Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

for gringo_pr


  • This topic is locked This topic is locked
33 replies to this topic

#1 bedtimefrog

bedtimefrog

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:08:59 PM

Posted 02 October 2012 - 01:12 PM

My computer is running very slowly and keeps freezing. taking long time to load anything. I am also every once in awhile getting a box that pops up on home page with ukranian writting. I dont know wat it says but the only thing you can do is close it or click ok and it closes. I have scanned but nothing comes up.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:59 PM

Posted 02 October 2012 - 01:19 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:59 PM

Posted 05 October 2012 - 05:34 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:08:59 PM

Posted 06 October 2012 - 07:46 PM

hi sorry it took so long...I cannot download security check says its not a verified program and may harm my computer...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by becky at 19:44:18 on 2012-10-06
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Windows\system32\lxczcoms.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\UTSCSI.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\V0230Mon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\becky\AppData\Local\Temp\astemp\Setup.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\becky\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mywinnipeg.com/
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - c:\program files\wajam\ie\priam_bho.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: PricePeep: {fd6d90c0-e6ee-4bc6-b9f7-9ed319698007} - c:\program files\pricepeep\pricepeep.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Facebook Update] "c:\users\becky\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "c:\users\becky\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [<NO NAME>] c:\windows\praetorian.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>] c:\windows\praetorian.exe
mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Beach%20Party%20Craze/Images/armhelper.ocx
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C6B67A9A-260D-4704-AABC-2E312ACBAE1B} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C6EA01FB-C822-4D3E-A5C7-28382B6D3D6D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E293DC91-DDF9-4FDC-8747-97BC79A65185} : DhcpNameServer = 192.168.0.1
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? mr97310c;CIF Dual-Mode Camera
R? Revoflt;Revoflt
R? SkypeUpdate;Skype Updater
R? WajamUpdater;WajamUpdater
R? wlcrasvc;Windows Live Mesh remote connections service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? AdobeARMservice;Adobe Acrobat Update Service
S? AERTFilters;Andrea RT Filters Service
S? AM10;Cisco AM10 Driver
S? FontCache;Windows Font Cache Service
S? iWinTrusted;iWinTrusted
S? MpFilter;Microsoft Malware Protection Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? RaAutoInstSrv_AM10;Cisco Valet Connector Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Skype C2C Service;Skype C2C Service
S? TeamViewer5;TeamViewer 5
S? V0230Vfx;V0230Vfx
S? V0230VID;Live! Cam Video IM Pro
.
=============== Created Last 30 ================
.
2012-10-06 18:38:37 -------- d-----w- c:\users\becky\appdata\roaming\Topping Hero
2012-10-06 14:44:43 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ef680be8-342d-45ce-9362-fa36c844a789}\mpengine.dll
2012-10-06 14:35:33 -------- d-----w- c:\users\becky\appdata\local\{3E7F8A61-1107-4857-9570-F4463C3E8E83}
2012-10-06 04:09:33 -------- d-----w- c:\users\becky\appdata\local\{97DB5BF7-D856-4EC1-8257-6BE2B6E2ADED}
2012-10-06 03:48:24 -------- d-----w- c:\users\becky\appdata\local\{4C6DDEFC-69B2-4E94-8044-DDD5355A8C58}
2012-10-05 13:35:26 6980552 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-05 12:54:56 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1aed2c4e-1671-4f1d-9a55-2240814c3250}\gapaengine.dll
2012-10-04 21:29:14 -------- d-----w- c:\users\becky\appdata\local\{09EFA4F7-47EF-40EE-9912-912529F70794}
2012-10-04 18:32:42 -------- d-----w- c:\users\becky\appdata\local\{43EEADFF-0FEF-4BED-83CC-A6EFF6768890}
2012-10-04 14:40:27 -------- d-----w- c:\users\becky\appdata\local\{BF1BD765-135E-40CD-8D08-4D49422988E7}
2012-10-03 20:01:25 -------- d-----w- c:\users\becky\appdata\roaming\Alawar Stargaze
2012-10-03 13:35:35 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2012-10-03 02:29:14 -------- d-----w- c:\users\becky\appdata\local\{3750AEA8-7084-4581-A134-FA3E1E4704E2}
2012-10-02 19:19:04 -------- d-----w- c:\users\becky\appdata\roaming\Eipix
2012-09-30 22:58:38 -------- d-----w- c:\users\becky\appdata\local\{DFD0C7C8-F6E3-4CEB-A742-F4D95990E72F}
2012-09-30 15:17:27 -------- d-----w- c:\users\becky\appdata\local\{EC06CFFB-76B6-421C-B7E1-049FE01F3523}
2012-09-30 14:06:59 605968 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2012-09-28 22:32:44 -------- d-----w- c:\users\becky\appdata\local\{9955608D-EEF0-48E5-8B02-23EC670ED317}
2012-09-28 17:13:16 -------- d-----w- c:\users\becky\appdata\local\{0DA31FB3-5E9A-4FB2-8DF6-7144EA179502}
2012-09-27 01:31:45 -------- d-----w- c:\users\becky\appdata\local\{603D09EE-21F7-4371-89BD-058ECA2D30A1}
2012-09-25 00:12:32 -------- d-----w- c:\users\becky\appdata\local\{D8BD56F9-E4F6-4196-A5D2-30EF9DC7B327}
2012-09-22 20:14:13 -------- d-----w- c:\users\becky\appdata\local\{DFEA7A9E-97A3-4955-ADB6-9673328BE9DC}
2012-09-21 02:49:12 -------- d-----w- c:\users\becky\appdata\roaming\My Games
2012-09-20 00:28:43 -------- d-----w- c:\users\becky\appdata\roaming\Home Sweet Home 2
2012-09-18 00:36:32 -------- d-----w- c:\users\becky\appdata\roaming\DreamsFromThePast
2012-09-17 21:10:29 -------- d-----w- c:\users\becky\appdata\local\{1C96B135-D71A-419D-8006-706223ECCC6A}
2012-09-17 01:15:37 -------- d-----w- c:\users\becky\appdata\local\{18A4BC09-9C51-412E-A1BD-365228597B1E}
2012-09-15 17:44:06 -------- d-----w- c:\users\becky\appdata\local\{EDEF5A1F-4BE8-48F3-AC36-6552E5937BA9}
2012-09-15 16:28:08 49152 ----a-r- c:\users\becky\appdata\roaming\microsoft\installer\{da5e6a2d-deaa-4152-a43a-fdbde29aa724}\DAMN_NFO_Viewer.exe_DA5E6A2DDEAA4152A43AFDBDE29AA724.exe
2012-09-15 16:28:08 49152 ----a-r- c:\users\becky\appdata\roaming\microsoft\installer\{da5e6a2d-deaa-4152-a43a-fdbde29aa724}\ARPPRODUCTICON.exe
2012-09-15 16:28:06 -------- d-----w- c:\program files\DAMN NFO Viewer
2012-09-14 21:46:43 -------- d-----w- c:\users\becky\appdata\local\{DC2ACA89-DD6F-4EE1-8CCF-6003D030AEB3}
2012-09-14 21:46:40 -------- d-----w- c:\users\becky\appdata\roaming\Windows Live Writer
2012-09-14 21:46:40 -------- d-----w- c:\users\becky\appdata\local\Windows Live Writer
2012-09-12 16:05:45 -------- d-----w- c:\users\becky\appdata\roaming\Orneon
2012-09-10 21:36:49 -------- d-----w- c:\users\becky\appdata\local\{DEA5ABFD-83F7-4E02-94C0-66F31EAC1F33}
2012-09-09 20:29:04 -------- d-----w- c:\users\becky\appdata\roaming\GameDevo
2012-09-09 15:47:39 -------- d-----w- c:\users\becky\appdata\local\{F09946FB-25B9-4C49-895B-E45713D60B3F}
2012-09-07 16:59:38 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-09-07 16:59:38 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-09-07 16:59:38 -------- d-----w- c:\program files\OpenAL
2012-09-07 01:12:55 -------- d-----w- c:\users\becky\appdata\local\{740314FF-744B-49BA-8A51-ECBCB20CAC9D}
.
==================== Find3M ====================
.
