-09-09.02 - Dave 09/09/2012 18:14:51.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2178 [GMT -4:00]
Running from: c:\users\Dave\Downloads\AV Help\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
c:\programdata\PCDr\6032\AddOnDownloaded\0d03215e-4c16-4ea7-b7d7-805a2556effc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll
c:\programdata\PCDr\6032\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\116e5d12-0d05-4993-954c-85b013aaf3cb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll
c:\programdata\PCDr\6032\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6032\AddOnDownloaded\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\6032\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6032\AddOnDownloaded\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2ee79d71-badc-46b4-b731-42b15f3cd1c3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3a79f062-8f3e-464f-9815-2c45840494ee.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3e4c86d5-a5c1-4c3f-8fc7-6258992b16c5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\44ddba62-3b58-480f-a775-ae7e9dd9d5df.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5e1c102f-bfde-420c-87c0-64fe851888e5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7014e871-cc3b-4dec-b82b-bc70222b40ed.dll
c:\programdata\PCDr\6032\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a4930af9-016c-4915-a740-a3364e7618aa.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b2ed8d53-41ce-48e6-b4ac-8b8e5e1a4fdf.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cf3463d8-8828-4f50-98c8-d04ca1fe42f3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e9bb45d9-5a2b-47e8-9c48-168276d422cc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f80d4ad1-1fad-43b5-b6f3-347848b5ddd5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\{08E634EA-9111-4A3A-B03B-C6EA23F9ECC6}.xps
c:\users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\{129A5567-F239-4705-825C-F055057CC08E}.xps
c:\users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\{17C66FF9-8AD1-445D-B830-7F15D1A17959}.xps
c:\users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1C04FD51-5812-4CF8-8F56-F40C1FCE9D54}.xps
c:\users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2A3105AE-377E-41CA-9188-33BD15F69F3E}.xps
c:\users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63A4FD20-88E4-4FD6-BD90-EFB66A0B8833}.xps
c:\users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\{74EA6EC8-D33D-477D-9969-F8922F5E343F}.xps
c:\users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E4799448-340C-4FD3-A88C-864BF118C04F}.xps
c:\users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F578CFFE-C284-45FA-8F25-0071F363D732}.xps
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 22:23 . 2012-09-09 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 22:18 . 2012-09-09 22:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C2540BA-DA2B-43A6-8D08-7D3194134181}\offreg.dll
2012-09-09 21:49 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C2540BA-DA2B-43A6-8D08-7D3194134181}\mpengine.dll
2012-09-08 19:16 . 2012-09-08 19:18 -------- d-----w- C:\4b7c77f36bf1771e749338eb
2012-09-05 17:29 . 2012-09-05 17:29 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-05 16:59 . 2012-09-05 16:59 -------- d-----w- c:\users\Dave\AppData\Roaming\Avira
2012-09-05 16:54 . 2012-09-09 19:17 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-05 16:54 . 2012-09-09 19:17 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-05 16:54 . 2011-09-16 20:09 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-05 16:53 . 2012-09-05 16:53 -------- d-----w- c:\programdata\Avira
2012-09-05 16:53 . 2012-09-05 16:53 -------- d-----w- c:\program files (x86)\Avira
2012-09-02 21:09 . 2012-09-02 21:09 -------- d-----w- c:\users\Dave\AppData\Local\ElevatedDiagnostics
2012-09-02 17:06 . 2012-09-02 17:06 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-09-02 17:05 . 2012-09-09 22:05 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-09-02 10:27 . 2012-09-02 10:27 -------- d-----w- c:\users\Dave\AppData\Local\Immunet
2012-09-02 10:27 . 2012-09-09 18:53 -------- d-----w- c:\programdata\Immunet
2012-09-02 10:26 . 2012-09-09 18:53 -------- dc----w- c:\windows\system32\DRVSTORE
2012-09-02 10:26 . 2012-09-09 18:53 -------- d-----w- c:\program files\Immunet
2012-08-23 23:21 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-23 23:16 . 2012-06-29 03:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-08-23 23:16 . 2012-06-29 03:50 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-08-23 23:16 . 2012-06-29 00:10 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-08-23 23:16 . 2012-06-29 00:10 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-08-23 23:16 . 2012-06-29 04:55 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-08-23 23:16 . 2012-06-29 04:09 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-23 22:51 . 2012-08-23 22:51 -------- d-----w- c:\programdata\PC-Doctor for Windows
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 22:05 . 2011-12-26 22:19 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-09-02 17:08 . 2012-06-08 09:24 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2012-09-02 17:08 . 2011-12-26 22:19 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2012-09-02 17:05 . 2011-12-29 08:35 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-08-03 08:27 . 2011-12-28 18:45 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-07 04:58 . 2012-05-03 04:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-07 04:58 . 2012-01-11 00:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 06:50 . 2012-06-13 06:50 0 ----a-w- c:\windows\SysWow64\SET47AA.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRO Landscape Dashboard"="c:\program files (x86)\Drafix\PRO Landscape\PRO Landscape Dashboard.exe" [2005-12-27 3596288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-08-28 712040]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-09 348664]
.
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
2;2 WRSVC;WRSVC [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-29 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-02 250984]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-17 325152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-27 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-09 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-05-10 10920]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-09 86224]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-03 20984]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-30 53800]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-30 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 289280]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-08-23 05:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\2k6h8u8e.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-09 18:26:27
ComboFix-quarantined-files.txt 2012-09-09 22:26
.
Pre-Run: 345,482,600,448 bytes free
Post-Run: 345,663,623,168 bytes free
.
- - End Of File - - 55FE11C67640792AAFD1A81ECCACF7F6

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:07 PM

Posted 09 September 2012 - 06:06 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 CypherPhilter

CypherPhilter
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 09 September 2012 - 10:10 PM

Thank you for the quick responses! The system is running faster and smoother. Still not absolute if we're there or not just yet. The 2 concerns that may just be nothing, or another subject matter other than this one. There are 14 svchost.exe running in task manager, one of which is using 200k in sys mem. The other is that even after uninstalling Webroot, there are 3 active WRSA.exe process running. Other than that, the TDSSKiller ran and was clean. That and the aswMBR logs are listed below.

