Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads in bottom right and left corners (IE), redirect virus


  • This topic is locked This topic is locked
29 replies to this topic

#1 amywynne

amywynne

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 17 September 2012 - 05:59 PM

Hi, thank you for any help.

I have attached a couple of screen shots of the ads I get, btw,it seems a little like the "recommended for you" virus but also with legitimate-looking ads in the left-had corner (usually something like State Farm Insurance). Redirects often go to sites related to the topic of the page I was previously on (ie. Norton, etc). Note: ads and redirects don't happen on Google sites or Facebook, but the minute I browse elsewhere they appear. I first noticed them only in an online CRM system I use, I thought that provider had started running ads.

I have MS security essentials, and have also scanned with housecall, malware bytes, adaware, I think that was all, but they all came up clean.

Probably not an issue, but I did try to follow a forum and root about myself, and after blue-screening several times with combofix and then losing internet connectability beyond my ability to repair it I did a system restore to back before I started all that craziness. If that would have left some residual issues I just thought I'd point it out, lol. I ran rougue killer, tdss, combofix I think? Anyway, I restored to before I downloaded any of it.

Thanks for any and all help!

Amy

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Amy at 15:34:55 on 2012-09-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.3801 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\ByStorm Software\FileSure\SoxAuditService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Amy\Downloads\ListITQuick.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = https://www.google.com/webhp?rls=ig
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
StartupFolder: C:\Users\Amy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LISTIT~1.LNK - C:\Users\Amy\Downloads\ListITQuick.exe
StartupFolder: C:\Users\Amy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\system32\RunDll32.exe
StartupFolder: C:\Users\Amy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/70.22/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{BB3E2F28-6325-4E23-979D-C68E3EBA7837} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{FB47059B-DD44-48AB-9F29-20AFF374F56D} : DhcpNameServer = 163.244.194.254 163.244.212.254 163.244.194.42 163.244.199.61
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 64.27.10.42 www.google-analytics.com.
Hosts: 64.27.10.42 ad-emea.doubleclick.net.
Hosts: 64.27.10.42 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-26 189736]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-10 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-10 676936]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-8-17 2024864]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 SOXAUDIT;ByStorm FileSure Service;C:\Program Files (x86)\ByStorm Software\FileSure\SoxAuditService.exe [2010-6-3 3398656]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
R3 SoxAuditor;SoxAuditor;C:\Windows\system32\DRIVERS\SoxAudit64.sys --> C:\Windows\system32\DRIVERS\SoxAudit64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-13 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-13 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;C:\Windows\system32\DRIVERS\MAudioFastTrack.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-17 21:34:53 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3E5D3FDA-E9FA-4E26-BDFF-7A7F3A9AA65D}\mpengine.dll
2012-09-17 21:25:19 -------- d-----w- C:\Users\Amy\AppData\Local\{87A05AF3-14DF-442D-9B59-9CA181745C0D}
2012-09-17 21:24:27 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-17 21:12:07 -------- d-----w- C:\Users\Amy\AppData\Local\{7ABE2FD3-9F53-49E1-9CA1-A18AFDF0A432}
2012-09-16 22:46:28 -------- d-----w- C:\Roxio
2012-09-16 16:33:21 -------- d-----w- C:\Users\Amy\AppData\Local\{B50866AD-F6DC-4EC5-B05B-1C9A83C9F8EF}
2012-09-15 20:15:49 -------- d-----w- C:\Users\Amy\AppData\Local\{F8BF8FD5-9BAA-4354-A300-7D829662C819}
2012-09-13 15:18:36 -------- d-----w- C:\Users\Amy\AppData\Local\{12E233EF-B9C7-436E-9824-DDB1D352B1F0}
2012-09-12 20:09:56 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 20:09:56 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 20:09:55 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 20:09:55 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 20:09:54 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 20:09:54 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 20:09:54 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 15:04:29 -------- d-----w- C:\Users\Amy\AppData\Local\{15786F11-D1D9-4675-A428-4B985E4406E2}
2012-09-11 15:20:54 -------- d-----w- C:\Users\Amy\AppData\Local\{B4370B33-346B-447A-9D60-D307644662F5}
2012-09-10 21:31:37 -------- d-----w- C:\Users\Amy\AppData\Roaming\Malwarebytes
2012-09-10 21:31:25 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-10 21:31:24 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-10 21:31:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-10 20:47:00 -------- d-----w- C:\Users\Amy\AppData\Local\{49107AE3-02C3-4610-ACDF-5773917D1712}
2012-09-09 15:51:52 -------- d-----w- C:\Users\Amy\AppData\Local\{66313D1A-5BEC-4F5D-AF6E-CE5142D8A93A}
2012-09-08 23:50:38 -------- d-----w- C:\Users\Amy\AppData\Local\{7A666791-3112-485D-BC53-54E2D248F986}
2012-09-08 03:52:18 -------- d-----w- C:\Users\Amy\AppData\Local\{5830616C-67AA-43D2-9AD1-6487D2715B82}
2012-09-06 15:33:45 -------- d-----w- C:\Users\Amy\AppData\Local\{FB7D5C33-063B-4319-8F00-0015A019C8AB}
2012-09-04 15:32:43 -------- d-----w- C:\Users\Amy\AppData\Local\{C12AF422-A081-4B07-BEB1-8A720244449D}
2012-09-03 01:58:29 -------- d-----w- C:\Users\Amy\AppData\Local\{F7F4A1CE-64DC-456D-893E-70BC24D733B4}
2012-09-02 00:35:55 -------- d-----w- C:\Users\Amy\AppData\Local\{D333A521-4BCB-4625-B976-CC57BED51814}
2012-08-31 16:23:48 -------- d-----w- C:\Users\Amy\AppData\Local\{2F3F6DEF-9AD0-4618-9B94-7326DEF6AEB6}
2012-08-29 17:42:29 -------- d-----w- C:\Users\Amy\AppData\Local\{80330BF1-7A76-4AA0-A3E2-4B8C34AD8ADC}
2012-08-28 16:46:46 -------- d-----w- C:\Users\Amy\AppData\Local\{B91763D6-D08B-4FD3-9DAC-84B8B6C1DEF9}
2012-08-27 01:16:56 -------- d-----w- C:\Users\Amy\AppData\Local\{98DBEA21-326C-4F90-9CA6-2D8E01C2BD67}
2012-08-26 03:38:17 -------- d-----w- C:\Users\Amy\AppData\Local\{E6FD78C0-C828-4EBE-9FF4-2EBD53843174}
2012-08-25 14:46:24 -------- d-----w- C:\Users\Amy\AppData\Local\{A1305FB4-7E71-419B-8A38-3A615D3C1283}
2012-08-23 14:38:25 -------- d-----w- C:\Users\Amy\AppData\Local\{B485C1CB-5FFF-4E1B-AE33-CF47FF8B0B1C}
2012-08-21 17:55:54 -------- d-----w- C:\Users\Amy\AppData\Local\{6702E4AB-49F6-42D5-98D5-5A7E38ADF89B}
2012-08-20 05:55:07 -------- d-----w- C:\Users\Amy\AppData\Local\{D0988322-5FAA-4143-B898-70FCCAF12865}
.
==================== Find3M ====================
.
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-26 15:39:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-26 15:39:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 15:35:33.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 17 September 2012 - 09:49 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 amywynne

amywynne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 18 September 2012 - 01:34 AM

Thanks Gringo, here are results of requested steps. Still getting ads in IE.
Had already done defogger.

