Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Redirecting!


  • This topic is locked This topic is locked
25 replies to this topic

#1 Lexxiaa

Lexxiaa

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 19 October 2012 - 09:43 AM

Hi! As of yesterday I noticed when I use internet explorer and use the search engine I can make the search but when I go to open the page I get a pop up that it redirects to, as it pops up to load the page looks like its titled with an IP address IE:109.206.160.225 and then it changes to some spam page with links. I'm very worried because this computer is a work computer that has customer information and we also have to use Internet Explorer for our work website to access the customers account which holds a lot of personal information. There's currently no issue with my other browsers that I can see. Would be wonderful if we could get this cleaned up today as I'm the only one in this store that understands how to go through these processes that I've seen on this website

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:32 AM

Posted 19 October 2012 - 11:01 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Lexxiaa

Lexxiaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 21 October 2012 - 06:24 PM

Just letting you know I will be back at work on Tuesday to run these tasks thank you so much for your patience!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:32 AM

Posted 22 October 2012 - 12:06 AM

thank you for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Lexxiaa

Lexxiaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 23 October 2012 - 08:41 AM

First here's the DDS reports

DDS

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by IndianTrailMiddle at 9:37:05 on 2012-10-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2013.558 [GMT -4:00]
.
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\iQmetrix\IQ.Core.UpdateFoundation.WindowsService.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\SAMSUNG\Kies\Kies.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iQmetrix\RQ4\RetailiQ.WPF\RetailiQ.Windows.WPF.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\IndianTrailMiddle\Desktop\SecurityCheck.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k defragsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://tlgposdotcom.cingular.com/v2/Login.html
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: RSA Toolbar: {749F8452-7D28-4658-A903-9B047E5A2CE8} - c:\program files\rsa security\rsa securid toolbar token\RsaToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [attcm.exe] c:\program files\at&t\at&t communication manager\attcm.exe
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ICSDCLT] c:\windows\rundll32.exe c:\windows\system32\icsdclt.dll,ICSClient
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRunServices: [SSDPSRV] c:\windows\system32\ssdpsrv.exe
StartupFolder: c:\users\indian~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - hxxps://mydlink.com/8D/activeX//aplugLiteDL.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://173.188.132.188:81/WebClient.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP24-10113/event/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{351073DC-E03C-4810-968B-5AA3262401F4} : NameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{86763CE9-689B-42F0-9C40-3AC33D520306} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{F5EEC2E4-869D-4379-A27C-9B13654B75CB} : DHCPNameServer = 166.102.165.11 166.102.165.13
TCP: Interfaces\{F5EEC2E4-869D-4379-A27C-9B13654B75CB}\E4F626C6560275962756C6563737 : DHCPNameServer = 166.102.165.11 166.102.165.13
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: iPhone Demo Content - c:\ios\ATT_User_Content_v711.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\indiantrailmiddle\appdata\roaming\mozilla\firefox\profiles\xdii0pc3.default\
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\users\indiantrailmiddle\appdata\roaming\move networks\plugins\npqmp071700000016.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - ExtSQL: 2012-09-11 09:29; {1E73965B-8B48-48be-9C8D-68B920ABC1C4}; c:\program files\avg\avg2012\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2012-3-14 50624]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2012-3-14 33656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-11-4 81920]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-5-6 133944]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2012-3-7 913144]
R2 IQ.Core.UpdateFoundation.WindowsService;iQmetrix Installation Manager Service;c:\program files\iqmetrix\IQ.Core.UpdateFoundation.WindowsService.exe [2009-10-30 6656]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-5-27 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-18 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-18 676936]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272]
R2 OrbisClient.Services;LabSim Configuration and Security;c:\program files\testout\orbis\OrbisClient.Services.exe [2011-1-25 17408]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-4 2358656]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-11-4 273960]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-6 22856]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-23 136176]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000w7.sys [2010-11-24 841504]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-7-6 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-7-6 80824]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-23 136176]
S3 IERA;IERA;c:\program files\sierra wireless inc\iera\IERA.exe [2011-5-31 167280]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2012-4-19 15896]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-10-18 115168]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-7-6 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-7-6 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-7-6 136808]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-7-6 181432]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\drivers\swg3kser00.sys [2012-5-24 215552]
S3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\drivers\swiwdmbx.sys [2012-5-24 83968]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2012-5-24 237568]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-23 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-25 1343400]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [2012-4-19 113688]
.
=============== Created Last 30 ================
.
2012-10-23 13:10:54 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{70ce8929-b514-4f7d-ad00-dc80dbd73dc3}\mpengine.dll
2012-10-21 15:54:24 6918632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-20 14:06:42 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8f00e60a-240e-4c75-969e-32585cc5df6c}\gapaengine.dll
2012-10-19 23:23:54 -------- d-----w- c:\windows\system32\Adobe
2012-10-18 23:25:23 -------- d-----w- c:\users\indiantrailmiddle\appdata\roaming\ESET
2012-10-18 23:25:23 -------- d-----w- c:\users\indiantrailmiddle\appdata\local\ESET
2012-10-18 23:15:34 -------- d-----w- c:\program files\ESET
2012-10-18 22:56:46 -------- d--h--w- c:\windows\msdownld.tmp
2012-10-18 21:22:57 -------- d-----w- c:\program files\uTorrent
2012-10-18 21:22:33 -------- d-----w- c:\users\indiantrailmiddle\appdata\roaming\uTorrent
2012-10-16 14:15:19 -------- d-----r- c:\users\indiantrailmiddle\Podcasts
2012-10-16 14:13:34 -------- d-----w- c:\windows\system32\ms-MY
2012-09-26 13:04:35 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
==================== Find3M ====================
.
2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-31 02:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 02:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 19:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-10 23:56:14 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-26 07:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 9:38:25.08 ===============