22:31:44.0704 5956 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:31:45.0044 5956 ============================================================
22:31:45.0044 5956 Current date / time: 2012/09/09 22:31:45.0044
22:31:45.0044 5956 SystemInfo:
22:31:45.0044 5956
22:31:45.0044 5956 OS Version: 6.1.7601 ServicePack: 1.0
22:31:45.0044 5956 Product type: Workstation
22:31:45.0044 5956 ComputerName: F1MCLAREN
22:31:45.0044 5956 UserName: Dave
22:31:45.0044 5956 Windows directory: C:\Windows
22:31:45.0044 5956 System windows directory: C:\Windows
22:31:45.0044 5956 Running under WOW64
22:31:45.0044 5956 Processor architecture: Intel x64
22:31:45.0044 5956 Number of processors: 4
22:31:45.0044 5956 Page size: 0x1000
22:31:45.0044 5956 Boot type: Normal boot
22:31:45.0044 5956 ============================================================
22:31:45.0674 5956 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:31:45.0694 5956 ============================================================
22:31:45.0694 5956 \Device\Harddisk0\DR0:
22:31:45.0694 5956 MBR partitions:
22:31:45.0694 5956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
22:31:45.0694 5956 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
22:31:45.0694 5956 ============================================================
22:31:45.0714 5956 C: <-> \Device\Harddisk0\DR0\Partition2
22:31:45.0754 5956 ============================================================
22:31:45.0754 5956 Initialize success
22:31:45.0754 5956 ============================================================
22:32:18.0494 1296 ============================================================
22:32:18.0494 1296 Scan started
22:32:18.0494 1296 Mode: Manual;
22:32:18.0494 1296 ============================================================
22:32:18.0874 1296 ================ Scan system memory ========================
22:32:18.0874 1296 System memory - ok
22:32:18.0874 1296 ================ Scan services =============================
22:32:19.0044 1296 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:32:19.0044 1296 1394ohci - ok
22:32:19.0104 1296 [ 28D79AAA4E1C15577A86F930E8DA5E50 ] AbsoluteNotifier C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
22:32:19.0104 1296 AbsoluteNotifier - ok
22:32:19.0134 1296 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:32:19.0134 1296 ACPI - ok
22:32:19.0154 1296 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:32:19.0154 1296 AcpiPmi - ok
22:32:19.0184 1296 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:32:19.0184 1296 adp94xx - ok
22:32:19.0224 1296 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:32:19.0224 1296 adpahci - ok
22:32:19.0244 1296 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:32:19.0244 1296 adpu320 - ok
22:32:19.0284 1296 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:32:19.0284 1296 AeLookupSvc - ok
22:32:19.0394 1296 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
22:32:19.0394 1296 AESTFilters - ok
22:32:19.0444 1296 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:32:19.0454 1296 AFD - ok
22:32:19.0494 1296 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:32:19.0494 1296 agp440 - ok
22:32:19.0524 1296 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:32:19.0524 1296 ALG - ok
22:32:19.0544 1296 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:32:19.0544 1296 aliide - ok
22:32:19.0554 1296 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:32:19.0554 1296 amdide - ok
22:32:19.0594 1296 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:32:19.0594 1296 AmdK8 - ok
22:32:19.0614 1296 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:32:19.0614 1296 AmdPPM - ok
22:32:19.0644 1296 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:32:19.0654 1296 amdsata - ok
22:32:19.0674 1296 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:32:19.0674 1296 amdsbs - ok
22:32:19.0694 1296 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:32:19.0694 1296 amdxata - ok
22:32:19.0774 1296 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:32:19.0774 1296 AntiVirSchedulerService - ok
22:32:19.0804 1296 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:32:19.0804 1296 AntiVirService - ok
22:32:19.0834 1296 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:32:19.0834 1296 AppID - ok
22:32:19.0864 1296 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:32:19.0864 1296 AppIDSvc - ok
22:32:19.0884 1296 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:32:19.0884 1296 Appinfo - ok
22:32:19.0944 1296 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:32:19.0944 1296 arc - ok
22:32:19.0954 1296 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:32:19.0954 1296 arcsas - ok
22:32:19.0974 1296 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:32:19.0974 1296 AsyncMac - ok
22:32:20.0004 1296 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:32:20.0004 1296 atapi - ok
22:32:20.0044 1296 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:32:20.0054 1296 AudioEndpointBuilder - ok
22:32:20.0064 1296 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:32:20.0064 1296 AudioSrv - ok
22:32:20.0134 1296 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:32:20.0134 1296 avgntflt - ok
22:32:20.0164 1296 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:32:20.0164 1296 avipbb - ok
22:32:20.0174 1296 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:32:20.0174 1296 avkmgr - ok
22:32:20.0234 1296 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:32:20.0234 1296 AxInstSV - ok
22:32:20.0274 1296 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:32:20.0284 1296 b06bdrv - ok
22:32:20.0314 1296 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:32:20.0314 1296 b57nd60a - ok
22:32:20.0354 1296 [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
22:32:20.0354 1296 BCM42RLY - ok
22:32:20.0424 1296 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
22:32:20.0494 1296 BCM43XX - ok
22:32:20.0574 1296 [ 2E552B658273B90251E0441631DE2CA3 ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
22:32:20.0584 1296 BcmSqlStartupSvc - ok
22:32:20.0614 1296 [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys
22:32:20.0614 1296 BcmVWL - ok
22:32:20.0634 1296 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:32:20.0634 1296 BDESVC - ok
22:32:20.0674 1296 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:32:20.0674 1296 Beep - ok
22:32:20.0724 1296 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:32:20.0734 1296 BFE - ok
22:32:20.0754 1296 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:32:20.0784 1296 BITS - ok
22:32:20.0804 1296 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:32:20.0804 1296 blbdrive - ok
22:32:20.0844 1296 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:32:20.0844 1296 bowser - ok
22:32:20.0854 1296 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:32:20.0854 1296 BrFiltLo - ok
22:32:20.0864 1296 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:32:20.0864 1296 BrFiltUp - ok
22:32:20.0924 1296 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:32:20.0924 1296 BridgeMP - ok
22:32:20.0954 1296 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:32:20.0954 1296 Browser - ok
22:32:20.0994 1296 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:32:21.0004 1296 Brserid - ok
22:32:21.0024 1296 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:32:21.0024 1296 BrSerWdm - ok
22:32:21.0044 1296 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:32:21.0044 1296 BrUsbMdm - ok
22:32:21.0054 1296 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:32:21.0054 1296 BrUsbSer - ok
22:32:21.0084 1296 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:32:21.0084 1296 BthEnum - ok
22:32:21.0094 1296 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:32:21.0104 1296 BTHMODEM - ok
22:32:21.0114 1296 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:32:21.0114 1296 BthPan - ok
22:32:21.0154 1296 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:32:21.0154 1296 BTHPORT - ok
22:32:21.0194 1296 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:32:21.0194 1296 bthserv - ok
22:32:21.0214 1296 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:32:21.0214 1296 BTHUSB - ok
22:32:21.0254 1296 [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
22:32:21.0254 1296 btusbflt - ok
22:32:21.0284 1296 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
22:32:21.0294 1296 btwaudio - ok
22:32:21.0304 1296 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
22:32:21.0314 1296 btwavdt - ok
22:32:21.0374 1296 [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:32:21.0394 1296 btwdins - ok
22:32:21.0404 1296 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
22:32:21.0414 1296 btwl2cap - ok
22:32:21.0424 1296 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
22:32:21.0424 1296 btwrchid - ok
22:32:21.0464 1296 catchme - ok
22:32:21.0494 1296 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:32:21.0494 1296 cdfs - ok
22:32:21.0534 1296 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:32:21.0534 1296 cdrom - ok
22:32:21.0564 1296 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:32:21.0564 1296 CertPropSvc - ok
22:32:21.0584 1296 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:32:21.0584 1296 circlass - ok
22:32:21.0614 1296 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:32:21.0614 1296 CLFS - ok
22:32:21.0674 1296 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:32:21.0684 1296 clr_optimization_v2.0.50727_32 - ok
22:32:21.0714 1296 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:32:21.0714 1296 clr_optimization_v2.0.50727_64 - ok
22:32:21.0784 1296 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:32:21.0784 1296 clr_optimization_v4.0.30319_32 - ok
22:32:21.0824 1296 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:32:21.0824 1296 clr_optimization_v4.0.30319_64 - ok