# AdwCleaner v2.002 - Logfile created 09/17/2012 at 23:25:37
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Amy - BLACKSHEEP
# Boot Mode : Normal
# Running from : C:\Users\Amy\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[S1].txt - [1128 octets] - [17/09/2012 23:25:37]

########## EOF - C:\AdwCleaner[S1].txt - [1188 octets] ##########


RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Amy [Admin rights]
Mode : Remove -- Date : 09/17/2012 23:30:06

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[STARTUP][BLACKLIST DLL] Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk @Amy : C:\Windows\system32\RunDll32.exe|"C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN24E541BB05PJ;CONNECTION=USB;MONITOR=1; -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
64.27.10.42 www.google-analytics.com.
64.27.10.42 ad-emea.doubleclick.net.
64.27.10.42 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1001FAES-75W7A0 ATA Device +++++
--- User ---
[MBR] d549e38a0d981962c8721acfd298b9d4
[BSP] fdfad5fee28fbdbc55fd97c029abe308 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 8618 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 17778688 | Size: 945187 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Edited by amywynne, 18 September 2012 - 01:37 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 18 September 2012 - 01:37 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 amywynne

amywynne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 18 September 2012 - 01:52 PM

Thanks Gringo.

I disabled virus scanner, saved combofix download to desktop, closed everything, ran it.

It made it through all 50 stages pretty quickly (~5 min), said it was deleting a freeware ftp program that I didn't remember having (?blush), and then rebooted my computer.

This is the part that may be user error . . . it was sitting at the login screen so I typed in my password and hit enter, trying to be very careful not to hit the mouse or inadvertently tell it to do anything else.

It came back to my desktop with combofix window open saying it was preparing log file so I touched nothing, it sat like that for almost an hour.

While I was out of the room, something else transpired because now it isn't even a blue screen, but total black, the monitor says it doesn't recognize a signal when I turn it off and back on but the cpu light is on and I periodically hear something burgling down there.

Obviously, writing from another computer. [as a side note, this is the kind of situation I got into with combofix a couple of days ago, and did eventually bring it back to the point where I could get to a system restore point and go back to before I'd downloaded, but last time it was a blue screen with a cursor it froze at, not a total blackout].

Pls advise :)!

Thanks!
Amy

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 18 September 2012 - 02:37 PM

try and restart the computer


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 amywynne

amywynne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 18 September 2012 - 02:48 PM

Thanks. Did hard reboot with button. Left off for 10 seconds. Chose option to start in normal mode to see what would happen. Made it past login to desktop. Combofix not visibly running. There is no log for combofix generated/stored on the C:/ drive. Internet is inaccessible. And, if this is like before, machine will crash if I mess with it too much at this point. Awaiting next steps :).

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 18 September 2012 - 03:15 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 amywynne

amywynne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 18 September 2012 - 03:30 PM

Just FYI, when I returned to other room the machine was in previous state again: no communication with monitor but light on, CPU running. I can reboot and run the programs you've listed by loading them from a pen drive to the desktop, but note that I will not be able to download extra definitions when I run program because there is currently no internet connectivity on that machine from whatever unfinished state combofix has left it. Thanks.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 18 September 2012 - 04:03 PM

Hello


I want you to navigate to this file and right click on it and select run as admin - C:\WINDOWS\ERDNT\Hiv-backup\erdnt.exe

restart the computer and check for internet



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 amywynne

amywynne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 18 September 2012 - 05:10 PM

OK. I had transfered and was running the executables when I saw your last post, just for the sake of complete information--the computer stalled and had to be hard-rebooted again after TDSS killer (I restarted in safe mode and shut down properly to try to see if it would be a bit more stable thereafter). I did use your method to restore the registry, and it DID repair my internet connection. I was able to run Avast with the updated virus files. Here are results (TDSS before registry restore, Avast looks like it reported both times it was run, before internet connectivity and after). Thanks again for continued assistance!