ATTACH
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/20/2010 2:40:15 PM
System Uptime: 10/23/2012 8:59:37 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 07N90W
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz | CPU 1 | 2926/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 167.039 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslfa90906e
Device ID: ROOT\LEGACY_MPKSLFA90906E\0000
Manufacturer:
Name: MpKslfa90906e
PNP Device ID: ROOT\LEGACY_MPKSLFA90906E\0000
Service: MpKslfa90906e
.
==== System Restore Points ===================
.
RP260: 10/9/2012 8:59:19 AM - Windows Update
RP261: 10/10/2012 8:06:46 PM - Windows Update
RP262: 10/14/2012 12:01:28 PM - Windows Update
RP264: 10/16/2012 10:11:57 AM - Installed Zune 4.8
RP265: 10/18/2012 8:57:04 AM - Windows Update
RP266: 10/18/2012 6:53:17 PM - Windows Modules Installer
RP267: 10/18/2012 6:56:56 PM - Windows Modules Installer
RP268: 10/21/2012 11:53:40 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
4shared Desktop
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATT iOS Demo Content v7.1.1
AVG 2012
Bonjour
Broadcom Gigabit NetLink Controller
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Edoc Viewer
ESET Smart Security
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel® Graphics Media Accelerator Driver
iQmetrix Update Manager
iTunes
Java Auto Updater
Java™ 6 Update 30
Junk Mail filter update
LabSim
LogMeIn
Loop Qualification System
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SOAP Toolkit 3.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Media Player
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Octoshape add-in for Adobe Flash Player
Realtek High Definition Audio Driver
RSA SecurID Toolbar 1.4.2 for Internet Explorer
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
swMSM
TeamViewer 6
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Visual CertExam Suite 1.9
WebEx
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
WWPos
ZTE Handset USB Driver
.
==== Event Viewer Messages From Past Week ========
.
10/18/2012 7:16:06 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================



CHECK UP Report
Results of screen317's Security Check version 0.99.53
Windows 7 Service Pack 1 x86 (UAC is

disabled!)

Internet Explorer 9
``````````````Antivirus/Firewall

Check:``````````````

Windows Firewall Disabled!
ESET Smart Security 5.2
Microsoft Security Essentials
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities

Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 30
Java version out of Date!
Adobe Flash Player 10 Flash Player out of

Date!

Adobe Flash Player 10.2.159.1 Flash

Player out of Date!

Adobe Reader X 10.1.2 Adobe Reader out of

Date!

Mozilla Firefox (16.0.1)
````````Process Check: objlist.exe by