22:32:21.0864 1296 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:32:21.0864 1296 CmBatt - ok
22:32:21.0884 1296 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:32:21.0884 1296 cmdide - ok
22:32:21.0924 1296 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:32:21.0934 1296 CNG - ok
22:32:21.0954 1296 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:32:21.0954 1296 Compbatt - ok
22:32:21.0984 1296 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:32:21.0984 1296 CompositeBus - ok
22:32:21.0994 1296 COMSysApp - ok
22:32:22.0014 1296 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:32:22.0014 1296 crcdisk - ok
22:32:22.0064 1296 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:32:22.0074 1296 CryptSvc - ok
22:32:22.0104 1296 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
22:32:22.0104 1296 CtClsFlt - ok
22:32:22.0164 1296 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:32:22.0164 1296 DcomLaunch - ok
22:32:22.0204 1296 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:32:22.0204 1296 defragsvc - ok
22:32:22.0234 1296 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:32:22.0234 1296 DfsC - ok
22:32:22.0284 1296 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:32:22.0284 1296 Dhcp - ok
22:32:22.0314 1296 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:32:22.0314 1296 discache - ok
22:32:22.0374 1296 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:32:22.0374 1296 Disk - ok
22:32:22.0394 1296 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:32:22.0404 1296 Dnscache - ok
22:32:22.0444 1296 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
22:32:22.0444 1296 DockLoginService - ok
22:32:22.0474 1296 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:32:22.0484 1296 dot3svc - ok
22:32:22.0504 1296 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:32:22.0504 1296 DPS - ok
22:32:22.0534 1296 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:32:22.0544 1296 drmkaud - ok
22:32:22.0584 1296 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:32:22.0584 1296 dtsoftbus01 - ok
22:32:22.0614 1296 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:32:22.0644 1296 DXGKrnl - ok
22:32:22.0664 1296 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:32:22.0674 1296 EapHost - ok
22:32:22.0744 1296 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:32:22.0814 1296 ebdrv - ok
22:32:22.0844 1296 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:32:22.0844 1296 EFS - ok
22:32:22.0944 1296 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:32:22.0964 1296 ehRecvr - ok
22:32:22.0994 1296 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:32:22.0994 1296 ehSched - ok
22:32:23.0034 1296 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:32:23.0044 1296 elxstor - ok
22:32:23.0064 1296 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:32:23.0064 1296 ErrDev - ok
22:32:23.0104 1296 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:32:23.0114 1296 EventSystem - ok
22:32:23.0134 1296 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:32:23.0134 1296 exfat - ok
22:32:23.0154 1296 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:32:23.0164 1296 fastfat - ok
22:32:23.0204 1296 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:32:23.0214 1296 Fax - ok
22:32:23.0234 1296 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:32:23.0234 1296 fdc - ok
22:32:23.0254 1296 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:32:23.0254 1296 fdPHost - ok
22:32:23.0274 1296 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:32:23.0274 1296 FDResPub - ok
22:32:23.0284 1296 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:32:23.0284 1296 FileInfo - ok
22:32:23.0304 1296 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:32:23.0304 1296 Filetrace - ok
22:32:23.0314 1296 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:32:23.0314 1296 flpydisk - ok
22:32:23.0344 1296 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:32:23.0354 1296 FltMgr - ok
22:32:23.0394 1296 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:32:23.0424 1296 FontCache - ok
22:32:23.0474 1296 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:32:23.0474 1296 FontCache3.0.0.0 - ok
22:32:23.0494 1296 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:32:23.0494 1296 FsDepends - ok
22:32:23.0524 1296 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:32:23.0524 1296 Fs_Rec - ok
22:32:23.0574 1296 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:32:23.0574 1296 fvevol - ok
22:32:23.0604 1296 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:32:23.0604 1296 gagp30kx - ok
22:32:23.0664 1296 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
22:32:23.0664 1296 GameConsoleService - ok
22:32:23.0704 1296 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
22:32:23.0704 1296 GoToAssist - ok
22:32:23.0754 1296 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:32:23.0764 1296 gpsvc - ok
22:32:23.0794 1296 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:32:23.0794 1296 hcw85cir - ok
22:32:23.0844 1296 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:32:23.0844 1296 HdAudAddService - ok
22:32:23.0864 1296 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:32:23.0864 1296 HDAudBus - ok
22:32:23.0914 1296 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:32:23.0914 1296 HECIx64 - ok
22:32:23.0944 1296 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:32:23.0944 1296 HidBatt - ok
22:32:23.0954 1296 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:32:23.0954 1296 HidBth - ok
22:32:23.0974 1296 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:32:23.0974 1296 HidIr - ok
22:32:23.0994 1296 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:32:23.0994 1296 hidserv - ok
22:32:24.0044 1296 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:32:24.0044 1296 HidUsb - ok
22:32:24.0094 1296 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:32:24.0094 1296 hkmsvc - ok
22:32:24.0124 1296 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:32:24.0134 1296 HomeGroupListener - ok
22:32:24.0154 1296 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:32:24.0154 1296 HomeGroupProvider - ok
22:32:24.0194 1296 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:32:24.0194 1296 HpSAMD - ok
22:32:24.0244 1296 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:32:24.0254 1296 HTTP - ok
22:32:24.0294 1296 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:32:24.0294 1296 hwpolicy - ok
22:32:24.0334 1296 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:32:24.0334 1296 i8042prt - ok
22:32:24.0494 1296 [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:32:24.0494 1296 iaStor - ok
22:32:24.0664 1296 [ A9BE186ABF28B3D3D698CB855EDF457E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:32:24.0674 1296 IAStorDataMgrSvc - ok
22:32:24.0734 1296 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:32:24.0734 1296 iaStorV - ok
22:32:24.0784 1296 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:32:24.0814 1296 idsvc - ok
22:32:25.0074 1296 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:32:25.0314 1296 igfx - ok
22:32:25.0354 1296 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:32:25.0354 1296 iirsp - ok
22:32:25.0394 1296 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:32:25.0414 1296 IKEEXT - ok
22:32:25.0444 1296 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
22:32:25.0444 1296 Impcd - ok
22:32:25.0484 1296 [ C6C1F19205DA83C801BE7C25F4E2EE07 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:32:25.0484 1296 IntcDAud - ok
22:32:25.0504 1296 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:32:25.0504 1296 intelide - ok
22:32:25.0544 1296 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:32:25.0544 1296 intelppm - ok
22:32:25.0574 1296 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:32:25.0574 1296 IPBusEnum - ok
22:32:25.0594 1296 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:32:25.0594 1296 IpFilterDriver - ok
22:32:25.0634 1296 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:32:25.0644 1296 iphlpsvc - ok
22:32:25.0664 1296 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:32:25.0664 1296 IPMIDRV - ok
22:32:25.0724 1296 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:32:25.0724 1296 IPNAT - ok
22:32:25.0744 1296 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:32:25.0744 1296 IRENUM - ok
22:32:25.0774 1296 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:32:25.0774 1296 isapnp - ok
22:32:25.0804 1296 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:32:25.0804 1296 iScsiPrt - ok
22:32:25.0824 1296 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:32:25.0824 1296 kbdclass - ok
22:32:25.0854 1296 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:32:25.0854 1296 kbdhid - ok
22:32:25.0874 1296 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:32:25.0874 1296 KeyIso - ok
22:32:25.0904 1296 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:32:25.0904 1296 KSecDD - ok
22:32:25.0944 1296 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:32:25.0944 1296 KSecPkg - ok
22:32:25.0964 1296 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:32:25.0964 1296 ksthunk - ok
22:32:25.0984 1296 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:32:25.0984 1296 KtmRm - ok
22:32:26.0024 1296 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:32:26.0024 1296 LanmanServer - ok
22:32:26.0044 1296 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:32:26.0054 1296 LanmanWorkstation - ok
22:32:26.0094 1296 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:32:26.0094 1296 lltdio - ok
22:32:26.0134 1296 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:32:26.0144 1296 lltdsvc - ok
22:32:26.0154 1296 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:32:26.0154 1296 lmhosts - ok