13:35:36.0346 7104 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:35:36.0377 7104 ============================================================
13:35:36.0377 7104 Current date / time: 2012/09/18 13:35:36.0377
13:35:36.0377 7104 SystemInfo:
13:35:36.0377 7104
13:35:36.0377 7104 OS Version: 6.1.7601 ServicePack: 1.0
13:35:36.0377 7104 Product type: Workstation
13:35:36.0377 7104 ComputerName: BLACKSHEEP
13:35:36.0377 7104 UserName: Amy
13:35:36.0377 7104 Windows directory: C:\Windows
13:35:36.0377 7104 System windows directory: C:\Windows
13:35:36.0377 7104 Running under WOW64
13:35:36.0377 7104 Processor architecture: Intel x64
13:35:36.0377 7104 Number of processors: 4
13:35:36.0377 7104 Page size: 0x1000
13:35:36.0377 7104 Boot type: Normal boot
13:35:36.0377 7104 ============================================================
13:35:37.0157 7104 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:35:37.0172 7104 ============================================================
13:35:37.0172 7104 \Device\Harddisk0\DR0:
13:35:37.0172 7104 MBR partitions:
13:35:37.0172 7104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x10D5000
13:35:37.0172 7104 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10F4800, BlocksNum 0x73611800
13:35:37.0172 7104 ============================================================
13:35:37.0204 7104 C: <-> \Device\Harddisk0\DR0\Partition2
13:35:37.0204 7104 ============================================================
13:35:37.0204 7104 Initialize success
13:35:37.0204 7104 ============================================================
13:36:06.0625 6556 ============================================================
13:36:06.0625 6556 Scan started
13:36:06.0625 6556 Mode: Manual;
13:36:06.0625 6556 ============================================================
13:36:08.0279 6556 ================ Scan system memory ========================
13:36:08.0279 6556 System memory - ok
13:36:08.0279 6556 ================ Scan services =============================
13:36:08.0669 6556 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:36:08.0762 6556 1394ohci - ok
13:36:08.0840 6556 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:36:08.0840 6556 ACPI - ok
13:36:08.0872 6556 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:36:08.0872 6556 AcpiPmi - ok
13:36:09.0090 6556 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:36:09.0090 6556 AdobeARMservice - ok
13:36:09.0184 6556 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:36:09.0199 6556 adp94xx - ok
13:36:09.0230 6556 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:36:09.0246 6556 adpahci - ok
13:36:09.0293 6556 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:36:09.0308 6556 adpu320 - ok
13:36:09.0355 6556 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:36:09.0371 6556 AeLookupSvc - ok
13:36:09.0464 6556 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:36:09.0464 6556 AFD - ok
13:36:09.0511 6556 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:36:09.0511 6556 agp440 - ok
13:36:09.0527 6556 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:36:09.0527 6556 ALG - ok
13:36:09.0558 6556 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:36:09.0574 6556 aliide - ok
13:36:09.0589 6556 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:36:09.0589 6556 amdide - ok
13:36:09.0620 6556 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:36:09.0620 6556 AmdK8 - ok
13:36:09.0652 6556 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:36:09.0667 6556 AmdPPM - ok
13:36:09.0698 6556 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:36:09.0730 6556 amdsata - ok
13:36:09.0808 6556 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:36:09.0823 6556 amdsbs - ok
13:36:09.0839 6556 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:36:09.0870 6556 amdxata - ok
13:36:09.0964 6556 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:36:09.0964 6556 AppID - ok
13:36:09.0995 6556 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:36:09.0995 6556 AppIDSvc - ok
13:36:10.0026 6556 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:36:10.0026 6556 Appinfo - ok
13:36:10.0088 6556 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:36:10.0088 6556 arc - ok
13:36:10.0104 6556 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:36:10.0104 6556 arcsas - ok
13:36:10.0120 6556 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:36:10.0135 6556 AsyncMac - ok
13:36:10.0151 6556 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:36:10.0166 6556 atapi - ok
13:36:10.0229 6556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:36:10.0229 6556 AudioEndpointBuilder - ok
13:36:10.0244 6556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:36:10.0260 6556 AudioSrv - ok
13:36:10.0291 6556 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:36:10.0307 6556 AxInstSV - ok
13:36:10.0385 6556 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:36:10.0400 6556 b06bdrv - ok
13:36:10.0447 6556 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:36:10.0447 6556 b57nd60a - ok
13:36:10.0478 6556 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:36:10.0494 6556 BDESVC - ok
13:36:10.0525 6556 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:36:10.0525 6556 Beep - ok
13:36:10.0603 6556 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:36:10.0603 6556 BFE - ok
13:36:10.0619 6556 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
13:36:10.0666 6556 BITS - ok
13:36:10.0697 6556 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:36:10.0697 6556 blbdrive - ok
13:36:10.0744 6556 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:36:10.0744 6556 bowser - ok
13:36:10.0759 6556 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:36:10.0759 6556 BrFiltLo - ok
13:36:10.0775 6556 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:36:10.0775 6556 BrFiltUp - ok
13:36:10.0806 6556 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:36:10.0806 6556 BridgeMP - ok
13:36:10.0868 6556 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:36:10.0868 6556 Browser - ok
13:36:10.0884 6556 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:36:10.0884 6556 Brserid - ok
13:36:10.0884 6556 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:36:10.0900 6556 BrSerWdm - ok
13:36:10.0915 6556 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:36:10.0915 6556 BrUsbMdm - ok
13:36:10.0915 6556 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:36:10.0915 6556 BrUsbSer - ok
13:36:10.0931 6556 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:36:10.0931 6556 BTHMODEM - ok
13:36:10.0946 6556 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:36:10.0946 6556 bthserv - ok
13:36:11.0149 6556 catchme - ok
13:36:11.0165 6556 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:36:11.0165 6556 cdfs - ok
13:36:11.0196 6556 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:36:11.0196 6556 cdrom - ok
13:36:11.0227 6556 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:36:11.0227 6556 CertPropSvc - ok
13:36:11.0227 6556 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:36:11.0243 6556 circlass - ok
13:36:11.0243 6556 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:36:11.0258 6556 CLFS - ok
13:36:11.0305 6556 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:36:11.0305 6556 clr_optimization_v2.0.50727_32 - ok
13:36:11.0336 6556 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:36:11.0352 6556 clr_optimization_v2.0.50727_64 - ok
13:36:11.0430 6556 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:36:11.0461 6556 clr_optimization_v4.0.30319_32 - ok
13:36:11.0477 6556 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:36:11.0492 6556 clr_optimization_v4.0.30319_64 - ok
13:36:11.0508 6556 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:36:11.0508 6556 CmBatt - ok
13:36:11.0539 6556 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:36:11.0539 6556 cmdide - ok
13:36:11.0570 6556 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:36:11.0570 6556 CNG - ok
13:36:11.0586 6556 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:36:11.0586 6556 Compbatt - ok
13:36:11.0617 6556 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:36:11.0617 6556 CompositeBus - ok
13:36:11.0617 6556 COMSysApp - ok
13:36:11.0633 6556 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:36:11.0633 6556 crcdisk - ok
13:36:11.0726 6556 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:36:11.0726 6556 CryptSvc - ok
13:36:11.0758 6556 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:36:11.0773 6556 DcomLaunch - ok
13:36:11.0789 6556 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:36:11.0789 6556 defragsvc - ok
13:36:11.0820 6556 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:36:11.0820 6556 DfsC - ok
13:36:11.0914 6556 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:36:11.0914 6556 Dhcp - ok
13:36:11.0929 6556 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:36:11.0929 6556 discache - ok
13:36:11.0976 6556 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:36:11.0992 6556 Disk - ok
13:36:12.0023 6556 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:36:12.0023 6556 Dnscache - ok
13:36:12.0132 6556 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
13:36:12.0132 6556 DockLoginService - ok
13:36:12.0163 6556 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:36:12.0163 6556 dot3svc - ok
13:36:12.0194 6556 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:36:12.0194 6556 DPS - ok
13:36:12.0241 6556 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:36:12.0241 6556 drmkaud - ok
13:36:12.0288 6556 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:36:12.0288 6556 DXGKrnl - ok