Laurent````````

Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health

check`````````````````

Total Fragmentation on Drive C: 1%
````````````````````End of

Log``````````````````````



No problems loading any of the programs

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:32 AM

Posted 23 October 2012 - 12:02 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Lexxiaa

Lexxiaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 23 October 2012 - 12:25 PM

ADW CLEANER REPORT
# AdwCleaner v2.005 - Logfile created 10/23/2012 at 13:12:39
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : IndianTrailMiddle - INDIAN-MID
# Boot Mode : Normal
# Running from : C:\Users\IndianTrailMiddle\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\IndianTrailMiddle\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\IndianTrailMiddle\AppData\Roaming\Mozilla\Firefox\Profiles\xdii0pc3.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3506 octets] - [23/10/2012 13:12:39]

########## EOF - C:\AdwCleaner[S1].txt - [3566 octets] ##########



RKReport [1]
RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : IndianTrailMiddle [Admin rights]
Mode : Scan -- Date : 10/23/2012 13:18:09

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- -> KILLED [TermThr]

¤¤¤ Registry Entries : 17 ¤¤¤
[RUN][BLACKLIST DLL] HKLM\[...]\Run : ICSDCLT (C:\Windows\rundll32.exe C:\Windows\system32\icsdclt.dll,ICSClient) -> FOUND
[TASK][SUSP PATH] {74FD3648-BB92-46A6-9EEE-CA8E72765D13} : C:\Windows\System32\pcalua.exe -a "C:\Users\IndianTrailMiddle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4V65ACS\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU[1].exe" -d C:\Users\IndianTrailMiddle\Desktop -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{351073DC-E03C-4810-968B-5AA3262401F4} : NameServer (172.26.38.1 172.26.38.2) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{351073DC-E03C-4810-968B-5AA3262401F4} : NameServer (172.26.38.1 172.26.38.2) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJS-75M0A0 ATA Device +++++
--- User ---
[MBR] a51a72f9585a6415561b2ccbb51463ac
[BSP] bd88243ba1753a8780c06e4eb19307c6 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9618 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19779584 | Size: 228758 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



Theres also a RKReport[2] if you need it
No problems running these programs

#8 Lexxiaa

Lexxiaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 23 October 2012 - 12:55 PM

Did a few searches, no pop up redirects so far, yay! (:

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:32 AM

Posted 23 October 2012 - 05:26 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Lexxiaa

Lexxiaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 23 October 2012 - 06:50 PM

COMBOFIX REPORT

ComboFix 12-10-23.01 - IndianTrailMiddle 10/23/2012 19:08:10.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2013.1186 [GMT -4:00]
Running from: c:\users\IndianTrailMiddle\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\INDIAN~1\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\users\IndianTrailMiddle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{09185470-97EB-44DC-8DB7-3E8678551386}.xps
c:\users\IndianTrailMiddle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1A6A20D6-006F-434C-B716-DA70B07846A8}.xps
c:\users\IndianTrailMiddle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{98CE8AD0-CFD8-4CC2-A302-3C5DF8F9125E}.xps
c:\users\IndianTrailMiddle\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\users\IndianTrailMiddle\AppData\Roaming\iQmetrixErrorLog.txt
c:\windows\system32\muzapp.exe
c:\windows\system32\SETAF42.tmp
c:\windows\system32\SETAF64.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
.
.
2012-10-23 23:19 . 2012-10-23 23:19 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-10-23 23:19 . 2012-10-23 23:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-23 17:17 . 2012-10-23 17:17 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70CE8929-B514-4F7D-AD00-DC80DBD73DC3}\MpKsl834fb308.sys
2012-10-23 13:10 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70CE8929-B514-4F7D-AD00-DC80DBD73DC3}\mpengine.dll
2012-10-21 15:54 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-20 14:06 . 2012-09-29 14:08 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F00E60A-240E-4C75-969E-32585CC5DF6C}\gapaengine.dll
2012-10-19 23:23 . 2012-10-19 23:25 -------- d-----w- c:\windows\system32\Adobe
2012-10-18 23:25 . 2012-10-18 23:25 -------- d-----w- c:\users\IndianTrailMiddle\AppData\Local\ESET
2012-10-18 23:15 . 2012-10-18 23:15 -------- d-----w- c:\program files\ESET
2012-10-18 22:56 . 2012-10-18 22:56 -------- d--h--w- c:\windows\msdownld.tmp
2012-10-18 22:00 . 2012-10-18 22:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-10-18 21:22 . 2012-10-18 21:22 -------- d-----w- c:\program files\uTorrent
2012-10-18 21:22 . 2012-10-18 22:27 -------- d-----w- c:\users\IndianTrailMiddle\AppData\Roaming\uTorrent
2012-10-16 14:15 . 2012-10-16 14:15 -------- d-----r- c:\users\IndianTrailMiddle\Podcasts