22:32:26.0194 1296 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:32:26.0204 1296 LMS - ok
22:32:26.0244 1296 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:32:26.0244 1296 LSI_FC - ok
22:32:26.0264 1296 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:32:26.0264 1296 LSI_SAS - ok
22:32:26.0284 1296 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:32:26.0284 1296 LSI_SAS2 - ok
22:32:26.0304 1296 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:32:26.0304 1296 LSI_SCSI - ok
22:32:26.0324 1296 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:32:26.0324 1296 luafv - ok
22:32:26.0354 1296 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:32:26.0354 1296 Mcx2Svc - ok
22:32:26.0364 1296 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:32:26.0364 1296 megasas - ok
22:32:26.0394 1296 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:32:26.0394 1296 MegaSR - ok
22:32:26.0454 1296 Microsoft SharePoint Workspace Audit Service - ok
22:32:26.0484 1296 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:32:26.0484 1296 MMCSS - ok
22:32:26.0504 1296 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:32:26.0504 1296 Modem - ok
22:32:26.0534 1296 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:32:26.0534 1296 monitor - ok
22:32:26.0564 1296 motmodem - ok
22:32:26.0594 1296 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:32:26.0594 1296 mouclass - ok
22:32:26.0614 1296 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:32:26.0614 1296 mouhid - ok
22:32:26.0634 1296 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:32:26.0634 1296 mountmgr - ok
22:32:26.0724 1296 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:32:26.0724 1296 MozillaMaintenance - ok
22:32:26.0744 1296 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:32:26.0744 1296 mpio - ok
22:32:26.0764 1296 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:32:26.0764 1296 mpsdrv - ok
22:32:26.0794 1296 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:32:26.0814 1296 MpsSvc - ok
22:32:26.0834 1296 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:32:26.0834 1296 MRxDAV - ok
22:32:26.0864 1296 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:32:26.0864 1296 mrxsmb - ok
22:32:26.0884 1296 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:32:26.0884 1296 mrxsmb10 - ok
22:32:26.0894 1296 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:32:26.0894 1296 mrxsmb20 - ok
22:32:26.0934 1296 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:32:26.0934 1296 msahci - ok
22:32:26.0954 1296 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:32:26.0954 1296 msdsm - ok
22:32:26.0974 1296 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:32:26.0974 1296 MSDTC - ok
22:32:27.0014 1296 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:32:27.0014 1296 Msfs - ok
22:32:27.0024 1296 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:32:27.0034 1296 mshidkmdf - ok
22:32:27.0064 1296 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:32:27.0064 1296 msisadrv - ok
22:32:27.0084 1296 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:32:27.0084 1296 MSiSCSI - ok
22:32:27.0084 1296 msiserver - ok
22:32:27.0104 1296 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:32:27.0104 1296 MSKSSRV - ok
22:32:27.0134 1296 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:32:27.0134 1296 MSPCLOCK - ok
22:32:27.0144 1296 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:32:27.0144 1296 MSPQM - ok
22:32:27.0174 1296 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:32:27.0184 1296 MsRPC - ok
22:32:27.0194 1296 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:32:27.0194 1296 mssmbios - ok
22:32:27.0254 1296 MSSQL$MSSMLBIZ - ok
22:32:27.0324 1296 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:32:27.0324 1296 MSSQLServerADHelper100 - ok
22:32:27.0354 1296 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:32:27.0354 1296 MSTEE - ok
22:32:27.0374 1296 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:32:27.0374 1296 MTConfig - ok
22:32:27.0404 1296 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:32:27.0404 1296 Mup - ok
22:32:27.0434 1296 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:32:27.0444 1296 napagent - ok
22:32:27.0484 1296 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:32:27.0484 1296 NativeWifiP - ok
22:32:27.0524 1296 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:32:27.0544 1296 NDIS - ok
22:32:27.0554 1296 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:32:27.0554 1296 NdisCap - ok
22:32:27.0594 1296 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:32:27.0594 1296 NdisTapi - ok
22:32:27.0624 1296 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:32:27.0624 1296 Ndisuio - ok
22:32:27.0654 1296 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:32:27.0654 1296 NdisWan - ok
22:32:27.0684 1296 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:32:27.0684 1296 NDProxy - ok
22:32:27.0714 1296 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:32:27.0714 1296 NetBIOS - ok
22:32:27.0744 1296 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:32:27.0744 1296 NetBT - ok
22:32:27.0754 1296 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:32:27.0754 1296 Netlogon - ok
22:32:27.0804 1296 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:32:27.0804 1296 Netman - ok
22:32:27.0834 1296 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:32:27.0854 1296 netprofm - ok
22:32:27.0874 1296 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:32:27.0874 1296 NetTcpPortSharing - ok
22:32:27.0904 1296 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:32:27.0904 1296 nfrd960 - ok
22:32:27.0954 1296 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:32:27.0954 1296 NlaSvc - ok
22:32:27.0964 1296 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:32:27.0974 1296 Npfs - ok
22:32:27.0994 1296 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:32:27.0994 1296 nsi - ok
22:32:28.0014 1296 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:32:28.0014 1296 nsiproxy - ok
22:32:28.0074 1296 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:32:28.0114 1296 Ntfs - ok
22:32:28.0134 1296 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:32:28.0134 1296 Null - ok
22:32:28.0164 1296 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:32:28.0164 1296 nvraid - ok
22:32:28.0224 1296 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:32:28.0224 1296 nvstor - ok
22:32:28.0254 1296 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:32:28.0254 1296 nv_agp - ok
22:32:28.0284 1296 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:32:28.0284 1296 ohci1394 - ok
22:32:28.0354 1296 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:32:28.0354 1296 ose - ok
22:32:28.0494 1296 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:32:28.0614 1296 osppsvc - ok
22:32:28.0654 1296 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:32:28.0654 1296 p2pimsvc - ok
22:32:28.0684 1296 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:32:28.0694 1296 p2psvc - ok
22:32:28.0724 1296 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:32:28.0724 1296 Parport - ok
22:32:28.0754 1296 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:32:28.0754 1296 partmgr - ok
22:32:28.0774 1296 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:32:28.0774 1296 PcaSvc - ok
22:32:28.0804 1296 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:32:28.0804 1296 pci - ok
22:32:28.0824 1296 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:32:28.0824 1296 pciide - ok
22:32:28.0854 1296 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:32:28.0854 1296 pcmcia - ok
22:32:28.0874 1296 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:32:28.0874 1296 pcw - ok
22:32:28.0894 1296 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:32:28.0894 1296 PEAUTH - ok
22:32:28.0964 1296 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:32:28.0964 1296 PerfHost - ok
22:32:29.0024 1296 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:32:29.0054 1296 pla - ok
22:32:29.0094 1296 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:32:29.0094 1296 PlugPlay - ok
22:32:29.0124 1296 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:32:29.0124 1296 PNRPAutoReg - ok
22:32:29.0144 1296 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:32:29.0144 1296 PNRPsvc - ok
22:32:29.0184 1296 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:32:29.0194 1296 PolicyAgent - ok
22:32:29.0224 1296 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:32:29.0224 1296 Power - ok
22:32:29.0254 1296 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:32:29.0254 1296 PptpMiniport - ok
22:32:29.0284 1296 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:32:29.0284 1296 Processor - ok
22:32:29.0324 1296 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:32:29.0324 1296 ProfSvc - ok
22:32:29.0334 1296 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:32:29.0344 1296 ProtectedStorage - ok
22:32:29.0364 1296 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:32:29.0364 1296 Psched - ok
22:32:29.0394 1296 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:32:29.0394 1296 PxHlpa64 - ok
22:32:29.0434 1296 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:32:29.0474 1296 ql2300 - ok
22:32:29.0494 1296 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:32:29.0494 1296 ql40xx - ok
22:32:29.0524 1296 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:32:29.0524 1296 QWAVE - ok
22:32:29.0534 1296 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:32:29.0544 1296 QWAVEdrv - ok
22:32:29.0554 1296 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:32:29.0554 1296 RasAcd - ok
22:32:29.0584 1296 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:32:29.0584 1296 RasAgileVpn - ok
22:32:29.0604 1296 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:32:29.0604 1296 RasAuto - ok