13:36:12.0304 6556 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:36:12.0304 6556 EapHost - ok
13:36:12.0413 6556 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:36:12.0460 6556 ebdrv - ok
13:36:12.0491 6556 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:36:12.0491 6556 EFS - ok
13:36:12.0522 6556 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:36:12.0538 6556 ehRecvr - ok
13:36:12.0553 6556 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:36:12.0553 6556 ehSched - ok
13:36:12.0584 6556 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:36:12.0584 6556 elxstor - ok
13:36:12.0616 6556 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:36:12.0631 6556 ErrDev - ok
13:36:12.0678 6556 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:36:12.0694 6556 EventSystem - ok
13:36:12.0740 6556 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:36:12.0756 6556 exfat - ok
13:36:12.0772 6556 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:36:12.0772 6556 fastfat - ok
13:36:12.0818 6556 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:36:12.0818 6556 Fax - ok
13:36:12.0834 6556 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:36:12.0834 6556 fdc - ok
13:36:12.0865 6556 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:36:12.0865 6556 fdPHost - ok
13:36:12.0865 6556 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:36:12.0865 6556 FDResPub - ok
13:36:12.0896 6556 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:36:12.0896 6556 FileInfo - ok
13:36:12.0896 6556 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:36:12.0896 6556 Filetrace - ok
13:36:12.0928 6556 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:36:12.0928 6556 flpydisk - ok
13:36:12.0974 6556 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:36:12.0974 6556 FltMgr - ok
13:36:13.0006 6556 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:36:13.0037 6556 FontCache - ok
13:36:13.0099 6556 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:36:13.0099 6556 FontCache3.0.0.0 - ok
13:36:13.0177 6556 [ 9513B437B7ADB1E6065B7F0D83D11ECF ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
13:36:13.0177 6556 FreeAgentGoNext Service - ok
13:36:13.0193 6556 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:36:13.0193 6556 FsDepends - ok
13:36:13.0208 6556 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:36:13.0208 6556 Fs_Rec - ok
13:36:13.0240 6556 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:36:13.0240 6556 fvevol - ok
13:36:13.0255 6556 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:36:13.0255 6556 gagp30kx - ok
13:36:13.0333 6556 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
13:36:13.0333 6556 GoToAssist - ok
13:36:13.0380 6556 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:36:13.0396 6556 gpsvc - ok
13:36:13.0474 6556 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:36:13.0474 6556 gupdate - ok
13:36:13.0489 6556 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:36:13.0489 6556 gupdatem - ok
13:36:13.0505 6556 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:36:13.0505 6556 gusvc - ok
13:36:13.0520 6556 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:36:13.0520 6556 hcw85cir - ok
13:36:13.0552 6556 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:36:13.0552 6556 HDAudBus - ok
13:36:13.0567 6556 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:36:13.0583 6556 HECIx64 - ok
13:36:13.0598 6556 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:36:13.0598 6556 HidBatt - ok
13:36:13.0614 6556 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:36:13.0614 6556 HidBth - ok
13:36:13.0614 6556 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:36:13.0630 6556 HidIr - ok
13:36:13.0645 6556 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
13:36:13.0645 6556 hidserv - ok
13:36:13.0676 6556 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
13:36:13.0692 6556 HidUsb - ok
13:36:13.0723 6556 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:36:13.0723 6556 hkmsvc - ok
13:36:13.0754 6556 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:36:13.0754 6556 HomeGroupListener - ok
13:36:13.0770 6556 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:36:13.0770 6556 HomeGroupProvider - ok
13:36:13.0786 6556 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:36:13.0786 6556 HpSAMD - ok
13:36:13.0832 6556 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:36:13.0832 6556 HTTP - ok
13:36:13.0864 6556 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:36:13.0864 6556 hwpolicy - ok
13:36:13.0895 6556 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:36:13.0895 6556 i8042prt - ok
13:36:13.0957 6556 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:36:13.0957 6556 iaStorV - ok
13:36:14.0020 6556 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:36:14.0035 6556 idsvc - ok
13:36:14.0191 6556 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:36:14.0316 6556 igfx - ok
13:36:14.0347 6556 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:36:14.0347 6556 iirsp - ok
13:36:14.0378 6556 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:36:14.0394 6556 IKEEXT - ok
13:36:14.0410 6556 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
13:36:14.0425 6556 Impcd - ok
13:36:14.0472 6556 [ E9BEFD8C6A1DB3B544B61647DDA35F62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:36:14.0519 6556 IntcAzAudAddService - ok
13:36:14.0534 6556 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
13:36:14.0550 6556 IntcDAud - ok
13:36:14.0566 6556 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:36:14.0566 6556 intelide - ok
13:36:14.0581 6556 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:36:14.0581 6556 intelppm - ok
13:36:14.0597 6556 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:36:14.0597 6556 IPBusEnum - ok
13:36:14.0644 6556 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:36:14.0644 6556 IpFilterDriver - ok
13:36:14.0675 6556 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:36:14.0675 6556 iphlpsvc - ok
13:36:14.0722 6556 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:36:14.0722 6556 IPMIDRV - ok
13:36:14.0753 6556 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:36:14.0753 6556 IPNAT - ok
13:36:14.0768 6556 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:36:14.0768 6556 IRENUM - ok
13:36:14.0784 6556 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:36:14.0784 6556 isapnp - ok
13:36:14.0831 6556 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:36:14.0831 6556 iScsiPrt - ok
13:36:14.0846 6556 [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
13:36:14.0846 6556 k57nd60a - ok
13:36:14.0878 6556 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:36:14.0878 6556 kbdclass - ok
13:36:14.0878 6556 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:36:14.0878 6556 kbdhid - ok
13:36:14.0893 6556 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:36:14.0909 6556 KeyIso - ok
13:36:15.0080 6556 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:36:15.0112 6556 KSecDD - ok
13:36:15.0158 6556 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:36:15.0158 6556 KSecPkg - ok
13:36:15.0174 6556 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:36:15.0174 6556 ksthunk - ok
13:36:15.0221 6556 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:36:15.0221 6556 KtmRm - ok
13:36:15.0236 6556 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:36:15.0236 6556 LanmanServer - ok
13:36:15.0252 6556 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:36:15.0252 6556 LanmanWorkstation - ok
13:36:15.0283 6556 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:36:15.0283 6556 lltdio - ok
13:36:15.0299 6556 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:36:15.0299 6556 lltdsvc - ok
13:36:15.0314 6556 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:36:15.0314 6556 lmhosts - ok
13:36:15.0330 6556 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:36:15.0330 6556 LSI_FC - ok
13:36:15.0346 6556 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:36:15.0346 6556 LSI_SAS - ok
13:36:15.0361 6556 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:36:15.0361 6556 LSI_SAS2 - ok
13:36:15.0377 6556 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:36:15.0377 6556 LSI_SCSI - ok
13:36:15.0392 6556 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:36:15.0392 6556 luafv - ok
13:36:15.0439 6556 [ EF586B959F747E74C76603FF16AE417B ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
13:36:15.0455 6556 LVRS64 - ok
13:36:15.0548 6556 [ EDF73BFA1BD24D74D1D64DC0ED28A7CD ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
13:36:15.0595 6556 LVUVC64 - ok
13:36:15.0642 6556 [ F2643036B225BA4621A965434478F35E ] MAUSBFASTTRACK C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
13:36:15.0658 6556 MAUSBFASTTRACK - ok
13:36:15.0736 6556 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:36:15.0736 6556 MBAMProtector - ok
13:36:15.0798 6556 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:36:15.0798 6556 MBAMScheduler - ok
13:36:15.0814 6556 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:36:15.0829 6556 MBAMService - ok
13:36:15.0860 6556 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:36:15.0860 6556 Mcx2Svc - ok
13:36:15.0876 6556 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:36:15.0892 6556 megasas - ok
13:36:15.0907 6556 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:36:15.0923 6556 MegaSR - ok
13:36:15.0970 6556 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:36:15.0985 6556 Microsoft Office Groove Audit Service - ok
13:36:15.0985 6556 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:36:16.0001 6556 MMCSS - ok
13:36:16.0001 6556 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:36:16.0001 6556 Modem - ok