2012-08-31 03:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 03:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 01:38:25 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 01:38:25 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 19:45:24.23 ===============
.
==== Installed Programs ======================
.
.
10 Talismans (remove only)
7-Zip 9.20
7 Wonders
Abra Academy (remove only)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Age of Oracles: Tara's Journey (remove only)
Alice Greenfingers (remove only)
Alice Greenfingers 2 (remove only)
Antique Mysteries: Secrets of Howard's Mansion
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
Autumn's Treasures (remove only)
Avenue Flo - Special Delivery Just For Fun Games
Avenue Flo: Special Delivery
Aveyond (remove only)
Beach Party Craze
Behind the Reflection 2: Witch's Revenge (remove only)
Bejeweled 2 Deluxe
Big Fish Games: Game Manager
Bingo Cafe
Blood Oath 1.00
Bonjour
Book of Legends (remove only)
Born Into Darkness 1.00
Brainiversity (remove only)
Brink of Consciousness: Dorian Gray Syndrome Collector's Edition (remove only)
Cake Mania
Cake Mania 2
Cake Mania Deluxe
Call of Atlantis
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon My Printer
Canon Solution Menu EX
Caribbean Explorer 1.0.0.9
Cathy`s Caribbean Club (remove only)
CCleaner
Cisco Valet Connector
Clayside (remove only)
Compatibility Pack for the 2007 Office system
Cooking Dash (remove only)
Creative Live! Cam Video IM Pro Driver (1.03.02.00)
Curse at Twilight: Thief of Souls (remove only)
Cute Knight (remove only)
D3DX10
DAMN NFO Viewer 2.10.0031 RC3
Dark Alleys: Penumbra Motel Collector's Edition
Dark Dimensions: Wax Beauty Collector's Edition
Dark Parables: Rise of the Snow Queen (remove only)
Dark Tales: Edgar Allan Poe's the Premature Burial (remove only)
Dell Support Center
Dell System Customization Wizard
DellSupport
Diner Dash
Diner Dash - Flo on the Go
Diner Dash 2
Disharmony Blocks
Disney Mix Stick
Doggie Dash
Dream Chronicles
Dream Day Honeymoon
Dreams from the Past
EA Download Manager
eGames Toolbar
Entwined: Strings of Deception (remove only)
Facebook Video Calling 1.2.0.159
Fairy Tales: Iridescence Village
Farm Frenzy 2 (remove only)
Farm Frenzy 3 (remove only)
Farm Frenzy 3: American Pie (remove only)
Farm Frenzy: Ancient Rome
Farm Frenzy: Gone Fishing! (remove only)
Farm Frenzy: Pizza Party (remove only)
Farm Mania: Hot Vacation
Fashion Dash (remove only)
Fashion Fits (remove only)
Final Cut: Death on the Silver Screen Collector's Edition
Gem Ball Ancient Legends (remove only)
Gem Shop
Golden Trails 2: The Lost Legacy (remove only)
Google Chrome
Google Toolbar for Internet Explorer
Granny in Paradise (remove only)
Haunted Manor: Queen of Death (remove only)
Haunted Past: Realm of Ghosts Collector's Edition (remove only)
Hidden Magic (remove only)
Hidden Mysteries: Royal Family Secrets
Hide & Secret (remove only)
Home Sweet Home 2: Kitchens and Baths
Hotel Dash 2: Lost Luxuries (remove only)
Hotel Dash: Suite Success (remove only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Icy Tower v1.4
ImagXpress
IncrediMail
IncrediMail 2.0
Indeo® Software
Insider Tales: The Stolen Venus (remove only)
Inspector Magnusson: Murder on the Titanic (remove only)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.11.0
Interpol 2: Most Wanted (remove only)
iTunes
iWin Games (remove only)
Jane's Hotel. Family Hero
Jane's Realty
Jane's Realty 2 (remove only)
Java Auto Updater
Java™ 7 Update 5
Jewel Quest Solitaire (remove only)
Jojo's Fashion Show 2: Las Cruces (remove only)
Jojo's Fashion Show: World Tour (remove only)
Jojos Fashion Show (remove only)
Junk Mail filter update
Kudos (remove only)
Law & Order Criminal Intent 2 - Dark Obsession (remove only)
Lexmark 1200 Series
Lost Realms: Legacy of the Sun Princess (remove only)
Lost Secrets Bermuda Triangle
Lost Souls Enchanted Paintings Collector's Edition (remove only)
M&Ms The Lost Formulas
Mahjongg Platinum 2
Malice: Two Sisters
Mall Tycoon 3
Malwarebytes Anti-Malware version 1.61.0.1400
Marooned (remove only)
Marooned II - Secrets of the Akoni (remove only)
Masquerade Mysteries: The Case of the Copycat Curator (remove only)
Masters of Mystery: Blood of Betrayal (remove only)
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Midnight Mysteries 2 Salem Witch Trials 1.00
Midnight Mysteries Haunted Houdini (remove only)
Midnight Mysteries: Devil on the Mississippi (remove only)
Monopoly
Moto Racer 3
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MY CAMERA
MySpaceIM
Mysteries & Treasures: The Adventures of the Mary Celeste
Mystery Legends: Sleepy Hollow (remove only)
Mystery Legends: The Phantom of the Opera
Mystery of Mortlake Mansion (remove only)
Mystery P.I. - Lost in Los Angeles
Mystery Stories: Berlin Nights (remove only)
Mystic Inn (remove only)
neroxml
Nightmares from the Deep: The Cursed Heart
OpenAL
Origin
Our Worst Fears: Stained Skin
Pando Media Booster
Pantheon (remove only)
Parking Dash (remove only)
Photo Viewer s2.5
PhotoMail Maker
Pirate Poppers
PricePeep for Internet Explorer
PunkBuster Services
PuppetShow: Return to Joyville Collector's Edition
QuickTax 2009
QuickTime
Real Detectives: Murder in Miami (remove only)
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.5.8
RollerCoaster Tycoon 3
Rootkit Unhooker LE 3.8 SR 2
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Saints and Sinners Bingo (remove only)
Sally's Spa (remove only)
Sandlot Games Client Services
Secrets of the Dark: Eclipse Mountain Collector's Edition
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Segoe UI
Shadow Wolf Mysteries - Bane of the Family
Skype Click to Call
Skype™ 5.10
Slingo-Supreme (remove only)
Slingo Mystery (remove only)
Slingo Quest Hawaii
Slingo Quest Hawaii (remove only)
Slingo Supreme (remove only)
Soap Opera Dash (remove only)
Sonic Activation Module
Spirit Walkers: Curse of the Cypress Witch
Spirits of Mystery: Song of the Phoenix
SpongeBob SquarePants - Lights, Camera, Pants!
Strange Cases 2: The Lighthouse Mystery - Collector's Edition (remove only)
SUPERAntiSpyware
System Requirements Lab CYRI
Tahiti Hidden Pearls (remove only)
TeamViewer 5
The Clockwork Man (remove only)
The Clockwork Man 2 (remove only)
The Golden Years: Way Out West (remove only)
The Hidden Prophecies of Nostradamus (remove only)
The Price Is Right 1.1.4
The Sims™ 2 Double Deluxe
The Sims™ 2 Fun with Pets Collection
The Sims™ 2 Seasons
The Sims™ 2 University Life Collection
The Three Stooges
The Timebuilders: Caveman's Prophecy (remove only)
The Tudors (remove only)
Time Mysteries: The Ancient Spectres (remove only)
Travelogue 360 Paris (remove only)
Twisted Lands: Origin
Twisted Lands: Shadow Town
Unity Web Player
Unsolved Mystery Club: Ancient Astronauts Collector's Edition (remove only)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
User's Guides
Virtual Farm (remove only)
Wajam
Wedding Dash 4-Ever
Westward II: Heroes of the Frontier (remove only)
Westward III: Gold Rush (remove only)
Wild West Quest (remove only)
Wild West Quest II (remove only)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Women's Murder Club: A Darker Shade of Grey (remove only)
Yahoo! Messenger
Yahoo! Software Update
Youda Mystery: The Stanwick Legacy (remove only)
Youda Sushi Chef (remove only)
Zoodles
.
==== End Of File ===========================

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:59 PM

Posted 06 October 2012 - 07:55 PM

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:59 PM

Posted 09 October 2012 - 12:58 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:08:59 PM