22:32:29.0634 1296 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:32:29.0634 1296 Rasl2tp - ok
22:32:29.0674 1296 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:32:29.0684 1296 RasMan - ok
22:32:29.0704 1296 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:32:29.0714 1296 RasPppoe - ok
22:32:29.0724 1296 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:32:29.0724 1296 RasSstp - ok
22:32:29.0744 1296 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:32:29.0754 1296 rdbss - ok
22:32:29.0774 1296 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:32:29.0774 1296 rdpbus - ok
22:32:29.0784 1296 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:32:29.0784 1296 RDPCDD - ok
22:32:29.0804 1296 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:32:29.0804 1296 RDPENCDD - ok
22:32:29.0804 1296 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:32:29.0804 1296 RDPREFMP - ok
22:32:29.0844 1296 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:32:29.0854 1296 RDPWD - ok
22:32:29.0884 1296 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:32:29.0884 1296 rdyboost - ok
22:32:29.0934 1296 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:32:29.0934 1296 RemoteAccess - ok
22:32:29.0954 1296 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:32:29.0954 1296 RemoteRegistry - ok
22:32:29.0974 1296 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:32:29.0974 1296 RFCOMM - ok
22:32:29.0994 1296 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:32:29.0994 1296 RpcEptMapper - ok
22:32:30.0014 1296 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:32:30.0014 1296 RpcLocator - ok
22:32:30.0044 1296 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\Windows\SysWOW64\rpcnet.exe
22:32:30.0044 1296 rpcnet - ok
22:32:30.0084 1296 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:32:30.0084 1296 RpcSs - ok
22:32:30.0114 1296 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:32:30.0114 1296 rspndr - ok
22:32:30.0164 1296 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
22:32:30.0164 1296 RSUSBSTOR - ok
22:32:30.0204 1296 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:32:30.0204 1296 RTL8167 - ok
22:32:30.0224 1296 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:32:30.0224 1296 SamSs - ok
22:32:30.0254 1296 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:32:30.0254 1296 sbp2port - ok
22:32:30.0284 1296 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:32:30.0284 1296 SCardSvr - ok
22:32:30.0314 1296 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:32:30.0314 1296 scfilter - ok
22:32:30.0354 1296 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:32:30.0384 1296 Schedule - ok
22:32:30.0404 1296 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:32:30.0404 1296 SCPolicySvc - ok
22:32:30.0424 1296 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:32:30.0424 1296 SDRSVC - ok
22:32:30.0474 1296 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:32:30.0484 1296 SeaPort - ok
22:32:30.0504 1296 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:32:30.0514 1296 secdrv - ok
22:32:30.0534 1296 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:32:30.0534 1296 seclogon - ok
22:32:30.0564 1296 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:32:30.0574 1296 SENS - ok
22:32:30.0584 1296 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:32:30.0584 1296 SensrSvc - ok
22:32:30.0594 1296 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:32:30.0594 1296 Serenum - ok
22:32:30.0624 1296 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:32:30.0634 1296 Serial - ok
22:32:30.0664 1296 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:32:30.0664 1296 sermouse - ok
22:32:30.0694 1296 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:32:30.0694 1296 SessionEnv - ok
22:32:30.0714 1296 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:32:30.0714 1296 sffdisk - ok
22:32:30.0734 1296 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:32:30.0734 1296 sffp_mmc - ok
22:32:30.0734 1296 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:32:30.0734 1296 sffp_sd - ok
22:32:30.0764 1296 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:32:30.0764 1296 sfloppy - ok
22:32:30.0844 1296 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:32:30.0884 1296 SftService - ok
22:32:30.0944 1296 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:32:30.0944 1296 SharedAccess - ok
22:32:30.0974 1296 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:32:30.0974 1296 ShellHWDetection - ok
22:32:31.0014 1296 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:32:31.0014 1296 SiSRaid2 - ok
22:32:31.0034 1296 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:32:31.0034 1296 SiSRaid4 - ok
22:32:31.0084 1296 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:32:31.0094 1296 SkypeUpdate - ok
22:32:31.0114 1296 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:32:31.0114 1296 Smb - ok
22:32:31.0144 1296 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:32:31.0144 1296 SNMPTRAP - ok
22:32:31.0154 1296 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:32:31.0154 1296 spldr - ok
22:32:31.0194 1296 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:32:31.0204 1296 Spooler - ok
22:32:31.0294 1296 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:32:31.0374 1296 sppsvc - ok
22:32:31.0394 1296 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:32:31.0394 1296 sppuinotify - ok
22:32:31.0444 1296 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$MSSMLBIZ C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE
22:32:31.0464 1296 SQLAgent$MSSMLBIZ - ok
22:32:31.0504 1296 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:32:31.0504 1296 SQLBrowser - ok
22:32:31.0574 1296 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:32:31.0574 1296 SQLWriter - ok
22:32:31.0604 1296 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:32:31.0614 1296 srv - ok
22:32:31.0624 1296 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:32:31.0634 1296 srv2 - ok
22:32:31.0654 1296 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:32:31.0654 1296 srvnet - ok
22:32:31.0684 1296 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:32:31.0694 1296 SSDPSRV - ok
22:32:31.0714 1296 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:32:31.0714 1296 SstpSvc - ok
22:32:31.0744 1296 [ 463E33B1EA7AF1E6EB87B66B831DB41A ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
22:32:31.0754 1296 STacSV - ok
22:32:31.0774 1296 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:32:31.0774 1296 stexstor - ok
22:32:31.0824 1296 [ 4304B75094E106FB5423A290C95841E5 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
22:32:31.0834 1296 STHDA - ok
22:32:31.0864 1296 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:32:31.0874 1296 stisvc - ok
22:32:31.0904 1296 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:32:31.0904 1296 swenum - ok
22:32:31.0924 1296 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:32:31.0934 1296 swprv - ok
22:32:31.0974 1296 [ 8A3FBCB3D6D4710730D27DA4392A4863 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:32:31.0984 1296 SynTP - ok
22:32:32.0034 1296 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:32:32.0064 1296 SysMain - ok
22:32:32.0094 1296 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:32:32.0094 1296 TabletInputService - ok
22:32:32.0114 1296 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:32:32.0124 1296 TapiSrv - ok
22:32:32.0154 1296 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:32:32.0154 1296 TBS - ok
22:32:32.0224 1296 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:32:32.0274 1296 Tcpip - ok
22:32:32.0314 1296 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:32:32.0324 1296 TCPIP6 - ok
22:32:32.0344 1296 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:32:32.0344 1296 tcpipreg - ok
22:32:32.0364 1296 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:32:32.0364 1296 TDPIPE - ok
22:32:32.0384 1296 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:32:32.0384 1296 TDTCP - ok
22:32:32.0414 1296 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:32:32.0414 1296 tdx - ok
22:32:32.0434 1296 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:32:32.0434 1296 TermDD - ok
22:32:32.0464 1296 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:32:32.0474 1296 TermService - ok
22:32:32.0484 1296 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:32:32.0494 1296 Themes - ok
22:32:32.0514 1296 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:32:32.0514 1296 THREADORDER - ok
22:32:32.0534 1296 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:32:32.0544 1296 TrkWks - ok
22:32:32.0584 1296 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:32:32.0584 1296 TrustedInstaller - ok
22:32:32.0604 1296 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:32:32.0604 1296 tssecsrv - ok
22:32:32.0674 1296 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:32:32.0674 1296 TsUsbFlt - ok
22:32:32.0724 1296 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:32:32.0724 1296 tunnel - ok
22:32:32.0744 1296 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:32:32.0754 1296 uagp35 - ok
22:32:32.0774 1296 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:32:32.0784 1296 udfs - ok
22:32:32.0824 1296 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:32:32.0824 1296 UI0Detect - ok
22:32:32.0854 1296 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:32:32.0854 1296 uliagpkx - ok
22:32:32.0904 1296 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:32:32.0904 1296 umbus - ok
22:32:32.0934 1296 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:32:32.0934 1296 UmPass - ok
22:32:33.0024 1296 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:32:33.0094 1296 UNS - ok
22:32:33.0124 1296 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:32:33.0124 1296 upnphost - ok