13:36:16.0016 6556 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:36:16.0016 6556 monitor - ok
13:36:16.0063 6556 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
13:36:16.0063 6556 mouclass - ok
13:36:16.0079 6556 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:36:16.0079 6556 mouhid - ok
13:36:16.0110 6556 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:36:16.0110 6556 mountmgr - ok
13:36:16.0157 6556 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
13:36:16.0172 6556 MpFilter - ok
13:36:16.0204 6556 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:36:16.0204 6556 mpio - ok
13:36:16.0219 6556 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:36:16.0219 6556 mpsdrv - ok
13:36:16.0266 6556 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:36:16.0266 6556 MpsSvc - ok
13:36:16.0297 6556 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:36:16.0297 6556 MRxDAV - ok
13:36:16.0328 6556 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:36:16.0328 6556 mrxsmb - ok
13:36:16.0360 6556 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:36:16.0375 6556 mrxsmb10 - ok
13:36:16.0375 6556 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:36:16.0391 6556 mrxsmb20 - ok
13:36:16.0422 6556 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:36:16.0422 6556 msahci - ok
13:36:16.0453 6556 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:36:16.0453 6556 msdsm - ok
13:36:16.0484 6556 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:36:16.0484 6556 MSDTC - ok
13:36:16.0500 6556 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:36:16.0500 6556 Msfs - ok
13:36:16.0516 6556 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:36:16.0516 6556 mshidkmdf - ok
13:36:16.0516 6556 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:36:16.0516 6556 msisadrv - ok
13:36:16.0531 6556 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:36:16.0547 6556 MSiSCSI - ok
13:36:16.0547 6556 msiserver - ok
13:36:16.0562 6556 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:36:16.0562 6556 MSKSSRV - ok
13:36:16.0625 6556 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:36:16.0625 6556 MsMpSvc - ok
13:36:16.0687 6556 [ B0F062A952DA37DA2ED5DFE40F57E9E8 ] msoidsvc C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
13:36:16.0718 6556 msoidsvc - ok
13:36:16.0952 6556 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:36:16.0999 6556 MSPCLOCK - ok
13:36:17.0030 6556 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:36:17.0046 6556 MSPQM - ok
13:36:17.0093 6556 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:36:17.0093 6556 MsRPC - ok
13:36:17.0108 6556 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:36:17.0108 6556 mssmbios - ok
13:36:17.0140 6556 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:36:17.0140 6556 MSTEE - ok
13:36:17.0155 6556 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:36:17.0155 6556 MTConfig - ok
13:36:17.0171 6556 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:36:17.0171 6556 Mup - ok
13:36:17.0202 6556 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:36:17.0218 6556 napagent - ok
13:36:17.0233 6556 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:36:17.0249 6556 NativeWifiP - ok
13:36:17.0311 6556 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:36:17.0311 6556 NDIS - ok
13:36:17.0327 6556 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:36:17.0327 6556 NdisCap - ok
13:36:17.0342 6556 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:36:17.0342 6556 NdisTapi - ok
13:36:17.0374 6556 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:36:17.0374 6556 Ndisuio - ok
13:36:17.0405 6556 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:36:17.0405 6556 NdisWan - ok
13:36:17.0452 6556 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:36:17.0452 6556 NDProxy - ok
13:36:17.0483 6556 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:36:17.0498 6556 NetBIOS - ok
13:36:17.0545 6556 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:36:17.0545 6556 NetBT - ok
13:36:17.0561 6556 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:36:17.0561 6556 Netlogon - ok
13:36:17.0623 6556 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:36:17.0639 6556 Netman - ok
13:36:17.0654 6556 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:36:17.0654 6556 netprofm - ok
13:36:17.0686 6556 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:36:17.0686 6556 NetTcpPortSharing - ok
13:36:17.0732 6556 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:36:17.0748 6556 nfrd960 - ok
13:36:17.0779 6556 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:36:17.0779 6556 NisDrv - ok
13:36:17.0873 6556 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
13:36:17.0873 6556 NisSrv - ok
13:36:17.0966 6556 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:36:17.0966 6556 NlaSvc - ok
13:36:17.0966 6556 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:36:17.0966 6556 Npfs - ok
13:36:17.0998 6556 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:36:17.0998 6556 nsi - ok
13:36:17.0998 6556 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:36:17.0998 6556 nsiproxy - ok
13:36:18.0076 6556 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:36:18.0107 6556 Ntfs - ok
13:36:18.0122 6556 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:36:18.0154 6556 Null - ok
13:36:18.0200 6556 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:36:18.0216 6556 nvraid - ok
13:36:18.0247 6556 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:36:18.0247 6556 nvstor - ok
13:36:18.0263 6556 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:36:18.0278 6556 nv_agp - ok
13:36:18.0356 6556 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:36:18.0356 6556 odserv - ok
13:36:18.0403 6556 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:36:18.0419 6556 ohci1394 - ok
13:36:18.0466 6556 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:36:18.0481 6556 ose - ok
13:36:18.0497 6556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:36:18.0497 6556 p2pimsvc - ok
13:36:18.0575 6556 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:36:18.0575 6556 p2psvc - ok
13:36:18.0590 6556 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:36:18.0590 6556 Parport - ok
13:36:18.0637 6556 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:36:18.0637 6556 partmgr - ok
13:36:18.0668 6556 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:36:18.0668 6556 PcaSvc - ok
13:36:18.0715 6556 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:36:18.0715 6556 pci - ok
13:36:18.0731 6556 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:36:18.0731 6556 pciide - ok
13:36:18.0778 6556 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:36:18.0793 6556 pcmcia - ok
13:36:18.0809 6556 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:36:18.0824 6556 pcw - ok
13:36:18.0840 6556 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:36:18.0856 6556 PEAUTH - ok
13:36:18.0980 6556 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:36:18.0980 6556 PerfHost - ok
13:36:19.0043 6556 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:36:19.0058 6556 pla - ok
13:36:19.0105 6556 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:36:19.0105 6556 PlugPlay - ok
13:36:19.0121 6556 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:36:19.0121 6556 PNRPAutoReg - ok
13:36:19.0121 6556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:36:19.0121 6556 PNRPsvc - ok
13:36:19.0168 6556 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:36:19.0168 6556 PolicyAgent - ok
13:36:19.0183 6556 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:36:19.0199 6556 Power - ok
13:36:19.0246 6556 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:36:19.0246 6556 PptpMiniport - ok
13:36:19.0277 6556 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:36:19.0277 6556 Processor - ok
13:36:19.0324 6556 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:36:19.0324 6556 ProfSvc - ok
13:36:19.0339 6556 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:36:19.0339 6556 ProtectedStorage - ok
13:36:19.0386 6556 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:36:19.0386 6556 Psched - ok
13:36:19.0402 6556 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
13:36:19.0417 6556 PxHlpa64 - ok
13:36:19.0480 6556 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:36:19.0495 6556 ql2300 - ok
13:36:19.0511 6556 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:36:19.0511 6556 ql40xx - ok
13:36:19.0542 6556 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:36:19.0542 6556 QWAVE - ok
13:36:19.0558 6556 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:36:19.0558 6556 QWAVEdrv - ok
13:36:19.0573 6556 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:36:19.0573 6556 RasAcd - ok
13:36:19.0620 6556 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:36:19.0620 6556 RasAgileVpn - ok
13:36:19.0636 6556 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:36:19.0636 6556 RasAuto - ok
13:36:19.0667 6556 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:36:19.0667 6556 Rasl2tp - ok
13:36:19.0729 6556 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:36:19.0729 6556 RasMan - ok
13:36:19.0760 6556 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:36:19.0776 6556 RasPppoe - ok
13:36:19.0807 6556 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:36:19.0807 6556 RasSstp - ok
13:36:19.0838 6556 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:36:19.0838 6556 rdbss - ok
13:36:19.0854 6556 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:36:19.0854 6556 rdpbus - ok
13:36:19.0870 6556 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:36:19.0885 6556 RDPCDD - ok