Posted 09 October 2012 - 10:04 AM

# AdwCleaner v2.004 - Logfile created 10/09/2012 at 10:00:05
# Updated 06/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : becky - BECKY-PC
# Boot Mode : Normal
# Running from : C:\Users\becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69ISZ2OW\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Crawler
Folder Deleted : C:\Program Files\PricePeep
Folder Deleted : C:\Program Files\RebateInformer
Folder Deleted : C:\Program Files\Wajam
Folder Deleted : C:\Program Files\Zynga
Folder Deleted : C:\ProgramData\AGI
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\becky\AppData\Local\Wajam
Folder Deleted : C:\Users\becky\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\becky\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\becky\AppData\LocalLow\Zynga
Folder Deleted : C:\Users\becky\AppData\Roaming\iWin
Folder Deleted : C:\Users\becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1269415
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\Software\Wajam
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.92

File : C:\Users\becky\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.517] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=48" ]
Deleted [l.519] : homepage = "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=48",

*************************

AdwCleaner[S1].txt - [6875 octets] - [09/10/2012 10:00:05]

########## EOF - C:\AdwCleaner[S1].txt - [6935 octets] ##########

#8 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:08:59 PM

Posted 09 October 2012 - 10:10 AM

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : becky [Admin rights]
Mode : Remove -- Date : 10/09/2012 10:07:54

¤¤¤ Bad processes : 6 ¤¤¤
[SUSP PATH] praetorian.exe -- C:\Windows\praetorian.exe -> KILLED [TermProc]
[SUSP PATH] V0230Mon.exe -- C:\Windows\V0230Mon.exe -> KILLED [TermProc]
[SUSP PATH] praetorian.exe -- C:\Windows\praetorian.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files\Internet Explorer\iexplore.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 16 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : (C:\Windows\praetorian.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : (C:\Windows\praetorian.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : V0230Mon.exe (C:\Windows\V0230Mon.exe) -> DELETED
[TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4707 : wscript.exe C:\Users\becky\AppData\Local\Temp\launchie.vbs //B -> DELETED
[TASK][SUSP PATH] {729EE599-699F-42E0-ABB0-56012BE838AC} : C:\Windows\System32\pcalua.exe -a C:\Users\becky\Desktop\Setup.exe -d C:\Users\becky\Desktop -> DELETED
[TASK][SUSP PATH] {92FE5F8A-C9BB-4A2B-9A53-963D90282202} : C:\Windows\System32\pcalua.exe -a C:\Users\becky\Desktop\Setup.exe -d C:\Users\becky\Desktop -> DELETED
[TASK][SUSP PATH] {B7DB68BE-299E-42B4-BEFC-D17CD9A8AEEF} : C:\Windows\System32\pcalua.exe -a C:\Users\becky\AppData\Local\Temp\Magentic\MAGENT~1\bin\mgsetup.exe -d C:\Users\becky\AppData\Local\Temp\Magentic\MAGENT~1\bin -c /install /addon:Magentic -> DELETED
[TASK][SUSP PATH] {E651D14C-8BC0-4933-961D-C99A856D9CF6} : C:\Windows\System32\pcalua.exe -a "C:\Users\becky\Desktop\Hidden Secrets - The Nightmare\Uninstall.exe" -d "C:\Users\becky\Desktop\Hidden Secrets - The Nightmare" -> DELETED
[TASK][SUSP PATH] {F11AACDC-8953-4D24-9E38-5E91C7196531} : C:\Windows\System32\pcalua.exe -a "C:\Users\becky\Desktop\desktp#2\Downloads\Secrets of the Dark Eclipse Mountain Collector's Edition Setup.exe" -d C:\Users\becky\Desktop\desktp#2\Downloads -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKLM\[...]\command : ("C:\Program Files\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files\Internet Explorer\iexplore.exe")
[SHELL][BLPATH] [ON_D:]HKLM\Software[...]\Winlogon : Shell (cmd.exe /k start cmd.exe) -> REPLACED (Explorer.exe)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620AS ATA Device +++++
--- User ---
[MBR] 96a74a80eee26a7179e36940bf063806
[BSP] 67d6a64b04885546efc8a525e5a0cb5d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 294956 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Cisco AM10 USB Device +++++
--- User ---
[MBR] d563707c095d40065400ed873e283cc5
[BSP] dec9f0908d0564afbcbcc26fa1ab4266 : Standard MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 123 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#9 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:08:59 PM

Posted 09 October 2012 - 10:12 AM

I am sorry I am taking so long to reply to your messages and directions...I have trouble with my internet sometimes and cant get on for days.

Thanx for being so patient

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:59 PM

Posted 09 October 2012 - 12:40 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:08:59 PM

Posted 11 October 2012 - 11:23 AM

ComboFix 12-10-11.03 - becky 11/10/2012 11:03:03.11.2 - x86
Running from: c:\users\becky\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll
c:\programdata\PCDr\6032\AddOnDownloaded\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4a6ad3dd-db4c-4c85-a238-f9483baae32d.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-11 to 2012-10-11 )))))))))))))))))))))))))))))))
.
.
2012-10-11 16:16 . 2012-10-11 16:17 -------- d-----w- c:\users\becky\AppData\Local\temp
2012-10-11 16:16 . 2012-10-11 16:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-10-11 16:16 . 2012-10-11 16:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-11 16:16 . 2012-10-11 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-11 15:59 . 2012-10-11 15:59 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB2B55CC-0259-4C58-8A7F-B330E716E56C}\MpKsl8e4b775c.sys
2012-10-10 16:36 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB2B55CC-0259-4C58-8A7F-B330E716E56C}\mpengine.dll
2012-10-09 14:07 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-09 02:53 . 2012-10-09 02:53 -------- d-----w- c:\users\becky\AppData\Roaming\DailyMagic
2012-10-09 02:53 . 2012-10-09 02:53 -------- d-----w- c:\programdata\DailyMagic
2012-10-06 18:38 . 2012-10-06 18:38 -------- d-----w- c:\users\becky\AppData\Roaming\Topping Hero
2012-10-05 12:54 . 2012-10-03 13:34 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1AED2C4E-1671-4F1D-9A55-2240814C3250}\gapaengine.dll
2012-10-03 20:01 . 2012-10-03 20:01 -------- d-----w- c:\users\becky\AppData\Roaming\Alawar Stargaze
2012-10-03 13:35 . 2012-10-03 13:34 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-02 19:19 . 2012-10-02 19:19 -------- d-----w- c:\users\becky\AppData\Roaming\Eipix
2012-09-30 14:06 . 2012-09-30 14:06 605968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-21 02:49 . 2012-09-21 02:49 -------- d-----w- c:\users\becky\AppData\Roaming\My Games
2012-09-20 00:28 . 2012-09-20 00:29 -------- d-----w- c:\users\becky\AppData\Roaming\Home Sweet Home 2
2012-09-18 00:36 . 2012-09-20 02:43 -------- d-----w- c:\users\becky\AppData\Roaming\DreamsFromThePast
2012-09-15 16:28 . 2012-09-15 16:28 49152 ----a-r- c:\users\becky\AppData\Roaming\Microsoft\Installer\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}\DAMN_NFO_Viewer.exe_DA5E6A2DDEAA4152A43AFDBDE29AA724.exe
2012-09-15 16:28 . 2012-09-15 16:28 49152 ----a-r- c:\users\becky\AppData\Roaming\Microsoft\Installer\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}\ARPPRODUCTICON.exe
2012-09-15 16:28 . 2012-09-15 16:28 -------- d-----w- c:\program files\DAMN NFO Viewer
2012-09-14 21:46 . 2012-09-14 21:47 -------- d-----w- c:\users\becky\AppData\Local\Windows Live Writer
2012-09-14 21:46 . 2012-09-14 21:46 -------- d-----w- c:\users\becky\AppData\Roaming\Windows Live Writer
2012-09-12 16:05 . 2012-09-12 16:05 -------- d-----w- c:\users\becky\AppData\Roaming\Orneon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 20:38 . 2012-07-02 15:32 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 20:38 . 2012-07-02 15:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 20:10 . 2012-09-07 16:59 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-09 20:10 . 2012-09-07 16:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-08-31 03:03 . 2012-08-31 03:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2012-03-21 01:44 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Facebook Update"="c:\users\becky\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 15:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 23:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2009-12-01 19:11 6373376 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4053380413-3599652072-2352306657-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL8E4B775C
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 20:38]
.
2012-10-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000Core.job
- c:\users\becky\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-08 21:38]
.
2012-10-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000UA.job
- c:\users\becky\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-08 21:38]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000Core.job
- c:\users\becky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-09 00:36]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4053380413-3599652072-2352306657-1000UA.job
- c:\users\becky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-09 00:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mywinnipeg.com/
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-11 11:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d3,26,aa,29,6b,3d,1f,81,27,31,73,e3,20,aa,66,d1,fe,d8,ab,34,bf,cd,75,
05,ea,fc,4f,e0,82,5e,71,4e,7a,0d,b6,6e,c6,1f,35,b4,ed,12,59,64,6c,f8,c0,48,\
"??"=hex:21,5d,8e,ff,8e,69,b5,e7,fc,ed,fc,d6,26,cb,91,d0
.
[HKEY_USERS\S-1-5-21-4053380413-3599652072-2352306657-1000\Software\SecuROM\License information*]
"datasecu"=hex:cd,1d,bf,91,d9,7a,39,70,b4,2f,70,e5,32,78,ed,99,63,d8,7d,9b,cc,
0d,83,89,12,48,81,39,07,d0,08,d5,b0,05,74,9f,b0,94,f6,51,84,f4,59,4d,f1,a6,\
"rkeysecu"=hex:ac,1f,cf,95,ee,54,7f,dc,57,9f,51,8c,12,4a,f6,e5
.
Completion time: 2012-10-11 11:21:30
ComboFix-quarantined-files.txt 2012-10-11 16:21
.
Pre-Run: 141,185,675,264 bytes free
Post-Run: 141,984,456,704 bytes free
.
- - End Of File - - ACA5B684EC9DB4710621A7D86E787B15