22:32:33.0154 1296 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:32:33.0154 1296 usbccgp - ok
22:32:33.0174 1296 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:32:33.0174 1296 usbcir - ok
22:32:33.0194 1296 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:32:33.0194 1296 usbehci - ok
22:32:33.0224 1296 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:32:33.0224 1296 usbhub - ok
22:32:33.0244 1296 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:32:33.0244 1296 usbohci - ok
22:32:33.0264 1296 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:32:33.0264 1296 usbprint - ok
22:32:33.0304 1296 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:32:33.0304 1296 usbscan - ok
22:32:33.0324 1296 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:32:33.0324 1296 USBSTOR - ok
22:32:33.0334 1296 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:32:33.0334 1296 usbuhci - ok
22:32:33.0364 1296 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:32:33.0364 1296 usbvideo - ok
22:32:33.0394 1296 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:32:33.0404 1296 UxSms - ok
22:32:33.0414 1296 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:32:33.0414 1296 VaultSvc - ok
22:32:33.0434 1296 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:32:33.0434 1296 vdrvroot - ok
22:32:33.0454 1296 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:32:33.0464 1296 vds - ok
22:32:33.0484 1296 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:32:33.0494 1296 vga - ok
22:32:33.0494 1296 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:32:33.0504 1296 VgaSave - ok
22:32:33.0534 1296 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:32:33.0534 1296 vhdmp - ok
22:32:33.0564 1296 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:32:33.0564 1296 viaide - ok
22:32:33.0574 1296 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:32:33.0574 1296 volmgr - ok
22:32:33.0604 1296 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:32:33.0604 1296 volmgrx - ok
22:32:33.0654 1296 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:32:33.0664 1296 volsnap - ok
22:32:33.0684 1296 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:32:33.0684 1296 vsmraid - ok
22:32:33.0744 1296 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:32:33.0774 1296 VSS - ok
22:32:33.0794 1296 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:32:33.0794 1296 vwifibus - ok
22:32:33.0804 1296 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:32:33.0804 1296 vwififlt - ok
22:32:33.0854 1296 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:32:33.0854 1296 vwifimp - ok
22:32:33.0894 1296 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:32:33.0894 1296 W32Time - ok
22:32:33.0914 1296 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:32:33.0914 1296 WacomPen - ok
22:32:33.0944 1296 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:32:33.0944 1296 WANARP - ok
22:32:33.0954 1296 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:32:33.0964 1296 Wanarpv6 - ok
22:32:34.0014 1296 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:32:34.0054 1296 WatAdminSvc - ok
22:32:34.0114 1296 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:32:34.0164 1296 wbengine - ok
22:32:34.0194 1296 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:32:34.0194 1296 WbioSrvc - ok
22:32:34.0224 1296 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:32:34.0224 1296 wcncsvc - ok
22:32:34.0244 1296 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:32:34.0244 1296 WcsPlugInService - ok
22:32:34.0274 1296 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:32:34.0274 1296 Wd - ok
22:32:34.0304 1296 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
22:32:34.0304 1296 WDC_SAM - ok
22:32:34.0334 1296 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:32:34.0334 1296 Wdf01000 - ok
22:32:34.0374 1296 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:32:34.0374 1296 WdiServiceHost - ok
22:32:34.0374 1296 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:32:34.0384 1296 WdiSystemHost - ok
22:32:34.0404 1296 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:32:34.0404 1296 WebClient - ok
22:32:34.0434 1296 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:32:34.0434 1296 Wecsvc - ok
22:32:34.0464 1296 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:32:34.0464 1296 wercplsupport - ok
22:32:34.0484 1296 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:32:34.0494 1296 WerSvc - ok
22:32:34.0524 1296 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:32:34.0524 1296 WfpLwf - ok
22:32:34.0564 1296 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
22:32:34.0564 1296 WimFltr - ok
22:32:34.0594 1296 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:32:34.0594 1296 WIMMount - ok
22:32:34.0624 1296 WinDefend - ok
22:32:34.0634 1296 WinHttpAutoProxySvc - ok
22:32:34.0684 1296 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:32:34.0694 1296 Winmgmt - ok
22:32:34.0754 1296 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:32:34.0864 1296 WinRM - ok
22:32:34.0924 1296 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:32:34.0924 1296 WinUsb - ok
22:32:34.0974 1296 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:32:34.0994 1296 Wlansvc - ok
22:32:35.0044 1296 [ DE816A0624D54D68E1FB8A9028DCF81A ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
22:32:35.0044 1296 wltrysvc - ok
22:32:35.0084 1296 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:32:35.0084 1296 WmiAcpi - ok
22:32:35.0104 1296 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:32:35.0114 1296 wmiApSrv - ok
22:32:35.0134 1296 WMPNetworkSvc - ok
22:32:35.0174 1296 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:32:35.0174 1296 WPCSvc - ok
22:32:35.0194 1296 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:32:35.0204 1296 WPDBusEnum - ok
22:32:35.0274 1296 [ 3E66464AF36F7ACE319D51C41062760E ] WRSVC C:\Program Files\Webroot\WRSA.exe
22:32:35.0284 1296 WRSVC - ok
22:32:35.0304 1296 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:32:35.0304 1296 ws2ifsl - ok
22:32:35.0344 1296 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:32:35.0344 1296 wscsvc - ok
22:32:35.0354 1296 WSearch - ok
22:32:35.0434 1296 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:32:35.0484 1296 wuauserv - ok
22:32:35.0504 1296 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:32:35.0504 1296 WudfPf - ok
22:32:35.0534 1296 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:32:35.0534 1296 WUDFRd - ok
22:32:35.0564 1296 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:32:35.0564 1296 wudfsvc - ok
22:32:35.0594 1296 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:32:35.0594 1296 WwanSvc - ok
22:32:35.0634 1296 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
22:32:35.0644 1296 yukonw7 - ok
22:32:35.0674 1296 ================ Scan global ===============================
22:32:35.0704 1296 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:32:35.0734 1296 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:32:35.0744 1296 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:32:35.0784 1296 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:32:35.0804 1296 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:32:35.0814 1296 [Global] - ok
22:32:35.0814 1296 ================ Scan MBR ==================================
22:32:35.0824 1296 [ C3220EB08ADD62E3ED9F72A1F4E4B1BB ] \Device\Harddisk0\DR0
22:32:36.0084 1296 \Device\Harddisk0\DR0 - ok
22:32:36.0084 1296 ================ Scan VBR ==================================
22:32:36.0084 1296 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
22:32:36.0084 1296 \Device\Harddisk0\DR0\Partition1 - ok
22:32:36.0104 1296 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2
22:32:36.0104 1296 \Device\Harddisk0\DR0\Partition2 - ok
22:32:36.0104 1296 ============================================================
22:32:36.0104 1296 Scan finished
22:32:36.0104 1296 ============================================================
22:32:36.0114 4832 Detected object count: 0
22:32:36.0114 4832 Actual detected object count: 0
22:33:24.0884 4348 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-09 22:44:53
-----------------------------
22:44:53.295 OS Version: Windows x64 6.1.7601 Service Pack 1
22:44:53.295 Number of processors: 4 586 0x2505
22:44:53.295 ComputerName: F1MCLAREN UserName: Dave
22:44:54.365 Initialize success
22:46:30.995 AVAST engine defs: 12090901
22:46:43.075 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:46:43.085 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
22:46:43.095 Disk 0 MBR read successfully
22:46:43.095 Disk 0 MBR scan
22:46:43.105 Disk 0 Windows 7 default MBR code
22:46:43.105 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
22:46:43.125 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
22:46:43.145 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
22:46:43.165 Disk 0 scanning C:\Windows\system32\drivers
22:46:56.585 Service scanning
22:47:25.345 Modules scanning
22:47:25.355 Disk 0 trace - called modules:
22:47:25.365 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:47:25.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800697b060]
22:47:25.375 3 CLASSPNP.SYS[fffff88001baf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800496c050]
22:47:26.715 AVAST engine scan C:\Windows
22:47:30.735 AVAST engine scan C:\Windows\system32
22:51:06.726 AVAST engine scan C:\Windows\system32\drivers
22:51:22.476 AVAST engine scan C:\Users\Dave
22:53:47.128 AVAST engine scan C:\ProgramData
22:56:29.688 Scan finished successfully
22:57:25.488 Disk 0 MBR has been saved successfully to "C:\Users\Dave\Desktop\MBR.dat"
22:57:25.488 The log file has been saved successfully to "C:\Users\Dave\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:07 PM