13:36:19.0901 6556 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:36:19.0901 6556 RDPENCDD - ok
13:36:19.0916 6556 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:36:19.0916 6556 RDPREFMP - ok
13:36:19.0963 6556 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:36:19.0979 6556 RDPWD - ok
13:36:20.0041 6556 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:36:20.0057 6556 rdyboost - ok
13:36:20.0057 6556 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:36:20.0072 6556 RemoteAccess - ok
13:36:20.0072 6556 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:36:20.0088 6556 RemoteRegistry - ok
13:36:20.0104 6556 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:36:20.0104 6556 RpcEptMapper - ok
13:36:20.0166 6556 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:36:20.0166 6556 RpcLocator - ok
13:36:20.0197 6556 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:36:20.0213 6556 RpcSs - ok
13:36:20.0213 6556 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:36:20.0244 6556 rspndr - ok
13:36:20.0306 6556 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
13:36:20.0322 6556 RTL8192su - ok
13:36:20.0369 6556 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:36:20.0384 6556 SamSs - ok
13:36:20.0431 6556 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:36:20.0447 6556 sbp2port - ok
13:36:20.0478 6556 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:36:20.0494 6556 SCardSvr - ok
13:36:20.0556 6556 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:36:20.0556 6556 scfilter - ok
13:36:20.0634 6556 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:36:20.0650 6556 Schedule - ok
13:36:20.0681 6556 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:36:20.0681 6556 SCPolicySvc - ok
13:36:20.0728 6556 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:36:20.0728 6556 SDRSVC - ok
13:36:20.0868 6556 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:36:20.0868 6556 SeaPort - ok
13:36:20.0884 6556 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:36:20.0899 6556 secdrv - ok
13:36:20.0930 6556 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:36:20.0946 6556 seclogon - ok
13:36:20.0993 6556 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
13:36:21.0008 6556 SENS - ok
13:36:21.0024 6556 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:36:21.0024 6556 SensrSvc - ok
13:36:21.0040 6556 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:36:21.0040 6556 Serenum - ok
13:36:21.0102 6556 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:36:21.0118 6556 Serial - ok
13:36:21.0133 6556 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:36:21.0149 6556 sermouse - ok
13:36:21.0196 6556 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:36:21.0196 6556 SessionEnv - ok
13:36:21.0242 6556 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:36:21.0258 6556 sffdisk - ok
13:36:21.0305 6556 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:36:21.0320 6556 sffp_mmc - ok
13:36:21.0336 6556 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:36:21.0336 6556 sffp_sd - ok
13:36:21.0367 6556 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:36:21.0367 6556 sfloppy - ok
13:36:21.0398 6556 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:36:21.0414 6556 SharedAccess - ok
13:36:21.0461 6556 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:36:21.0461 6556 ShellHWDetection - ok
13:36:21.0492 6556 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:36:21.0492 6556 SiSRaid2 - ok
13:36:21.0508 6556 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:36:21.0523 6556 SiSRaid4 - ok
13:36:22.0007 6556 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:36:22.0038 6556 Skype C2C Service - ok
13:36:22.0178 6556 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:36:22.0178 6556 SkypeUpdate - ok
13:36:22.0210 6556 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:36:22.0210 6556 Smb - ok
13:36:22.0256 6556 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:36:22.0256 6556 SNMPTRAP - ok
13:36:23.0083 6556 [ 11F9FDE41CE4C70DC4FEFBF8159B0768 ] SOXAUDIT C:\Program Files (x86)\ByStorm Software\FileSure\SoxAuditService.exe
13:36:23.0208 6556 SOXAUDIT - ok
13:36:23.0348 6556 [ AA9F65C4A1918C0163E79D9209C07A33 ] SoxAuditor C:\Windows\system32\DRIVERS\SoxAudit64.sys
13:36:23.0411 6556 SoxAuditor - ok
13:36:23.0458 6556 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:36:23.0473 6556 spldr - ok
13:36:23.0551 6556 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:36:23.0567 6556 Spooler - ok
13:36:24.0659 6556 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:36:24.0721 6556 sppsvc - ok
13:36:25.0096 6556 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:36:25.0142 6556 sppuinotify - ok
13:36:25.0548 6556 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:36:25.0626 6556 srv - ok
13:36:25.0891 6556 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:36:25.0954 6556 srv2 - ok
13:36:25.0985 6556 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:36:25.0985 6556 srvnet - ok
13:36:26.0063 6556 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:36:26.0063 6556 SSDPSRV - ok
13:36:26.0094 6556 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:36:26.0094 6556 SstpSvc - ok
13:36:26.0156 6556 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:36:26.0156 6556 stexstor - ok
13:36:26.0203 6556 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
13:36:26.0203 6556 StillCam - ok
13:36:26.0328 6556 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:36:26.0344 6556 stisvc - ok
13:36:26.0375 6556 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:36:26.0390 6556 swenum - ok
13:36:26.0422 6556 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:36:26.0437 6556 swprv - ok
13:36:26.0609 6556 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:36:26.0624 6556 SysMain - ok
13:36:26.0656 6556 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:36:26.0656 6556 TabletInputService - ok
13:36:26.0718 6556 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:36:26.0734 6556 TapiSrv - ok
13:36:26.0796 6556 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:36:26.0812 6556 TBS - ok
13:36:27.0358 6556 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:36:27.0404 6556 Tcpip - ok
13:36:27.0872 6556 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:36:27.0919 6556 TCPIP6 - ok
13:36:28.0075 6556 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:36:28.0122 6556 tcpipreg - ok
13:36:28.0262 6556 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:36:28.0325 6556 TDPIPE - ok
13:36:28.0403 6556 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:36:28.0450 6556 TDTCP - ok
13:36:28.0528 6556 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:36:28.0543 6556 tdx - ok
13:36:28.0668 6556 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:36:28.0668 6556 TermDD - ok
13:36:28.0762 6556 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:36:28.0777 6556 TermService - ok
13:36:28.0840 6556 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:36:28.0855 6556 Themes - ok
13:36:28.0871 6556 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:36:28.0886 6556 THREADORDER - ok
13:36:28.0964 6556 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:36:28.0980 6556 TrkWks - ok
13:36:29.0058 6556 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:36:29.0089 6556 TrustedInstaller - ok
13:36:29.0136 6556 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:36:29.0136 6556 tssecsrv - ok
13:36:29.0230 6556 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:36:29.0230 6556 TsUsbFlt - ok
13:36:29.0339 6556 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:36:29.0370 6556 tunnel - ok
13:36:29.0417 6556 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:36:29.0432 6556 uagp35 - ok
13:36:29.0573 6556 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:36:29.0588 6556 udfs - ok
13:36:29.0620 6556 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:36:29.0620 6556 UI0Detect - ok
13:36:29.0713 6556 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:36:29.0729 6556 uliagpkx - ok
13:36:29.0807 6556 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:36:29.0822 6556 umbus - ok
13:36:29.0900 6556 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:36:29.0932 6556 UmPass - ok
13:36:30.0056 6556 [ 8B802B483CBDE06F62DBC04DC7AFAF8E ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
13:36:30.0056 6556 UMVPFSrv - ok
13:36:30.0119 6556 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:36:30.0119 6556 upnphost - ok
13:36:30.0150 6556 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:36:30.0181 6556 usbaudio - ok
13:36:30.0228 6556 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:36:30.0259 6556 usbccgp - ok
13:36:30.0322 6556 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:36:30.0337 6556 usbcir - ok
13:36:30.0353 6556 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:36:30.0353 6556 usbehci - ok
13:36:30.0415 6556 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:36:30.0415 6556 usbhub - ok
13:36:30.0431 6556 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:36:30.0431 6556 usbohci - ok
13:36:30.0462 6556 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:36:30.0462 6556 usbprint - ok
13:36:30.0493 6556 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:36:30.0493 6556 usbscan - ok
13:36:30.0509 6556 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:36:30.0509 6556 USBSTOR - ok
13:36:30.0524 6556 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:36:30.0524 6556 usbuhci - ok
13:36:30.0556 6556 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:36:30.0571 6556 UxSms - ok