2012-10-16 14:13 . 2012-10-16 14:13 -------- d-----w- c:\windows\system32\ms-MY
2012-09-26 13:04 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 23:21 . 2011-05-06 18:43 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-29 23:54 . 2011-12-06 18:28 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-29 14:08 . 2011-09-08 13:10 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-08-31 02:03 . 2012-08-31 02:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2011-04-27 19:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 19:43 . 2012-08-24 19:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 06:59 . 2012-09-23 00:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-23 00:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-23 00:00 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 00:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 00:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-23 00:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 13:00 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 13:00 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 13:00 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 13:00 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 17:01 . 2012-09-19 22:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-06-11 13:34 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-02 16:57 . 2012-09-12 13:00 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-26 07:21 . 2012-07-26 07:21 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-10-11 01:06 . 2012-10-18 22:00 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-03 21432]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-07-03 975288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-07-03 3524536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
.
c:\users\IndianTrailMiddle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-29 23:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
R1 ezyikktz;ezyikktz;c:\windows\system32\drivers\ezyikktz.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 IERA;IERA;c:\program files\Sierra Wireless Inc\IERA\IERA.exe [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\swg3kser00.sys [x]
R3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\DRIVERS\swiwdmbx.sys [x]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 MpKsl834fb308;MpKsl834fb308;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70CE8929-B514-4F7D-AD00-DC80DBD73DC3}\MpKsl834fb308.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 IQ.Core.UpdateFoundation.WindowsService;iQmetrix Installation Manager Service;c:\program files\iQmetrix\IQ.Core.UpdateFoundation.WindowsService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 OrbisClient.Services;LabSim Configuration and Security;c:\program files\TestOut\Orbis\OrbisClient.Services.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\iPhone Demo Content]
2012-05-22 16:59 1224454005 ----a-w- c:\ios\ATT_User_Content_v711.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-23 15:29]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-23 15:29]
.
.
------- Supplementary Scan -------
.
uStart Page = https://tlgposdotcom.cingular.com/v2/Login.html
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{351073DC-E03C-4810-968B-5AA3262401F4}: NameServer = 172.26.38.1 172.26.38.2
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - hxxps://mydlink.com/8D/activeX//aplugLiteDL.cab
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://173.188.132.188:81/WebClient.cab
FF - ProfilePath - c:\users\IndianTrailMiddle\AppData\Roaming\Mozilla\Firefox\Profiles\xdii0pc3.default\
FF - ExtSQL: 2012-09-11 09:29; {1E73965B-8B48-48be-9C8D-68B920ABC1C4}; c:\program files\AVG\AVG2012\Firefox4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-attcm.exe - c:\program files\AT&T\AT&T Communication Manager\attcm.exe
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
AddRemove-4shared Desktop - c:\program files\4shared Desktop\uninstall.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\mqsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhost.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVG\AVG2012\avgcfgex.exe
.
**************************************************************************
.
Completion time: 2012-10-23 19:31:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-23 23:31
.
Pre-Run: 179,579,080,704 bytes free
Post-Run: 186,488,676,352 bytes free
.
- - End Of File - - 9781DF3E2656FFCCB023C675B21C13C2


No problems (aside from it taking awhile) Haha, I'm bad at waiting
Checking Internet Explorer, done a few searches without being redirected looks great! Thank you guys so much for what you do! You saved our work computer

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:32 AM

Posted 23 October 2012 - 07:13 PM

Hello


:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: AVG Anti-Virus Free Edition 2012
AV: ESET Smart Security 5.2
AV: Microsoft Security Essentials


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Lexxiaa

Lexxiaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 25 October 2012 - 08:33 AM

TDSSKiller REPORT
09:17:46.0873 2284 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
09:17:47.0119 2284 ============================================================
09:17:47.0119 2284 Current date / time: 2012/10/25 09:17:47.0119
09:17:47.0119 2284 SystemInfo:
09:17:47.0119 2284
09:17:47.0119 2284 OS Version: 6.1.7601 ServicePack: 1.0
09:17:47.0119 2284 Product type: Workstation
09:17:47.0119 2284 ComputerName: INDIAN-MID
09:17:47.0119 2284 UserName: IndianTrailMiddle
09:17:47.0119 2284 Windows directory: C:\Windows
09:17:47.0119 2284 System windows directory: C:\Windows
09:17:47.0119 2284 Processor architecture: Intel x86
09:17:47.0119 2284 Number of processors: 2
09:17:47.0119 2284 Page size: 0x1000
09:17:47.0120 2284 Boot type: Normal boot
09:17:47.0120 2284 ============================================================
09:17:48.0185 2284 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:17:48.0186 2284 ============================================================
09:17:48.0186 2284 \Device\Harddisk0\DR0:
09:17:48.0186 2284 MBR partitions:
09:17:48.0186 2284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x12C9000
09:17:48.0186 2284 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12DD000, BlocksNum 0x1BECB000
09:17:48.0186 2284 ============================================================
09:17:48.0212 2284 C: <-> \Device\Harddisk0\DR0\Partition2
09:17:48.0212 2284 ============================================================
09:17:48.0212 2284 Initialize success
09:17:48.0212 2284 ============================================================
09:17:55.0596 2972 ============================================================
09:17:55.0596 2972 Scan started
09:17:55.0596 2972 Mode: Manual;
09:17:55.0596 2972 ============================================================
09:17:55.0958 2972 ================ Scan system memory ========================
09:17:55.0959 2972 System memory - ok
09:17:55.0959 2972 ================ Scan services =============================
09:17:56.0091 2972 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:17:56.0094 2972 1394ohci - ok
09:17:56.0125 2972 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:17:56.0128 2972 ACPI - ok
09:17:56.0154 2972 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:17:56.0155 2972 AcpiPmi - ok
09:17:56.0269 2972 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:17:56.0271 2972 AdobeARMservice - ok
09:17:56.0308 2972 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:17:56.0313 2972 adp94xx - ok
09:17:56.0325 2972 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:17:56.0329 2972 adpahci - ok
09:17:56.0338 2972 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:17:56.0341 2972 adpu320 - ok
09:17:56.0383 2972 [ 9067A7689D108C4F15ED2FCF2C572B5C ] AE1000 C:\Windows\system32\DRIVERS\ae1000w7.sys
09:17:56.0423 2972 AE1000 - ok
09:17:56.0446 2972 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:17:56.0446 2972 AeLookupSvc - ok
09:17:56.0480 2972 [ 7A841462AD4749F8A07B27AE8E8947B8 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
09:17:56.0481 2972 AERTFilters - ok
09:17:56.0522 2972 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
09:17:56.0526 2972 AFD - ok
09:17:56.0556 2972 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:17:56.0557 2972 agp440 - ok
09:17:56.0583 2972 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:17:56.0584 2972 aic78xx - ok
09:17:56.0612 2972 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
09:17:56.0613 2972 ALG - ok
09:17:56.0640 2972 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
09:17:56.0641 2972 aliide - ok
09:17:56.0673 2972 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:17:56.0675 2972 amdagp - ok
09:17:56.0709 2972 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
09:17:56.0710 2972 amdide - ok
09:17:56.0731 2972 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:17:56.0733 2972 AmdK8 - ok
09:17:56.0746 2972 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:17:56.0747 2972 AmdPPM - ok
09:17:56.0782 2972 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:17:56.0784 2972 amdsata - ok
09:17:56.0796 2972 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:17:56.0798 2972 amdsbs - ok
09:17:56.0806 2972 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:17:56.0820 2972 amdxata - ok
09:17:56.0855 2972 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
09:17:56.0859 2972 androidusb - ok
09:17:56.0894 2972 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
09:17:56.0896 2972 AppID - ok
09:17:56.0931 2972 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:17:56.0932 2972 AppIDSvc - ok
09:17:56.0963 2972 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
09:17:56.0964 2972 Appinfo - ok
09:17:57.0043 2972 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:17:57.0045 2972 Apple Mobile Device - ok
09:17:57.0070 2972 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
09:17:57.0072 2972 AppMgmt - ok