the only problem im still having is the screen freezing...

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:59 PM

Posted 12 October 2012 - 12:19 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:08:59 PM

Posted 14 October 2012 - 10:48 AM

10:43:24.0547 1824 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:43:24.0993 1824 ============================================================
10:43:24.0993 1824 Current date / time: 2012/10/14 10:43:24.0993
10:43:24.0993 1824 SystemInfo:
10:43:24.0993 1824
10:43:24.0993 1824 OS Version: 6.0.6002 ServicePack: 2.0
10:43:24.0993 1824 Product type: Workstation
10:43:24.0993 1824 ComputerName: BECKY-PC
10:43:24.0994 1824 UserName: becky
10:43:24.0994 1824 Windows directory: C:\Windows
10:43:24.0994 1824 System windows directory: C:\Windows
10:43:24.0994 1824 Processor architecture: Intel x86
10:43:24.0994 1824 Number of processors: 2
10:43:24.0994 1824 Page size: 0x1000
10:43:24.0994 1824 Boot type: Normal boot
10:43:24.0994 1824 ============================================================
10:43:27.0402 1824 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:43:27.0496 1824 Drive \Device\Harddisk1\DR1 - Size: 0x7C00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:43:27.0498 1824 ============================================================
10:43:27.0498 1824 \Device\Harddisk0\DR0:
10:43:27.0511 1824 MBR partitions:
10:43:27.0511 1824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
10:43:27.0511 1824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x24016000
10:43:27.0511 1824 \Device\Harddisk1\DR1:
10:43:27.0512 1824 MBR partitions:
10:43:27.0512 1824 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3DFE0
10:43:27.0512 1824 ============================================================
10:43:27.0533 1824 C: <-> \Device\Harddisk0\DR0\Partition2
10:43:27.0563 1824 D: <-> \Device\Harddisk0\DR0\Partition1
10:43:27.0564 1824 ============================================================
10:43:27.0564 1824 Initialize success
10:43:27.0564 1824 ============================================================
10:43:29.0688 1256 ============================================================
10:43:29.0688 1256 Scan started
10:43:29.0688 1256 Mode: Manual;
10:43:29.0688 1256 ============================================================
10:43:30.0055 1256 ================ Scan system memory ========================
10:43:30.0056 1256 System memory - ok
10:43:30.0056 1256 ================ Scan services =============================
10:43:30.0145 1256 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:43:30.0170 1256 !SASCORE - ok
10:43:30.0532 1256 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
10:43:30.0665 1256 ACPI - ok
10:43:30.0733 1256 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:43:30.0741 1256 AdobeARMservice - ok
10:43:30.0831 1256 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:43:30.0835 1256 AdobeFlashPlayerUpdateSvc - ok
10:43:30.0899 1256 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:43:30.0907 1256 adp94xx - ok
10:43:30.0930 1256 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:43:30.0937 1256 adpahci - ok
10:43:30.0956 1256 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:43:30.0962 1256 adpu160m - ok
10:43:30.0981 1256 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:43:30.0985 1256 adpu320 - ok
10:43:31.0038 1256 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:43:31.0050 1256 AeLookupSvc - ok
10:43:31.0109 1256 [ 330A1E4DF07C2E29949ED8631CD8828E ] AERTFilters C:\Windows\system32\AERTSrv.exe
10:43:31.0111 1256 AERTFilters - ok
10:43:31.0161 1256 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
10:43:31.0166 1256 AFD - ok
10:43:31.0220 1256 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:43:31.0222 1256 agp440 - ok
10:43:31.0236 1256 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:43:31.0238 1256 aic78xx - ok
10:43:31.0268 1256 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
10:43:31.0269 1256 ALG - ok
10:43:31.0287 1256 [ DC67A153FDB8105B25D05334B5E1D8E2 ] aliide C:\Windows\system32\drivers\aliide.sys
10:43:31.0288 1256 aliide - ok
10:43:31.0353 1256 [ 5EFE06456DBC5CD87CADC42AF8D31CD9 ] AM10 C:\Windows\system32\DRIVERS\am10va.sys
10:43:31.0379 1256 AM10 - ok
10:43:31.0402 1256 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:43:31.0403 1256 amdagp - ok
10:43:31.0428 1256 [ 835C4C3355088298A5EBD818FA31430F ] amdide C:\Windows\system32\drivers\amdide.sys
10:43:31.0429 1256 amdide - ok
10:43:31.0471 1256 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
10:43:31.0473 1256 AmdK7 - ok
10:43:31.0498 1256 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:43:31.0499 1256 AmdK8 - ok
10:43:31.0542 1256 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
10:43:31.0543 1256 Appinfo - ok
10:43:31.0638 1256 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:43:31.0643 1256 Apple Mobile Device - ok
10:43:31.0694 1256 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
10:43:31.0696 1256 arc - ok
10:43:31.0720 1256 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:43:31.0723 1256 arcsas - ok
10:43:31.0766 1256 [ B979979AB8027F7F53FB16EC4229B7DB ] ASPI32 C:\Windows\system32\drivers\ASPI32.sys
10:43:31.0767 1256 ASPI32 - ok
10:43:31.0810 1256 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:43:31.0820 1256 AsyncMac - ok
10:43:31.0853 1256 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
10:43:31.0853 1256 atapi - ok
10:43:31.0908 1256 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:43:31.0914 1256 AudioEndpointBuilder - ok
10:43:31.0966 1256 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:43:31.0969 1256 Audiosrv - ok
10:43:32.0008 1256 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
10:43:32.0009 1256 Beep - ok
10:43:32.0048 1256 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
10:43:32.0053 1256 BFE - ok
10:43:32.0145 1256 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
10:43:32.0195 1256 BITS - ok
10:43:32.0285 1256 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:43:32.0302 1256 Bonjour Service - ok
10:43:32.0364 1256 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:43:32.0365 1256 bowser - ok
10:43:32.0409 1256 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:43:32.0411 1256 BrFiltLo - ok
10:43:32.0420 1256 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:43:32.0422 1256 BrFiltUp - ok
10:43:32.0449 1256 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
10:43:32.0451 1256 Browser - ok
10:43:32.0463 1256 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
10:43:32.0465 1256 Brserid - ok
10:43:32.0481 1256 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:43:32.0483 1256 BrSerWdm - ok
10:43:32.0502 1256 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:43:32.0505 1256 BrUsbMdm - ok
10:43:32.0523 1256 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:43:32.0524 1256 BrUsbSer - ok
10:43:32.0536 1256 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:43:32.0538 1256 BTHMODEM - ok
10:43:32.0863 1256 catchme - ok
10:43:32.0902 1256 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:43:32.0922 1256 cdfs - ok
10:43:33.0050 1256 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:43:33.0128 1256 cdrom - ok
10:43:33.0195 1256 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
10:43:33.0204 1256 CertPropSvc - ok
10:43:33.0235 1256 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
10:43:33.0237 1256 circlass - ok
10:43:33.0284 1256 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
10:43:33.0290 1256 CLFS - ok
10:43:33.0336 1256 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:43:33.0340 1256 clr_optimization_v2.0.50727_32 - ok
10:43:33.0419 1256 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:43:33.0454 1256 clr_optimization_v4.0.30319_32 - ok
10:43:33.0508 1256 [ E79CBB2195E965F6E3256E2C1B23FD1C ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:43:33.0514 1256 cmdide - ok
10:43:33.0550 1256 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:43:33.0553 1256 Compbatt - ok
10:43:33.0561 1256 COMSysApp - ok
10:43:33.0694 1256 [ 622FCF264119F7DF127BE353F796B319 ] CouponXplorer_5zService C:\PROGRA~1\COUPON~2\bar\1.bin\5zbarsvc.exe
10:43:33.0716 1256 CouponXplorer_5zService - ok
10:43:33.0744 1256 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:43:33.0746 1256 crcdisk - ok
10:43:33.0762 1256 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
10:43:33.0763 1256 Crusoe - ok
10:43:33.0827 1256 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:43:33.0831 1256 CryptSvc - ok
10:43:33.0907 1256 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:43:33.0919 1256 DcomLaunch - ok
10:43:33.0965 1256 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:43:33.0986 1256 DfsC - ok
10:43:34.0120 1256 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
10:43:34.0180 1256 DFSR - ok
10:43:34.0252 1256 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:43:34.0266 1256 Dhcp - ok
10:43:34.0312 1256 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