13:36:30.0602 6556 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:36:30.0602 6556 VaultSvc - ok
13:36:30.0634 6556 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:36:30.0634 6556 vdrvroot - ok
13:36:30.0696 6556 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:36:30.0712 6556 vds - ok
13:36:30.0727 6556 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:36:30.0727 6556 vga - ok
13:36:30.0743 6556 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:36:30.0743 6556 VgaSave - ok
13:36:30.0790 6556 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:36:30.0883 6556 vhdmp - ok
13:36:30.0992 6556 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:36:31.0055 6556 viaide - ok
13:36:31.0117 6556 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:36:31.0133 6556 volmgr - ok
13:36:31.0226 6556 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:36:31.0226 6556 volmgrx - ok
13:36:31.0258 6556 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:36:31.0258 6556 volsnap - ok
13:36:31.0273 6556 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:36:31.0273 6556 vsmraid - ok
13:36:31.0398 6556 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:36:31.0414 6556 VSS - ok
13:36:31.0429 6556 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:36:31.0429 6556 vwifibus - ok
13:36:31.0460 6556 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:36:31.0460 6556 vwififlt - ok
13:36:31.0476 6556 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:36:31.0492 6556 W32Time - ok
13:36:31.0507 6556 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:36:31.0507 6556 WacomPen - ok
13:36:31.0523 6556 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:36:31.0523 6556 WANARP - ok
13:36:31.0523 6556 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:36:31.0538 6556 Wanarpv6 - ok
13:36:31.0648 6556 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:36:31.0663 6556 WatAdminSvc - ok
13:36:31.0726 6556 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:36:31.0741 6556 wbengine - ok
13:36:31.0757 6556 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:36:31.0757 6556 WbioSrvc - ok
13:36:31.0866 6556 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:36:31.0882 6556 wcncsvc - ok
13:36:31.0913 6556 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:36:31.0928 6556 WcsPlugInService - ok
13:36:31.0975 6556 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:36:31.0991 6556 Wd - ok
13:36:32.0053 6556 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:36:32.0069 6556 Wdf01000 - ok
13:36:32.0131 6556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:36:32.0147 6556 WdiServiceHost - ok
13:36:32.0147 6556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:36:32.0162 6556 WdiSystemHost - ok
13:36:32.0225 6556 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:36:32.0225 6556 WebClient - ok
13:36:32.0318 6556 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:36:32.0318 6556 Wecsvc - ok
13:36:32.0334 6556 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:36:32.0350 6556 wercplsupport - ok
13:36:32.0365 6556 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:36:32.0381 6556 WerSvc - ok
13:36:32.0396 6556 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:36:32.0412 6556 WfpLwf - ok
13:36:32.0443 6556 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:36:32.0443 6556 WIMMount - ok
13:36:32.0506 6556 WinDefend - ok
13:36:32.0537 6556 WinHttpAutoProxySvc - ok
13:36:32.0646 6556 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:36:32.0662 6556 Winmgmt - ok
13:36:32.0708 6556 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:36:32.0771 6556 WinRM - ok
13:36:33.0161 6556 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:36:33.0176 6556 Wlansvc - ok
13:36:33.0286 6556 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:36:33.0317 6556 wlidsvc - ok
13:36:33.0364 6556 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:36:33.0379 6556 WmiAcpi - ok
13:36:33.0395 6556 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:36:33.0395 6556 wmiApSrv - ok
13:36:33.0426 6556 WMPNetworkSvc - ok
13:36:33.0473 6556 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:36:33.0473 6556 WPCSvc - ok
13:36:33.0504 6556 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:36:33.0520 6556 WPDBusEnum - ok
13:36:33.0551 6556 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:36:33.0566 6556 ws2ifsl - ok
13:36:33.0566 6556 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
13:36:33.0613 6556 wscsvc - ok
13:36:33.0629 6556 WSearch - ok
13:36:33.0738 6556 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:36:33.0769 6556 wuauserv - ok
13:36:33.0956 6556 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:36:34.0066 6556 WudfPf - ok
13:36:34.0097 6556 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:36:34.0097 6556 WUDFRd - ok
13:36:34.0112 6556 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:36:34.0128 6556 wudfsvc - ok
13:36:34.0190 6556 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:36:34.0190 6556 WwanSvc - ok
13:36:34.0222 6556 ================ Scan global ===============================
13:36:34.0253 6556 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:36:34.0284 6556 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:36:34.0284 6556 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:36:34.0300 6556 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:36:34.0393 6556 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:36:34.0393 6556 [Global] - ok
13:36:34.0393 6556 ================ Scan MBR ==================================
13:36:34.0409 6556 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:36:34.0596 6556 \Device\Harddisk0\DR0 - ok
13:36:34.0596 6556 ================ Scan VBR ==================================
13:36:34.0596 6556 [ B5C9990719B4F6B0BD5A1456646F49EB ] \Device\Harddisk0\DR0\Partition1
13:36:34.0612 6556 \Device\Harddisk0\DR0\Partition1 - ok
13:36:34.0612 6556 [ 7E01C43ABE0DA4AB7F03F35E276ED655 ] \Device\Harddisk0\DR0\Partition2
13:36:34.0612 6556 \Device\Harddisk0\DR0\Partition2 - ok
13:36:34.0612 6556 ============================================================
13:36:34.0612 6556 Scan finished
13:36:34.0612 6556 ============================================================
13:36:34.0627 8012 Detected object count: 0
13:36:34.0627 8012 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-18 14:20:20
-----------------------------
14:20:20.076 OS Version: Windows x64 6.1.7601 Service Pack 1
14:20:20.076 Number of processors: 4 586 0x2505
14:20:20.076 ComputerName: BLACKSHEEP UserName: Amy
14:20:21.355 Initialize success
14:20:40.995 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:20:40.995 Disk 0 Vendor: WDC_WD1001FAES-75W7A0 05.01D05 Size: 953869MB BusType: 3
14:20:41.011 Disk 0 MBR read successfully
14:20:41.011 Disk 0 MBR scan
14:20:41.011 Disk 0 Windows 7 default MBR code
14:20:41.011 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
14:20:41.026 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8618 MB offset 129024
14:20:41.042 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 945187 MB offset 17778688
14:20:41.058 Disk 0 scanning C:\Windows\system32\drivers
14:20:46.689 Service scanning
14:20:59.590 Modules scanning
14:20:59.590 Disk 0 trace - called modules:
14:20:59.637 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
14:20:59.637 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064ae060]
14:21:00.136 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80061d3e40]
14:21:00.136 5 ACPI.sys[fffff88000efb7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80061d8060]
14:21:00.136 Scan finished successfully
14:21:29.387 Disk 0 MBR has been saved successfully to "C:\Users\Amy\Desktop\MBR.dat"
14:21:29.418 The log file has been saved successfully to "C:\Users\Amy\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-18 14:38:15
-----------------------------
14:38:15.357 OS Version: Windows x64 6.1.7601 Service Pack 1
14:38:15.357 Number of processors: 4 586 0x2505
14:38:15.357 ComputerName: BLACKSHEEP UserName: Amy
14:38:16.855 Initialize success
14:42:24.422 AVAST engine defs: 12091400
14:43:09.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:43:09.194 Disk 0 Vendor: WDC_WD1001FAES-75W7A0 05.01D05 Size: 953869MB BusType: 3
14:43:09.209 Disk 0 MBR read successfully
14:43:09.209 Disk 0 MBR scan
14:43:09.225 Disk 0 Windows 7 default MBR code
14:43:09.225 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
14:43:09.241 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8618 MB offset 129024
14:43:09.272 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 945187 MB offset 17778688
14:43:09.287 Disk 0 scanning C:\Windows\system32\drivers
14:43:17.618 Service scanning
14:43:36.041 Modules scanning
14:43:36.041 Disk 0 trace - called modules:
14:43:36.073 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:43:36.588 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800649f060]
14:43:36.588 3 CLASSPNP.SYS[fffff880013a543f] -> nt!IofCallDriver -> [0xfffffa80061f1670]
14:43:36.603 5 ACPI.sys[fffff88000efa7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80061f9060]
14:43:38.694 AVAST engine scan C:\Windows
14:43:41.299 AVAST engine scan C:\Windows\system32
14:46:06.005 AVAST engine scan C:\Windows\system32\drivers
14:46:18.063 AVAST engine scan C:\Users\Amy
14:52:18.408 File: C:\Users\Amy\Old Computer Files\AmyOldWorkFiles\My Received Files\fconvert20.exe **INFECTED** Win32:Trojan-gen
14:58:56.303 AVAST engine scan C:\ProgramData
15:01:10.463 Scan finished successfully
15:01:27.093 Disk 0 MBR has been saved successfully to "C:\Users\Amy\Desktop\MBR.dat"
15:01:27.093 The log file has been saved successfully to "C:\Users\Amy\Desktop\aswMBR.txt"