Posted 10 September 2012 - 12:37 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 CypherPhilter

CypherPhilter
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 10 September 2012 - 01:40 AM

Hi gringo. I ran the script in combofix, no reboot needed. Things are still running smoothly but I have a few questions.
1: I use firefox as my main browser, the past few times I have opened it up it has asks me if I would like to set it as my default browser(which it should already be). Is this something from these scans or possibly something different.
2: There are still some locked files, should I continue unlocking manually or is there something that may do it for me in restoring Administrator right?
3: I use a 1TB external drive for storage of media and backups. It was attached during the initial infections, Should I attach the drive at any point or run any scans other than my antivrus on it to make sure it too is clean too?

Here is the requested log.


ComboFix 12-09-09.02 - Dave 09/10/2012 1:44.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2117 [GMT -4:00]
Running from: c:\users\Dave\Downloads\AV Help\ComboFix.exe
Command switches used :: c:\users\Dave\Downloads\AV Help\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
.
.
2012-09-10 05:52 . 2012-09-10 05:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 22:18 . 2012-09-09 22:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C2540BA-DA2B-43A6-8D08-7D3194134181}\offreg.dll
2012-09-09 21:49 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C2540BA-DA2B-43A6-8D08-7D3194134181}\mpengine.dll
2012-09-08 19:16 . 2012-09-08 19:18 -------- d-----w- C:\4b7c77f36bf1771e749338eb
2012-09-05 17:29 . 2012-09-05 17:29 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-05 16:59 . 2012-09-05 16:59 -------- d-----w- c:\users\Dave\AppData\Roaming\Avira
2012-09-05 16:54 . 2012-09-09 19:17 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-05 16:54 . 2012-09-09 19:17 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-05 16:54 . 2011-09-16 20:09 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-05 16:53 . 2012-09-05 16:53 -------- d-----w- c:\programdata\Avira
2012-09-05 16:53 . 2012-09-05 16:53 -------- d-----w- c:\program files (x86)\Avira
2012-09-02 21:09 . 2012-09-02 21:09 -------- d-----w- c:\users\Dave\AppData\Local\ElevatedDiagnostics
2012-09-02 17:06 . 2012-09-02 17:06 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-09-02 17:05 . 2012-09-09 22:05 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-09-02 10:27 . 2012-09-02 10:27 -------- d-----w- c:\users\Dave\AppData\Local\Immunet
2012-09-02 10:27 . 2012-09-09 18:53 -------- d-----w- c:\programdata\Immunet
2012-09-02 10:26 . 2012-09-09 18:53 -------- dc----w- c:\windows\system32\DRVSTORE
2012-09-02 10:26 . 2012-09-09 18:53 -------- d-----w- c:\program files\Immunet
2012-08-23 23:21 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-23 23:16 . 2012-06-29 03:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-08-23 23:16 . 2012-06-29 03:50 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-08-23 23:16 . 2012-06-29 00:10 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-08-23 23:16 . 2012-06-29 00:10 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-08-23 23:16 . 2012-06-29 04:55 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-08-23 23:16 . 2012-06-29 04:09 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-23 22:51 . 2012-08-23 22:51 -------- d-----w- c:\programdata\PC-Doctor for Windows
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 22:05 . 2011-12-26 22:19 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-09-02 17:08 . 2012-06-08 09:24 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2012-09-02 17:08 . 2011-12-26 22:19 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2012-09-02 17:05 . 2011-12-29 08:35 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-08-03 08:27 . 2011-12-28 18:45 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-07 04:58 . 2012-05-03 04:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-07 04:58 . 2012-01-11 00:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 06:50 . 2012-06-13 06:50 0 ----a-w- c:\windows\SysWow64\SET47AA.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRO Landscape Dashboard"="c:\program files (x86)\Drafix\PRO Landscape\PRO Landscape Dashboard.exe" [2005-12-27 3596288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-08-28 712040]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-09 348664]
.
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
2;2 WRSVC;WRSVC [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-29 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-02 250984]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-17 325152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-27 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-09 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-05-10 10920]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-09 86224]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-03 20984]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-30 53800]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-30 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 289280]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 68571474
*Deregistered* - 68571474
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-08-23 05:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\2k6h8u8e.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-10 01:54:58
ComboFix-quarantined-files.txt 2012-09-10 05:54
ComboFix2.txt 2012-09-09 22:26
.
Pre-Run: 347,427,315,712 bytes free
Post-Run: 347,117,051,904 bytes free
.
- - End Of File - - 3E18110374A235AE0C4A3801FBDD21E0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:07 PM

Posted 10 September 2012 - 07:50 AM

Hello


1.yes this is caused by our tools

2. which files are locked?

3. run the onboard ativirus and if it finds something let me know


:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Adobe Reader 9.1
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Edited by gringo_pr, 10 September 2012 - 07:50 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 CypherPhilter

CypherPhilter
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 10 September 2012 - 04:14 PM

I scanned the external and C:, nothing found in either with Avira, nothing abnormal popped up with the realtime scanner either. As for the locked files, things like C\users\dave\local\temporary internet files and \history; c\pagefile; c\hiberfil, some others i'm sure. Afterall most people don't strategically go through all their files manually to try and diagnose a problem. Below is the original AVG scan that sent me into a panic to start restoring Admin rights. Now both I and the scanners can access everything but there is stil a lil padlock on the files. After a while it seemed to daunting of a task but things are getting much better and my box much faster with your help so again thank you! Off to start your current recommendations now. BTW the ccleaner.com went to server not found. All services are downloaded, printout made. Be back soon.

AVG 2012 Anti-Virus command line scanner
Copyright © 1992 - 2012 AVG Technologies
Program version 2012.0.2197, engine 2012.0.2437
Virus Database: Version 2437/5203 2012-08-15

C:\Documents and Settings\ Locked file. Not tested.
C:\hiberfil.sys Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00daa716f6bdfed5db9ad1f3c27afe68_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\023f133d8fa3bda8e1c2267a8a05d62d_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\02da452dbd26b6b08eba803ecf93d7f8_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07932b1f327b0c0e81c2855294e2644a_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1192e5fe8e4af70195d2e7b34938203c_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1729bd81170a3398c44737866f9edf21_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1958837908b0f2ddea845668262a7480_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\226b6fcc1ae6c2422398d0a2f4f2fd34_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2305d8df05c9baf8a48bca427effbccd_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\238c6fdb68b99a818e7c3c3e56af49e4_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\287d6388a9d9afe312eddb7bf63289a3_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\292a60a29676e96057fb58b2cca7a016_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\29376f656d527c111b9050f4dd826749_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a21fbc784507c187bd5e242922dba5a_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d5f157f7836f1fa6735ca42949694e9_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2e63a16b51ed670279518b9e8e6fea26_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2f69de42c974382f1e23f760207f832b_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2fd95f827f91e5d94964755e5655524a_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\30ad6514f9550a37cfd431420f067b6e_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\33e4578a9cb3658a34ca34e0a79fcbe6_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3cb3b9b3d5734d3448b584b1fa9c5d1e_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3f1d467132e57491cc1ba9dc49e2a3f9_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\47d4bc59271865146694d7185066ec15_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\485115cea0941ab0cbd6f13d1337fcf6_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a8a82c02ca3796098956cb1f5c9c2c2_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4f39c347a39faedadf54961cd8b621ad_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\56760b0412716e81267cd0ca69d44911_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5e88fe7c774a7d5d5c85abe9ad577e76_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5e9cc0a0a3c9c582c92c1c90684c64b7_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\63c8c33fbea657d8f1a403febc9f2b4d_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6434b93c29ffbd5858e0c7c89bbe9bcc_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\68478524c432e8966d256f9b22b78e81_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d5875be9007d872e7c2b016839d8e0b_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6eec7a676df75733511235b90476465a_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\779d9e8b63ea9c51d6b2fa37a1822d24_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\793346a405725088f18561c24db34c33_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7b4dcbb3a0f217cc1ed78b79084eaa15_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7c3e999b33d2eeb03612e69d8fbda46e_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7e8ced9fff9ebc7ffe5f2b9c4b68e488_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8080b20e072822e3a91a63b15fca97cd_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\85a370ea54446c05beeed769c10fd0ce_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8741d092b38bb24af75c6986fbee1a2b_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8bbe6a8121bbb1a5e8e960be54bee502_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d90cb31a0b871f762e557018193d713_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\93bccb1b3decd87a5dd03b0869cc5e5b_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\945ec30ee2cd84311f9c31ee124b4640_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9662432d96455a80f928dddf3546ffa8_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\98fee7b367f4bd2d07465ad55f8b384e_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9ce245c4eb1bc669daceb9f0931f19cd_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d02f3edb4d19c3bdbabb62dd48d30fe_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a4e36a058306d4a2ddecdee1088ae728_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a568c91b5b1ccc0b67851b6ebbd35b10_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a82cd4304a4336ed9a7a8bbdacb36224_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\af17671dab5ccf9babcd8407b9c7d5fc_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b10554e30e5538fc6062da694ed9a98c_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b5405ac767fdf4d3d42d9bc3acf7e98c_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b79e12a7b2bc7f120a8eee2b8e7398b2_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\baa568950f3011f20dc1010bd1fb2b21_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bce7da789304bbf47b500f9007a1a65c_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c084c4f5427f316fa9ed5879c3a18c62_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c3776721d1b22d2d7d9a4ac80884be0b_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c52dcc39824ac8e5f2bb3df0697c6a16_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c71af152d0625eba39b09ff54fb0a449_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ccd5376749b01c455007a04ab3e6c96f_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ce06cfa52bac7cb75d211072b68def5b_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d11625a6d0ba2e94f4f2411e64075e7d_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d43e44e70c5557ea06527dee8822598d_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d58893e50c7851e0d56d7342090cda38_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d9ebbf3491b0f9822df8bf69d02f74fd_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\de23f30682cfe45216d6e915826cbcbd_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df55197cf6e6dcbffc1611236451a428_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e0c5f19f383fe63d971fa4b777c188cb_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e20ce1df5c12eef2ea25ba80c04434a4_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e81620d2ecf5ddae65e4cf91bbd76898_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e9616fb39a1eb306eb718946d5581179_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eb9bb1280c168076aa7638755fbf863f_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee7d31a4cd82dd43cc5b3645293d0738_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f1ae279fad0fd85359acf30f60962344_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f330adb7bfb41c1f0dad0edb60e0e2e6_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f47b8b740ef04de4c71e333f28dd909f_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f54013046cf85059e9b659e994b69627_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f6244fc520b89fc4110ab301a4afa285_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f68f57874b832d58c3cb8b2afcf50a16_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f6ab4f6f8aa2aec241243cd17b10c1be_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f99089859737a07810c74a23ce4b5a99_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fa05dc44eb4e145e5d6420016e8f4b46_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\faf36daab908e29b0e6d4bfab34dd282_1beb4c89-aa09-47a9-b369-05f1895b8c00 Locked file. Not tested.
C:\ProgramData\Templates\ Locked file. Not tested.
C:\System Recovery\ Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\Users\Dave\AppData\Local\History\ Locked file. Not tested.
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Users\Dave\Documents\My Music\ Locked file. Not tested.
C:\Users\Dave\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Dave\Documents\My Videos\ Locked file. Not tested.
C:\Users\Dave\NetHood\ Locked file. Not tested.
C:\Users\Dave\ntuser.dat Locked file. Not tested.
C:\Users\Dave\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\Dave\ntuser.dat.LOG2 Locked file. Not tested.
C:\Users\Dave\PrintHood\ Locked file. Not tested.
C:\Users\Dave\Templates\ Locked file. Not tested.
C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
C:\Users\Default\Documents\My Music\ Locked file. Not tested.
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
C:\Users\Default\NetHood\ Locked file. Not tested.
C:\Users\Default\PrintHood\ Locked file. Not tested.
C:\Users\Default\Templates\ Locked file. Not tested.
C:\Users\Public\Documents\My Music\ Locked file. Not tested.
C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Public\Documents\My Videos\ Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 Locked file. Not tested.
C:\Windows\System32\catroot2\edb.log Locked file. Not tested.
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\config\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SAM Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SECURITY Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.