10:43:34.0313 1256 disk - ok
10:43:34.0365 1256 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:43:34.0379 1256 Dnscache - ok
10:43:34.0431 1256 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:43:34.0473 1256 dot3svc - ok
10:43:34.0513 1256 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
10:43:34.0547 1256 DPS - ok
10:43:34.0589 1256 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:43:34.0591 1256 drmkaud - ok
10:43:34.0675 1256 [ 245F62A2AA67F4A61F10174BF1017327 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
10:43:34.0898 1256 DSBrokerService - ok
10:43:34.0939 1256 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
10:43:34.0941 1256 DSproct - ok
10:43:34.0958 1256 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\Windows\system32\DRIVERS\dsunidrv.sys
10:43:34.0959 1256 dsunidrv - ok
10:43:35.0001 1256 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:43:35.0019 1256 DXGKrnl - ok
10:43:35.0083 1256 [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
10:43:35.0087 1256 e1express - ok
10:43:35.0113 1256 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
10:43:35.0115 1256 E1G60 - ok
10:43:35.0148 1256 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
10:43:35.0150 1256 EapHost - ok
10:43:35.0250 1256 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
10:43:35.0252 1256 Ecache - ok
10:43:35.0303 1256 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:43:35.0328 1256 ehRecvr - ok
10:43:35.0350 1256 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
10:43:35.0353 1256 ehSched - ok
10:43:35.0367 1256 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
10:43:35.0368 1256 ehstart - ok
10:43:35.0410 1256 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:43:35.0415 1256 elxstor - ok
10:43:35.0453 1256 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:43:35.0462 1256 EMDMgmt - ok
10:43:35.0496 1256 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
10:43:35.0501 1256 EventSystem - ok
10:43:35.0549 1256 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
10:43:35.0552 1256 exfat - ok
10:43:35.0584 1256 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:43:35.0596 1256 fastfat - ok
10:43:35.0624 1256 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:43:35.0625 1256 fdc - ok
10:43:35.0639 1256 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
10:43:35.0641 1256 fdPHost - ok
10:43:35.0668 1256 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
10:43:35.0670 1256 FDResPub - ok
10:43:35.0721 1256 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:43:35.0722 1256 FileInfo - ok
10:43:35.0762 1256 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:43:35.0763 1256 Filetrace - ok
10:43:35.0787 1256 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:43:35.0788 1256 flpydisk - ok
10:43:35.0820 1256 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:43:35.0824 1256 FltMgr - ok
10:43:35.0893 1256 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
10:43:35.0946 1256 FontCache - ok
10:43:36.0000 1256 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:43:36.0001 1256 FontCache3.0.0.0 - ok
10:43:36.0059 1256 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
10:43:36.0060 1256 fssfltr - ok
10:43:36.0164 1256 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
10:43:36.0204 1256 fsssvc - ok
10:43:36.0232 1256 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:43:36.0232 1256 Fs_Rec - ok
10:43:36.0262 1256 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:43:36.0265 1256 gagp30kx - ok
10:43:36.0296 1256 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:43:36.0297 1256 GEARAspiWDM - ok
10:43:36.0340 1256 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
10:43:36.0352 1256 gpsvc - ok
10:43:36.0389 1256 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:43:36.0406 1256 HDAudBus - ok
10:43:36.0427 1256 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:43:36.0430 1256 HidBth - ok
10:43:36.0450 1256 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
10:43:36.0453 1256 HidIr - ok
10:43:36.0473 1256 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
10:43:36.0476 1256 hidserv - ok
10:43:36.0486 1256 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:43:36.0490 1256 HidUsb - ok
10:43:36.0520 1256 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:43:36.0524 1256 hkmsvc - ok
10:43:36.0538 1256 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:43:36.0539 1256 HpCISSs - ok
10:43:36.0579 1256 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:43:36.0587 1256 HTTP - ok
10:43:36.0605 1256 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:43:36.0608 1256 i2omp - ok
10:43:36.0669 1256 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:43:36.0672 1256 i8042prt - ok
10:43:36.0732 1256 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
10:43:36.0738 1256 iaStor - ok
10:43:36.0767 1256 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:43:36.0772 1256 iaStorV - ok
10:43:36.0842 1256 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:43:36.0844 1256 IDriverT - ok
10:43:36.0906 1256 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:43:36.0957 1256 idsvc - ok
10:43:37.0057 1256 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
10:43:37.0115 1256 igfx - ok
10:43:37.0136 1256 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:43:37.0138 1256 iirsp - ok
10:43:37.0213 1256 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
10:43:37.0215 1256 IJPLMSVC - ok
10:43:37.0260 1256 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
10:43:37.0276 1256 IKEEXT - ok
10:43:37.0386 1256 [ F8F53C5449F15B23D4C61D51D2701DA8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:43:37.0434 1256 IntcAzAudAddService - ok
10:43:37.0459 1256 [ 0084046C084D68E494F8CF36BCF08186 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
10:43:37.0460 1256 intelide - ok
10:43:37.0508 1256 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:43:37.0508 1256 intelppm - ok
10:43:37.0539 1256 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:43:37.0572 1256 IPBusEnum - ok
10:43:37.0596 1256 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:43:37.0600 1256 IpFilterDriver - ok
10:43:37.0636 1256 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:43:37.0652 1256 iphlpsvc - ok
10:43:37.0683 1256 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:43:37.0685 1256 IPMIDRV - ok
10:43:37.0723 1256 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:43:37.0726 1256 IPNAT - ok
10:43:37.0793 1256 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:43:37.0826 1256 iPod Service - ok
10:43:37.0855 1256 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:43:37.0857 1256 IRENUM - ok
10:43:37.0874 1256 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:43:37.0882 1256 isapnp - ok
10:43:37.0913 1256 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:43:37.0916 1256 iScsiPrt - ok
10:43:37.0935 1256 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:43:37.0937 1256 iteatapi - ok
10:43:37.0947 1256 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:43:37.0948 1256 iteraid - ok
10:43:38.0059 1256 [ FE1A970E7CE330BB844E333C374C6599 ] iWinTrusted C:\Program Files\iWin Games\iWinTrusted.exe
10:43:38.0132 1256 iWinTrusted - ok
10:43:38.0167 1256 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:43:38.0178 1256 kbdclass - ok
10:43:38.0204 1256 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:43:38.0221 1256 kbdhid - ok
10:43:38.0241 1256 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
10:43:38.0243 1256 KeyIso - ok
10:43:38.0320 1256 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:43:38.0337 1256 KSecDD - ok
10:43:38.0405 1256 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:43:38.0412 1256 KtmRm - ok
10:43:38.0439 1256 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
10:43:38.0444 1256 LanmanServer - ok
10:43:38.0499 1256 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:43:38.0511 1256 LanmanWorkstation - ok
10:43:38.0544 1256 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:43:38.0546 1256 lltdio - ok
10:43:38.0578 1256 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:43:38.0583 1256 lltdsvc - ok
10:43:38.0614 1256 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:43:38.0621 1256 lmhosts - ok
10:43:38.0655 1256 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:43:38.0657 1256 LSI_FC - ok
10:43:38.0670 1256 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:43:38.0672 1256 LSI_SAS - ok
10:43:38.0724 1256 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:43:38.0737 1256 LSI_SCSI - ok
10:43:38.0775 1256 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
10:43:38.0778 1256 luafv - ok
10:43:38.0805 1256 lxcz_device - ok
10:43:38.0849 1256 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:43:38.0852 1256 Mcx2Svc - ok
10:43:38.0875 1256 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
10:43:38.0876 1256 megasas - ok
10:43:38.0889 1256 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