#12 amywynne

amywynne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 18 September 2012 - 05:46 PM

In other news, I am going to cautiously report that my ads/redirects appear to be gone :)!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 18 September 2012 - 07:29 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 amywynne

amywynne
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 18 September 2012 - 08:06 PM

Thanks. Here you go.

OTL logfile created on: 9/18/2012 5:57:30 PM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Amy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 3.70 Gb Available Physical Memory | 63.73% Memory free
11.61 Gb Paging File | 9.43 Gb Available in Paging File | 81.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923.03 Gb Total Space | 759.39 Gb Free Space | 82.27% Space Free | Partition Type: NTFS

Computer Name: BLACKSHEEP | User Name: Amy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Amy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\ByStorm Software\FileSure\SoxAuditService.exe (ByStorm Software LLC)
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Users\Amy\Downloads\ListITQuick.exe (ByStorm Software LLC)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SOXAUDIT) -- C:\Program Files (x86)\ByStorm Software\FileSure\SoxAuditService.exe (ByStorm Software LLC)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FreeAgentGoNext Service) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MAUSBFASTTRACK) -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys (Avid Technology, Inc.)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (SoxAuditor) -- C:\Windows\SysNative\drivers\SoxAudit64.sys (ByStorm Software LLC)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{2DFD9D98-30EB-47CD-8192-B78DD9500623}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{220FD23C-10C9-4CC4-B2A6-8F5CED397E68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2383014669-762277017-3650486656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-2383014669-762277017-3650486656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2383014669-762277017-3650486656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2383014669-762277017-3650486656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2383014669-762277017-3650486656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.studioware-online.com/P [Binary data over 200 bytes]
IE - HKU\S-1-5-21-2383014669-762277017-3650486656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/webhp?rls=ig
IE - HKU\S-1-5-21-2383014669-762277017-3650486656-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2383014669-762277017-3650486656-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2383014669-762277017-3650486656-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2383014669-762277017-3650486656-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS414
IE - HKU\S-1-5-21-2383014669-762277017-3650486656-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/09/18 10:46:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2383014669-762277017-3650486656-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2383014669-762277017-3650486656-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\List IT Quick by ByStorm Software.lnk = C:\Users\Amy\Downloads\ListITQuick.exe (ByStorm Software LLC)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/70.22/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB3E2F28-6325-4E23-979D-C68E3EBA7837}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB47059B-DD44-48AB-9F29-20AFF374F56D}: DhcpNameServer = 163.244.194.254 163.244.212.254 163.244.194.42 163.244.199.61
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/18 17:55:44 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2012/09/18 14:37:55 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{EE0330F9-2382-41D2-A177-EDAEB5B62C06}
[2012/09/18 14:26:44 | 000,000,000 | ---D | C] -- C:\Device
[2012/09/18 13:34:14 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Amy\Desktop\tdsskiller.exe
[2012/09/18 13:34:12 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Amy\Desktop\aswMBR.exe
[2012/09/18 10:46:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/18 10:44:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/18 10:38:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/18 10:38:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/18 10:38:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/18 10:38:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/18 10:37:08 | 004,753,249 | R--- | C] (Swearware) -- C:\Users\Amy\Desktop\ComboFix.exe
[2012/09/17 23:28:57 | 000,000,000 | ---D | C] -- C:\Users\Amy\Desktop\RK_Quarantine
[2012/09/17 15:34:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Amy\Desktop\dds.com
[2012/09/17 15:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/09/17 14:25:19 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{87A05AF3-14DF-442D-9B59-9CA181745C0D}
[2012/09/17 14:12:07 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{7ABE2FD3-9F53-49E1-9CA1-A18AFDF0A432}
[2012/09/16 15:46:28 | 000,000,000 | ---D | C] -- C:\Roxio
[2012/09/16 11:33:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/16 11:33:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/16 09:33:21 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{B50866AD-F6DC-4EC5-B05B-1C9A83C9F8EF}
[2012/09/15 13:15:49 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{F8BF8FD5-9BAA-4354-A300-7D829662C819}
[2012/09/13 08:18:36 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{12E233EF-B9C7-436E-9824-DDB1D352B1F0}
[2012/09/12 13:09:56 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 13:09:55 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 13:09:54 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 13:09:54 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/12 08:04:29 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{15786F11-D1D9-4675-A428-4B985E4406E2}
[2012/09/11 08:20:54 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{B4370B33-346B-447A-9D60-D307644662F5}
[2012/09/10 14:31:37 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Malwarebytes
[2012/09/10 14:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/10 14:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/10 14:31:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/10 14:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/10 14:30:10 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Amy\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/10 13:47:00 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{49107AE3-02C3-4610-ACDF-5773917D1712}
[2012/09/09 08:51:52 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{66313D1A-5BEC-4F5D-AF6E-CE5142D8A93A}
[2012/09/08 16:50:38 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{7A666791-3112-485D-BC53-54E2D248F986}
[2012/09/07 20:52:18 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{5830616C-67AA-43D2-9AD1-6487D2715B82}
[2012/09/06 08:33:45 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{FB7D5C33-063B-4319-8F00-0015A019C8AB}
[2012/09/04 08:32:43 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{C12AF422-A081-4B07-BEB1-8A720244449D}
[2012/09/02 18:58:29 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{F7F4A1CE-64DC-456D-893E-70BC24D733B4}
[2012/09/01 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{D333A521-4BCB-4625-B976-CC57BED51814}
[2012/08/31 09:23:48 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{2F3F6DEF-9AD0-4618-9B94-7326DEF6AEB6}
[2012/08/29 10:42:29 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{80330BF1-7A76-4AA0-A3E2-4B8C34AD8ADC}
[2012/08/28 09:46:46 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{B91763D6-D08B-4FD3-9DAC-84B8B6C1DEF9}
[2012/08/26 18:16:56 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{98DBEA21-326C-4F90-9CA6-2D8E01C2BD67}
[2012/08/25 20:38:17 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{E6FD78C0-C828-4EBE-9FF4-2EBD53843174}
[2012/08/25 07:46:24 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{A1305FB4-7E71-419B-8A38-3A615D3C1283}
[2012/08/23 07:38:25 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{B485C1CB-5FFF-4E1B-AE33-CF47FF8B0B1C}
[2012/08/21 10:55:54 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{6702E4AB-49F6-42D5-98D5-5A7E38ADF89B}
[2012/08/19 22:55:07 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{D0988322-5FAA-4143-B898-70FCCAF12865}

========== Files - Modified Within 30 Days ==========

[2012/09/18 17:55:46 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2012/09/18 17:16:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/18 15:01:27 | 000,000,512 | ---- | M] () -- C:\Users\Amy\Desktop\MBR.dat
[2012/09/18 14:41:50 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/18 14:41:50 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/18 14:37:45 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/18 14:37:35 | 000,000,804 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\List IT Quick by ByStorm Software.lnk
[2012/09/18 14:34:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/18 14:34:23 | 378,888,191 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/18 14:28:35 | 006,291,456 | -HS- | M] () -- C:\Users\Amy\ntuser.bak
[2012/09/18 13:44:24 | 000,629,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/18 13:44:24 | 000,108,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/18 13:44:21 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/18 13:27:44 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Amy\Desktop\aswMBR.exe
[2012/09/18 13:22:08 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Amy\Desktop\tdsskiller.exe
[2012/09/18 10:46:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/18 10:37:08 | 004,753,249 | R--- | M] (Swearware) -- C:\Users\Amy\Desktop\ComboFix.exe
[2012/09/17 23:25:02 | 001,378,816 | ---- | M] () -- C:\Users\Amy\Desktop\RogueKiller.exe
[2012/09/17 23:24:23 | 000,512,737 | ---- | M] () -- C:\Users\Amy\Desktop\adwcleaner.exe
[2012/09/17 15:57:20 | 000,053,091 | ---- | M] () -- C:\Users\Amy\Desktop\right-ad.jpg
[2012/09/17 15:56:49 | 000,054,792 | ---- | M] () -- C:\Users\Amy\Desktop\left-ad.jpg
[2012/09/17 15:55:03 | 000,005,175 | ---- | M] () -- C:\Users\Amy\Desktop\Attach.zip
[2012/09/17 15:34:53 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Amy\Desktop\dds.com
[2012/09/17 15:33:27 | 000,000,000 | ---- | M] () -- C:\Users\Amy\defogger_reenable
[2012/09/17 15:33:04 | 000,050,477 | ---- | M] () -- C:\Users\Amy\Desktop\Defogger.exe
[2012/09/10 14:30:13 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Amy\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/06 11:36:10 | 007,509,177 | ---- | M] () -- C:\Users\Amy\AppData\Local\census.cache
[2012/09/06 11:35:58 | 000,104,194 | ---- | M] () -- C:\Users\Amy\AppData\Local\ars.cache
[2012/08/22 11:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/08/22 11:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

========== Files Created - No Company Name ==========

[2012/09/18 14:21:29 | 000,000,512 | ---- | C] () -- C:\Users\Amy\Desktop\MBR.dat
[2012/09/18 10:38:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/18 10:38:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/18 10:38:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/18 10:38:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/18 10:38:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/17 23:24:56 | 001,378,816 | ---- | C] () -- C:\Users\Amy\Desktop\RogueKiller.exe
[2012/09/17 23:24:10 | 000,512,737 | ---- | C] () -- C:\Users\Amy\Desktop\adwcleaner.exe
[2012/09/17 15:57:20 | 000,053,091 | ---- | C] () -- C:\Users\Amy\Desktop\right-ad.jpg
[2012/09/17 15:56:49 | 000,054,792 | ---- | C] () -- C:\Users\Amy\Desktop\left-ad.jpg
[2012/09/17 15:55:03 | 000,005,175 | ---- | C] () -- C:\Users\Amy\Desktop\Attach.zip
[2012/09/17 15:33:27 | 000,000,000 | ---- | C] () -- C:\Users\Amy\defogger_reenable
[2012/09/17 15:33:01 | 000,050,477 | ---- | C] () -- C:\Users\Amy\Desktop\Defogger.exe
[2012/06/27 13:20:21 | 007,509,177 | ---- | C] () -- C:\Users\Amy\AppData\Local\census.cache
[2012/06/27 13:15:58 | 000,104,194 | ---- | C] () -- C:\Users\Amy\AppData\Local\ars.cache
[2012/06/27 09:34:24 | 000,000,036 | ---- | C] () -- C:\Users\Amy\AppData\Local\housecall.guid.cache
[2012/06/13 13:47:49 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/11/23 16:37:07 | 000,038,456 | ---- | C] () -- C:\Users\Amy\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/03/07 09:03:50 | 000,003,584 | ---- | C] () -- C:\Users\Amy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/25 15:36:06 | 000,747,542 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/12 16:39:34 | 006,291,456 | -HS- | C] () -- C:\Users\Amy\ntuser.bak
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2010/12/20 22:43:19 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/12/20 22:43:19 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/12/20 22:43:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

< End of report >

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 19 September 2012 - 01:07 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2383014669-762277017-3650486656-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini   
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users