------------------------------------------------------------
Test started: 21.8.2012 15:24:53
Duration of test: 39 minute(s) 38 second(s)
------------------------------------------------------------
Objects scanned : 1679625
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------

#10 CypherPhilter

CypherPhilter
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 10 September 2012 - 05:23 PM

Ok, ran all requested services an deleted requested files. Haven't yet done a system tour but things keep getting better/faster. Earlier when I went to the CCleaner.com it wasn't working but after installing java I went back and it was there so it too was ran. MBAM ran without a hitch, 0 detections. here are the MBAM and Hijackthis logs. Thanks and awaiting the next request.


Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.10.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dave :: F1MCLAREN [administrator]

Protection: Enabled

9/10/2012 6:09:24 PM
mbam-log-2012-09-10 (18-09-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200983
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:14:45 PM, on 9/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Dave\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [PRO Landscape Dashboard] C:\Program Files (x86)\Drafix\PRO Landscape\PRO Landscape Dashboard.exe /hide
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Absolute Notifier (AbsoluteNotifier) - Absolute Software - C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Encrypting File System (EFS) (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe

--
End of file - 13046 bytes

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:07 PM

Posted 10 September 2012 - 08:44 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
      O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
      O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
      O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 CypherPhilter

CypherPhilter
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 11 September 2012 - 01:30 AM

Hello Gringo,

Thank you for all your help, I will be re running hijackthis and Eset 1st thing in the morning. For my IE, should I update it 1st before running the program? I rarely use it, actually the only use it gets is when i accidentally click it instead of the Windows explorer icon on the start bar! Also the programs listed are ones I will be happy to take off startup. A few last questions if you don't mind.
1: For the webroot that is only "virtually uninstalled" since its not in the revo or in add/remove programs list, should I run an uninstall on the WRSA.exe with REVO or reinstall and re uninstall through windows to get rid of it and it's components still present?
2: These logs are honestly still greek to me but should this part of the Hijackthis log be any concern?
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
the reason I ask is mainly due to the C:\MSOCache file was one of the original files locked.
3: Some files are still locked, including something in the recycle bin[c:\$RECYCLE.BIN\S-1-5-18] which is inaccessible. I took a screenshot of my desktop earlier of the recycle bin file open and empty but the bin's *ico still showing trash in it. I don't wish to attach something again without consent, would you like to see?
3a: With some of these locked files, should I post something in a security forum to find out if this is something serious or benign?

To my knowledge I would think my computer is clean, but then again this is why I had to come to an expert in the 1st place. I thank you greatly for all your help Gringo. I wish I could give back right now but I can't, although you can count on a xmas bonus!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:07 PM

Posted 11 September 2012 - 01:39 AM

1: For the webroot that is only "virtually uninstalled" since its not in the revo or in add/remove programs list, should I run an uninstall on the WRSA.exe with REVO or reinstall and re uninstall through windows to get rid of it and it's components still present?

I would reinstall it and then uninstall it to see if it leaves

2: These logs are honestly still greek to me but should this part of the Hijackthis log be any concern?
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
the reason I ask is mainly due to the C:\MSOCache file was one of the original files locked.

this file is OK - http://www.systemlookup.com/search.php?type=filename&search=MSOXMLMF.DLL&s=

3: Some files are still locked, including something in the recycle bin[c:\$RECYCLE.BIN\S-1-5-18] which is inaccessible. I took a screenshot of my desktop earlier of the recycle bin file open and empty but the bin's *ico still showing trash in it. I don't wish to attach something again without consent, would you like to see?

try this for the recycle bin - http://www.ehow.com/how_8675977_delete-recycle-bin-command-prompt.html

3a: With some of these locked files, should I post something in a security forum to find out if this is something serious or benign?

what other files are locked?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 CypherPhilter

CypherPhilter
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 12 September 2012 - 12:30 AM

Locked files and folders. There were over 500 at one point, I'm still in the processes of restoring rights to them little by little. For the previous one in question in C:\$recyclebin\S-1-5-18, I added my username to its permission with full control and it turned out to be another recycle bin... A mirror or something. Still going see what may be in there with the link you sent with CMD prompt. Current files I haven't yet restored rights to that I'm aware of:
C:\System Recovery
all files in C:\4b7c77f36bf1771e749338eb, Unlocked a few files inside to see what it may be, had an EULA for MICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIES WITH SERVICE PACK 1, some installers like msp_kb2565063.exe and vc_red.exe
All mirrors of \Temporary Internet Files and \History
C:\Pagefile & C:\Hiberfil (i know i shouldn't mess with the page file, but the other I was going to temporarily delete in CMD Powercfg and then restore it just to see what happens)
C:\Config.Msi
More I'm sure, I keep right clicking files to see if the admin symbol is by rename or delete, this let me know I don't have permissions on that file

Other things like C:\User\Username\Application Data, This folder seems to be an open loop, it can be clicked a thousand times and it will add another \Application Data to the file extention instead of opening the file.

Here's the latest scan from ESET, came up with a few things. One is DaemonTools that was downloaded a long time ago. The other is Bloatware that I don't use and wouldn't mind it being gone.


C:\Documents and Settings\Dave\Downloads\Programs\DTLite4453-0297.exe Win32/OpenCandy application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\Dave\Downloads\Programs\DTLite4453-0297.exe Win32/OpenCandy application

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:07 PM

Posted 12 September 2012 - 12:40 AM

Greetings

I do not know if those files are supposed to be locked or not so be carefull

you can use this to unlock them

Download this tool and save it to the desktop: http://download.bleepingcomputer.com/sUBs/...xes/Inherit.exe


just drag and drop the folder or file on top of inherit and that is it



delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Dave\Downloads\Programs\DTLite4453-0297.exe"
    del /f /s /q "C:\Documents and Settings\Dave\Downloads\Programs\DTLite4453-0297.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users