09:17:57.0097 2972 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:17:57.0099 2972 arc - ok
09:17:57.0107 2972 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:17:57.0109 2972 arcsas - ok
09:17:57.0197 2972 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:17:57.0198 2972 aspnet_state - ok
09:17:57.0220 2972 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:17:57.0234 2972 AsyncMac - ok
09:17:57.0258 2972 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
09:17:57.0259 2972 atapi - ok
09:17:57.0288 2972 [ FCF685F3D5458121C568F268D4D90EE5 ] atashost C:\Windows\system32\atashost.exe
09:17:57.0290 2972 atashost - ok
09:17:57.0332 2972 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:17:57.0337 2972 AudioEndpointBuilder - ok
09:17:57.0348 2972 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:17:57.0351 2972 Audiosrv - ok
09:17:57.0509 2972 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
09:17:57.0593 2972 AVGIDSAgent - ok
09:17:57.0620 2972 AVGIDSDriver - ok
09:17:57.0623 2972 AVGIDSFilter - ok
09:17:57.0628 2972 AVGIDSHX - ok
09:17:57.0633 2972 AVGIDSShim - ok
09:17:57.0650 2972 Avgrkx86 - ok
09:17:57.0655 2972 Avgtdix - ok
09:17:57.0685 2972 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:17:57.0686 2972 avgwd - ok
09:17:57.0720 2972 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:17:57.0722 2972 AxInstSV - ok
09:17:57.0754 2972 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:17:57.0759 2972 b06bdrv - ok
09:17:57.0784 2972 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:17:57.0818 2972 b57nd60x - ok
09:17:57.0847 2972 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:17:57.0849 2972 BDESVC - ok
09:17:57.0856 2972 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:17:57.0858 2972 Beep - ok
09:17:57.0908 2972 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
09:17:57.0913 2972 BFE - ok
09:17:57.0955 2972 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
09:17:57.0973 2972 BITS - ok
09:17:57.0981 2972 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:17:57.0995 2972 blbdrive - ok
09:17:58.0066 2972 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:17:58.0070 2972 Bonjour Service - ok
09:17:58.0099 2972 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:17:58.0114 2972 bowser - ok
09:17:58.0132 2972 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:17:58.0133 2972 BrFiltLo - ok
09:17:58.0140 2972 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:17:58.0141 2972 BrFiltUp - ok
09:17:58.0159 2972 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:17:58.0184 2972 BridgeMP - ok
09:17:58.0215 2972 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
09:17:58.0217 2972 Browser - ok
09:17:58.0231 2972 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:17:58.0234 2972 Brserid - ok
09:17:58.0242 2972 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:17:58.0243 2972 BrSerWdm - ok
09:17:58.0253 2972 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:17:58.0254 2972 BrUsbMdm - ok
09:17:58.0259 2972 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:17:58.0260 2972 BrUsbSer - ok
09:17:58.0305 2972 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
09:17:58.0307 2972 BthEnum - ok
09:17:58.0311 2972 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:17:58.0313 2972 BTHMODEM - ok
09:17:58.0346 2972 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:17:58.0361 2972 BthPan - ok
09:17:58.0386 2972 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
09:17:58.0390 2972 BTHPORT - ok
09:17:58.0424 2972 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
09:17:58.0426 2972 bthserv - ok
09:17:58.0453 2972 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
09:17:58.0454 2972 BTHUSB - ok
09:17:58.0529 2972 catchme - ok
09:17:58.0549 2972 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:17:58.0564 2972 cdfs - ok
09:17:58.0607 2972 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:17:58.0634 2972 cdrom - ok
09:17:58.0665 2972 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
09:17:58.0667 2972 CertPropSvc - ok
09:17:58.0682 2972 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:17:58.0683 2972 circlass - ok
09:17:58.0710 2972 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
09:17:58.0713 2972 CLFS - ok
09:17:58.0743 2972 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:17:58.0745 2972 clr_optimization_v2.0.50727_32 - ok
09:17:58.0776 2972 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:17:58.0778 2972 clr_optimization_v4.0.30319_32 - ok
09:17:58.0789 2972 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:17:58.0790 2972 CmBatt - ok
09:17:58.0822 2972 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:17:58.0823 2972 cmdide - ok
09:17:58.0858 2972 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
09:17:58.0865 2972 CNG - ok
09:17:58.0875 2972 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:17:58.0876 2972 Compbatt - ok
09:17:58.0900 2972 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:17:58.0902 2972 CompositeBus - ok
09:17:58.0915 2972 COMSysApp - ok