10:43:38.0893 1256 MMCSS - ok
10:43:38.0935 1256 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
10:43:38.0954 1256 Modem - ok
10:43:38.0986 1256 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:43:38.0987 1256 monitor - ok
10:43:39.0021 1256 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:43:39.0022 1256 mouclass - ok
10:43:39.0043 1256 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:43:39.0044 1256 mouhid - ok
10:43:39.0081 1256 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:43:39.0093 1256 MountMgr - ok
10:43:39.0179 1256 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:43:39.0200 1256 MpFilter - ok
10:43:39.0280 1256 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
10:43:39.0333 1256 mpio - ok
10:43:39.0565 1256 MpKsl1c944325 - ok
10:43:39.0594 1256 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:43:39.0596 1256 mpsdrv - ok
10:43:39.0699 1256 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
10:43:39.0774 1256 MpsSvc - ok
10:43:39.0855 1256 [ 721A2B4D1A23D078DB95702D47E7AC6D ] mr97310c C:\Windows\system32\DRIVERS\mr97310c.sys
10:43:39.0858 1256 mr97310c - ok
10:43:39.0878 1256 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:43:39.0880 1256 Mraid35x - ok
10:43:39.0912 1256 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:43:39.0914 1256 MRxDAV - ok
10:43:39.0956 1256 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:43:39.0977 1256 mrxsmb - ok
10:43:40.0028 1256 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:43:40.0032 1256 mrxsmb10 - ok
10:43:40.0045 1256 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:43:40.0051 1256 mrxsmb20 - ok
10:43:40.0117 1256 [ D420BC42A637AC3CC4F411220549C0DC ] msahci C:\Windows\system32\drivers\msahci.sys
10:43:40.0120 1256 msahci - ok
10:43:40.0190 1256 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:43:40.0198 1256 msdsm - ok
10:43:40.0248 1256 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
10:43:40.0258 1256 MSDTC - ok
10:43:40.0288 1256 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:43:40.0289 1256 Msfs - ok
10:43:40.0335 1256 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:43:40.0337 1256 msisadrv - ok
10:43:40.0371 1256 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:43:40.0376 1256 MSiSCSI - ok
10:43:40.0388 1256 msiserver - ok
10:43:40.0424 1256 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:43:40.0433 1256 MSKSSRV - ok
10:43:40.0551 1256 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:43:40.0552 1256 MsMpSvc - ok
10:43:40.0604 1256 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:43:40.0612 1256 MSPCLOCK - ok
10:43:40.0648 1256 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:43:40.0655 1256 MSPQM - ok
10:43:40.0773 1256 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:43:40.0781 1256 MsRPC - ok
10:43:40.0834 1256 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:43:40.0835 1256 mssmbios - ok
10:43:40.0920 1256 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:43:40.0926 1256 MSTEE - ok
10:43:40.0970 1256 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
10:43:40.0976 1256 Mup - ok
10:43:41.0036 1256 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
10:43:41.0072 1256 napagent - ok
10:43:41.0178 1256 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:43:41.0195 1256 NativeWifiP - ok
10:43:41.0330 1256 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:43:41.0341 1256 NDIS - ok
10:43:41.0378 1256 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:43:41.0394 1256 NdisTapi - ok
10:43:41.0455 1256 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:43:41.0465 1256 Ndisuio - ok
10:43:41.0506 1256 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:43:41.0509 1256 NdisWan - ok
10:43:41.0550 1256 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:43:41.0559 1256 NDProxy - ok
10:43:41.0572 1256 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:43:41.0577 1256 NetBIOS - ok
10:43:41.0631 1256 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:43:41.0644 1256 netbt - ok
10:43:41.0660 1256 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
10:43:41.0662 1256 Netlogon - ok
10:43:41.0729 1256 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
10:43:41.0780 1256 Netman - ok
10:43:41.0832 1256 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
10:43:41.0840 1256 netprofm - ok
10:43:41.0874 1256 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:43:41.0896 1256 NetTcpPortSharing - ok
10:43:41.0931 1256 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:43:41.0949 1256 nfrd960 - ok
10:43:42.0008 1256 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:43:42.0011 1256 NisDrv - ok
10:43:42.0053 1256 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
10:43:42.0061 1256 NisSrv - ok
10:43:42.0109 1256 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:43:42.0115 1256 NlaSvc - ok
10:43:42.0160 1256 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:43:42.0174 1256 Npfs - ok
10:43:42.0233 1256 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
10:43:42.0246 1256 nsi - ok
10:43:42.0307 1256 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:43:42.0321 1256 nsiproxy - ok
10:43:42.0415 1256 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:43:42.0467 1256 Ntfs - ok
10:43:42.0494 1256 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
10:43:42.0497 1256 ntrigdigi - ok
10:43:42.0517 1256 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
10:43:42.0523 1256 Null - ok
10:43:42.0554 1256 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:43:42.0561 1256 nvraid - ok
10:43:42.0597 1256 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:43:42.0601 1256 nvstor - ok
10:43:42.0643 1256 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:43:42.0656 1256 nv_agp - ok
10:43:42.0726 1256 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:43:42.0738 1256 ohci1394 - ok
10:43:42.0822 1256 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:43:42.0855 1256 p2pimsvc - ok
10:43:42.0953 1256 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
10:43:42.0961 1256 p2psvc - ok
10:43:42.0976 1256 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
10:43:42.0979 1256 Parport - ok
10:43:43.0009 1256 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:43:43.0018 1256 partmgr - ok
10:43:43.0037 1256 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:43:43.0042 1256 Parvdm - ok
10:43:43.0071 1256 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
10:43:43.0074 1256 PcaSvc - ok
10:43:43.0106 1256 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
10:43:43.0109 1256 pci - ok
10:43:43.0148 1256 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
10:43:43.0150 1256 pciide - ok
10:43:43.0173 1256 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:43:43.0177 1256 pcmcia - ok
10:43:43.0246 1256 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:43:43.0274 1256 PEAUTH - ok
10:43:43.0369 1256 [ D2D2FA02B722336960EEAE0AE7107891 ] PID_0928 C:\Windows\system32\DRIVERS\LV561AV.SYS
10:43:43.0405 1256 PID_0928 - ok
10:43:43.0482 1256 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
10:43:43.0549 1256 pla - ok
10:43:43.0611 1256 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:43:43.0626 1256 PlugPlay - ok
10:43:43.0673 1256 [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
10:43:43.0677 1256 PnkBstrA - ok
10:43:43.0771 1256 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:43:43.0780 1256 PNRPAutoReg - ok
10:43:43.0879 1256 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:43:43.0888 1256 PNRPsvc - ok
10:43:43.0940 1256 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:43:43.0956 1256 PolicyAgent - ok
10:43:43.0989 1256 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:43:43.0991 1256 PptpMiniport - ok
10:43:44.0021 1256 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
10:43:44.0023 1256 Processor - ok
10:43:44.0047 1256 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
10:43:44.0052 1256 ProfSvc - ok
10:43:44.0067 1256 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
10:43:44.0069 1256 ProtectedStorage - ok
10:43:44.0112 1256 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:43:44.0121 1256 PSched - ok
10:43:44.0146 1256 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
10:43:44.0177 1256 PxHelp20 - ok
10:43:44.0245 1256 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:43:44.0271 1256 ql2300 - ok
10:43:44.0297 1256 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:43:44.0299 1256 ql40xx - ok
10:43:44.0339 1256 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
10:43:44.0358 1256 QWAVE - ok
10:43:44.0415 1256 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:43:44.0439 1256 QWAVEdrv - ok
10:43:44.0737 1256 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
10:43:44.0795 1256 R300 - ok
10:43:44.0916 1256 [ 8ECDB19BCF338A0798D798143F51E228 ] RaAutoInstSrv_AM10 C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
10:43:44.0937 1256 RaAutoInstSrv_AM10 - ok
10:43:44.0965 1256 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:43:44.0966 1256 RasAcd - ok
10:43:45.0000 1256 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
10:43:45.0012 1256 RasAuto - ok
10:43:45.0038 1256 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:43:45.0040 1256 Rasl2tp - ok
10:43:45.0076 1256 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
10:43:45.0083 1256 RasMan - ok
10:43:45.0117 1256 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:43:45.0124 1256 RasPppoe - ok
10:43:45.0156 1256 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:43:45.0158 1256 RasSstp - ok
10:43:45.0192 1256 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:43:45.0196 1256 rdbss - ok
10:43:45.0228 1256 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:43:45.0241 1256 RDPCDD - ok
10:43:45.0280 1256 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:43:45.0284 1256 rdpdr - ok
10:43:45.0296 1256 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:43:45.0297 1256 RDPENCDD - ok
10:43:45.0335 1256 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:43:45.0339 1256 RDPWD - ok
10:43:45.0402 1256 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:43:45.0407 1256 RemoteAccess - ok
10:43:45.0450 1256 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:43:45.0467 1256 RemoteRegistry - ok
10:43:45.0516 1256 [ B9BB8E2093C1615AD6EA55AD96214354 ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
10:43:45.0540 1256 Revoflt - ok
10:43:45.0587 1256 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
10:43:45.0589 1256 RimUsb - ok
10:43:45.0719 1256 [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
10:43:45.0992 1256 RoxMediaDB9 - ok
10:43:46.0025 1256 [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
10:43:46.0028 1256 RoxWatch9 - ok
10:43:46.0048 1256 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
10:43:46.0050 1256 RpcLocator - ok
10:43:46.0078 1256 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\System32\rpcss.dll
10:43:46.0087 1256 RpcSs - ok
10:43:46.0116 1256 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:43:46.0118 1256 rspndr - ok
10:43:46.0128 1256 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
10:43:46.0130 1256 SamSs - ok
10:43:46.0191 1256 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:43:46.0204 1256 SASDIFSV - ok
10:43:46.0217 1256 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:43:46.0219 1256 SASKUTIL - ok
10:43:46.0264 1256 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:43:46.0280 1256 sbp2port - ok
10:43:46.0308 1256 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:43:46.0312 1256 SCardSvr - ok
10:43:46.0347 1256 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
10:43:46.0376 1256 Schedule - ok
10:43:46.0405 1256 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:43:46.0406 1256 SCPolicySvc - ok
10:43:46.0441 1256 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:43:46.0450 1256 SDRSVC - ok
10:43:46.0463 1256 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:43:46.0464 1256 secdrv - ok
10:43:46.0491 1256 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
10:43:46.0506 1256 seclogon - ok
10:43:46.0539 1256 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
10:43:46.0544 1256 SENS - ok
10:43:46.0560 1256 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
10:43:46.0561 1256 Serenum - ok
10:43:46.0577 1256 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
10:43:46.0582 1256 Serial - ok
10:43:46.0613 1256 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:43:46.0618 1256 sermouse - ok
10:43:46.0666 1256 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
10:43:46.0672 1256 SessionEnv - ok
10:43:46.0692 1256 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:43:46.0694 1256 sffdisk - ok
10:43:46.0709 1256 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:43:46.0711 1256 sffp_mmc - ok
10:43:46.0731 1256 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:43:46.0732 1256 sffp_sd - ok
10:43:46.0768 1256 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:43:46.0769 1256 sfloppy - ok
10:43:46.0802 1256 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:43:46.0808 1256 SharedAccess - ok
10:43:46.0839 1256 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:43:46.0846 1256 ShellHWDetection - ok
10:43:46.0894 1256 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:43:46.0906 1256 sisagp - ok
10:43:46.0921 1256 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:43:46.0925 1256 SiSRaid2 - ok
10:43:46.0936 1256 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:43:46.0938 1256 SiSRaid4 - ok
10:43:47.0209 1256 [ 2A99850C2A6EDD6C6602E822C716EDAF ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:43:47.0335 1256 Skype C2C Service - ok
10:43:47.0398 1256 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:43:47.0412 1256 SkypeUpdate - ok
10:43:47.0548 1256 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
10:43:47.0632 1256 slsvc - ok
10:43:47.0690 1256 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:43:47.0695 1256 SLUINotify - ok
10:43:47.0750 1256 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:43:47.0752 1256 Smb - ok
10:43:47.0785 1256 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:43:47.0789 1256 SNMPTRAP - ok
10:43:47.0825 1256 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
10:43:47.0827 1256 spldr - ok
10:43:47.0860 1256 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
10:43:47.0865 1256 Spooler - ok
10:43:47.0941 1256 sprtsvc_dellsupportcenter - ok
10:43:47.0989 1256 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:43:47.0996 1256 srv - ok
10:43:48.0030 1256 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:43:48.0033 1256 srv2 - ok
10:43:48.0071 1256 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:43:48.0073 1256 srvnet - ok
10:43:48.0097 1256 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:43:48.0103 1256 SSDPSRV - ok
10:43:48.0162 1256 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:43:48.0168 1256 SstpSvc - ok
10:43:48.0206 1256 Steam Client Service - ok
10:43:48.0263 1256 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
10:43:48.0280 1256 stisvc - ok
10:43:48.0340 1256 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
10:43:48.0435 1256 stllssvr - ok
10:43:48.0470 1256 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:43:48.0471 1256 swenum - ok
10:43:48.0511 1256 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
10:43:48.0518 1256 swprv - ok
10:43:48.0554 1256 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:43:48.0556 1256 Symc8xx - ok
10:43:48.0571 1256 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:43:48.0572 1256 Sym_hi - ok
10:43:48.0585 1256 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:43:48.0587 1256 Sym_u3 - ok
10:43:48.0629 1256 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
10:43:48.0648 1256 SysMain - ok
10:43:48.0670 1256 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:43:48.0674 1256 TabletInputService - ok
10:43:48.0702 1256 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:43:48.0709 1256 TapiSrv - ok
10:43:48.0737 1256 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
10:43:48.0742 1256 TBS - ok
10:43:48.0792 1256 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:43:48.0825 1256 Tcpip - ok
10:43:48.0867 1256 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:43:48.0879 1256 Tcpip6 - ok
10:43:48.0900 1256 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:43:48.0902 1256 tcpipreg - ok
10:43:48.0938 1256 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:43:48.0939 1256 TDPIPE - ok
10:43:48.0966 1256 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:43:48.0967 1256 TDTCP - ok
10:43:48.0980 1256 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:43:48.0982 1256 tdx - ok
10:43:49.0065 1256 [ D827A50CEC8A16180EEC4F1951B7A842 ] TeamViewer5 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
10:43:49.0068 1256 TeamViewer5 - ok
10:43:49.0102 1256 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:43:49.0103 1256 TermDD - ok
10:43:49.0143 1256 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
10:43:49.0160 1256 TermService - ok
10:43:49.0179 1256 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
10:43:49.0184 1256 Themes - ok
10:43:49.0200 1256 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
10:43:49.0203 1256 THREADORDER - ok
10:43:49.0237 1256 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
10:43:49.0253 1256 TrkWks - ok
10:43:49.0312 1256 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:43:49.0313 1256 TrustedInstaller - ok
10:43:49.0350 1256 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:43:49.0351 1256 tssecsrv - ok
10:43:49.0400 1256 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:43:49.0401 1256 tunmp - ok
10:43:49.0432 1256 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:43:49.0433 1256 tunnel - ok
10:43:49.0459 1256 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:43:49.0461 1256 uagp35 - ok
10:43:49.0488 1256 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:43:49.0492 1256 udfs - ok
10:43:49.0522 1256 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:43:49.0526 1256 UI0Detect - ok
10:43:49.0569 1256 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:43:49.0571 1256 uliagpkx - ok
10:43:49.0597 1256 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:43:49.0602 1256 uliahci - ok
10:43:49.0619 1256 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:43:49.0621 1256 UlSata - ok
10:43:49.0641 1256 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:43:49.0646 1256 ulsata2 - ok
10:43:49.0681 1256 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:43:49.0682 1256 umbus - ok
10:43:49.0745 1256 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
10:43:49.0752 1256 upnphost - ok
10:43:49.0792 1256 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
10:43:49.0793 1256 USBAAPL - ok
10:43:49.0850 1256 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:43:49.0853 1256 usbaudio - ok
10:43:49.0880 1256 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:43:49.0882 1256 usbccgp - ok
10:43:49.0909 1256 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:43:49.0912 1256 usbcir - ok
10:43:49.0957 1256 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:43:49.0959 1256 usbehci - ok
10:43:49.0990 1256 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:43:49.0994 1256 usbhub - ok
10:43:50.0011 1256 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:43:50.0012 1256 usbohci - ok
10:43:50.0036 1256 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:43:50.0038 1256 usbprint - ok
10:43:50.0087 1256 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:43:50.0089 1256 usbscan - ok
10:43:50.0111 1256 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:43:50.0161 1256 USBSTOR - ok
10:43:50.0196 1256 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:43:50.0199 1256 usbuhci - ok
10:43:50.0241 1256 [ 8AFFFDA081CFF3057391FEDBBB483601 ] UTSCSI C:\Windows\system32\UTSCSI.EXE
10:43:50.0245 1256 UTSCSI - ok
10:43:50.0276 1256 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
10:43:50.0280 1256 UxSms - ok
10:43:50.0320 1256 [ A0C643D5F8C60F12FAA6E3454DFE9C32 ] V0230Vfx C:\Windows\system32\DRIVERS\V0230Vfx.sys
10:43:50.0321 1256 V0230Vfx - ok
10:43:50.0375 1256 [ AB3A762B624EC835C1C7BB665B04ED41 ] V0230VID C:\Windows\system32\DRIVERS\V0230VID.sys
10:43:50.0383 1256 V0230VID - ok
10:43:50.0420 1256 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
10:43:50.0429 1256 vds - ok
10:43:50.0469 1256 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:43:50.0471 1256 vga - ok
10:43:50.0505 1256 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
10:43:50.0506 1256 VgaSave - ok
10:43:50.0530 1256 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:43:50.0532 1256 viaagp - ok
10:43:50.0547 1256 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:43:50.0549 1256 ViaC7 - ok
10:43:50.0570 1256 [ F3B4762EB85A2AFF4999401F14C3262B ] viaide C:\Windows\system32\drivers\viaide.sys
10:43:50.0572 1256 viaide - ok
10:43:50.0588 1256 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:43:50.0590 1256 volmgr - ok
10:43:50.0628 1256 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:43:50.0633 1256 volmgrx - ok
10:43:50.0664 1256 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:43:50.0668 1256 volsnap - ok
10:43:50.0686 1256 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:43:50.0690 1256 vsmraid - ok
10:43:50.0729 1256 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
10:43:50.0779 1256 VSS - ok
10:43:50.0812 1256 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
10:43:50.0819 1256 W32Time - ok
10:43:50.0836 1256 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:43:50.0838 1256 WacomPen - ok
10:43:50.0891 1256 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:43:50.0893 1256 Wanarp - ok
10:43:50.0908 1256 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:43:50.0909 1256 Wanarpv6 - ok
10:43:50.0948 1256 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:43:50.0965 1256 wcncsvc - ok
10:43:50.0998 1256 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:43:51.0002 1256 WcsPlugInService - ok
10:43:51.0018 1256 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
10:43:51.0020 1256 Wd - ok
10:43:51.0057 1256 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:43:51.0065 1256 Wdf01000 - ok
10:43:51.0090 1256 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:43:51.0095 1256 WdiServiceHost - ok
10:43:51.0106 1256 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:43:51.0111 1256 WdiSystemHost - ok
10:43:51.0145 1256 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
10:43:51.0151 1256 WebClient - ok
10:43:51.0184 1256 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:43:51.0190 1256 Wecsvc - ok
10:43:51.0221 1256 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:43:51.0226 1256 wercplsupport - ok
10:43:51.0262 1256 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
10:43:51.0279 1256 WerSvc - ok
10:43:51.0323 1256 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:43:51.0328 1256 WinDefend - ok
10:43:51.0336 1256 WinHttpAutoProxySvc - ok
10:43:51.0382 1256 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:43:51.0385 1256 Winmgmt - ok
10:43:51.0437 1256 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
10:43:51.0470 1256 WinRM - ok
10:43:51.0512 1256 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:43:51.0529 1256 Wlansvc - ok
10:43:51.0617 1256 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:43:51.0620 1256 wlcrasvc - ok
10:43:51.0714 1256 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:43:51.0764 1256 wlidsvc - ok
10:43:51.0792 1256 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:43:51.0794 1256 WmiAcpi - ok
10:43:51.0831 1256 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:43:51.0834 1256 wmiApSrv - ok
10:43:51.0968 1256 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:43:51.0993 1256 WMPNetworkSvc - ok
10:43:52.0017 1256 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:43:52.0023 1256 WPCSvc - ok
10:43:52.0056 1256 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:43:52.0061 1256 WPDBusEnum - ok
10:43:52.0090 1256 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
10:43:52.0092 1256 WpdUsb - ok
10:43:52.0184 1256 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:43:52.0197 1256 WPFFontCache_v0400 - ok
10:43:52.0224 1256 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:43:52.0226 1256 ws2ifsl - ok
10:43:52.0263 1256 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
10:43:52.0268 1256 wscsvc - ok
10:43:52.0274 1256 WSearch - ok
10:43:52.0348 1256 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
10:43:52.0406 1256 wuauserv - ok
10:43:52.0487 1256 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:43:52.0489 1256 WUDFRd - ok
10:43:52.0498 1256 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:43:52.0507 1256 wudfsvc - ok
10:43:52.0600 1256 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:43:52.0617 1256 YahooAUService - ok
10:43:52.0640 1256 ================ Scan global ===============================
10:43:52.0666 1256 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
10:43:52.0700 1256 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
10:43:52.0748 1256 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
10:43:52.0792 1256 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
10:43:52.0799 1256 [Global] - ok
10:43:52.0800 1256 ================ Scan MBR ==================================
10:43:52.0840 1256 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:43:52.0992 1256 \Device\Harddisk0\DR0 - ok
10:43:53.0000 1256 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
10:43:53.0010 1256 \Device\Harddisk1\DR1 - ok
10:43:53.0010 1256 ================ Scan VBR ==================================
10:43:53.0032 1256 [ 480C2E359BC4106FCF43C76B2A4C51FF ] \Device\Harddisk0\DR0\Partition1
10:43:53.0033 1256 \Device\Harddisk0\DR0\Partition1 - ok
10:43:53.0038 1256 [ 0C205CDEF4F54BF22DC26E36CB2E4BEA ] \Device\Harddisk0\DR0\Partition2
10:43:53.0040 1256 \Device\Harddisk0\DR0\Partition2 - ok
10:43:53.0048 1256 [ 4AFA849C46520BA9605E6E69F3373469 ] \Device\Harddisk1\DR1\Partition1
10:43:53.0051 1256 \Device\Harddisk1\DR1\Partition1 - ok
10:43:53.0051 1256 ============================================================
10:43:53.0051 1256 Scan finished
10:43:53.0051 1256 ============================================================
10:43:53.0071 2824 Detected object count: 0
10:43:53.0071 2824 Actual detected object count: 0

#14 bedtimefrog

bedtimefrog
  • Topic Starter

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wpg, Mb, Canada
  • Local time:08:59 PM

Posted 14 October 2012 - 11:04 AM

the aswMBR scan loaded and started to scan but came up red saying scan error: incorrect function...then did nothing else afterwards

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:59 PM

Posted 14 October 2012 - 12:50 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users