09:17:58.0930 2972 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:17:58.0931 2972 crcdisk - ok
09:17:58.0974 2972 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:17:58.0976 2972 CryptSvc - ok
09:17:59.0015 2972 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
09:17:59.0041 2972 CSC - ok
09:17:59.0079 2972 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
09:17:59.0085 2972 CscService - ok
09:17:59.0102 2972 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
09:17:59.0107 2972 DcomLaunch - ok
09:17:59.0127 2972 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:17:59.0130 2972 defragsvc - ok
09:17:59.0162 2972 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:17:59.0164 2972 DfsC - ok
09:17:59.0210 2972 [ F9F31A9F2A8C0DD0CEB6E380BF0985D4 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
09:17:59.0226 2972 dg_ssudbus - ok
09:17:59.0275 2972 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:17:59.0278 2972 Dhcp - ok
09:17:59.0302 2972 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
09:17:59.0303 2972 discache - ok
09:17:59.0332 2972 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:17:59.0346 2972 Disk - ok
09:17:59.0379 2972 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:17:59.0381 2972 Dnscache - ok
09:17:59.0415 2972 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
09:17:59.0418 2972 dot3svc - ok
09:17:59.0452 2972 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
09:17:59.0454 2972 DPS - ok
09:17:59.0477 2972 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:17:59.0533 2972 drmkaud - ok
09:17:59.0582 2972 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:17:59.0599 2972 DXGKrnl - ok
09:17:59.0634 2972 [ 8A45015E85A4DCE0086B9973F0FD9A20 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
09:17:59.0659 2972 eamonm - ok
09:17:59.0675 2972 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
09:17:59.0678 2972 EapHost - ok
09:17:59.0753 2972 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:17:59.0804 2972 ebdrv - ok
09:17:59.0838 2972 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
09:17:59.0840 2972 EFS - ok
09:17:59.0880 2972 [ 5412ED24FFFCA64E2F0168399B86C952 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
09:17:59.0896 2972 ehdrv - ok
09:17:59.0955 2972 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:17:59.0969 2972 ehRecvr - ok
09:17:59.0987 2972 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
09:17:59.0989 2972 ehSched - ok
09:18:00.0121 2972 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
09:18:00.0130 2972 ekrn - ok
09:18:00.0203 2972 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:18:00.0208 2972 elxstor - ok
09:18:00.0239 2972 [ 774BABCB1144513DC86992003740B774 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
09:18:00.0244 2972 epfw - ok
09:18:00.0272 2972 [ 2C22CC39309EE06AE870C183BF2A769D ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
09:18:00.0273 2972 EpfwLWF - ok
09:18:00.0306 2972 [ 2B4E5F01A4E786B422F4D617B51FA7D9 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
09:18:00.0321 2972 epfwwfp - ok
09:18:00.0379 2972 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:18:00.0380 2972 ErrDev - ok
09:18:00.0482 2972 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
09:18:00.0485 2972 EventSystem - ok
09:18:00.0519 2972 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
09:18:00.0534 2972 exfat - ok
09:18:00.0538 2972 ezyikktz - ok
09:18:00.0553 2972 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:18:00.0561 2972 fastfat - ok
09:18:00.0634 2972 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
09:18:00.0641 2972 Fax - ok
09:18:00.0660 2972 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:18:00.0664 2972 fdc - ok
09:18:00.0682 2972 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
09:18:00.0692 2972 fdPHost - ok
09:18:00.0703 2972 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
09:18:00.0705 2972 FDResPub - ok
09:18:00.0711 2972 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:18:00.0726 2972 FileInfo - ok
09:18:00.0746 2972 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:18:00.0760 2972 Filetrace - ok
09:18:00.0769 2972 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:18:00.0770 2972 flpydisk - ok
09:18:00.0798 2972 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:18:00.0824 2972 FltMgr - ok
09:18:00.0863 2972 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
09:18:00.0880 2972 FontCache - ok
09:18:00.0925 2972 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:18:00.0926 2972 FontCache3.0.0.0 - ok
09:18:00.0936 2972 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:18:00.0950 2972 FsDepends - ok
09:18:00.0988 2972 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:18:01.0000 2972 Fs_Rec - ok
09:18:01.0036 2972 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:18:01.0039 2972 fvevol - ok
09:18:01.0073 2972 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:18:01.0075 2972 gagp30kx - ok
09:18:01.0112 2972 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:18:01.0115 2972 GEARAspiWDM - ok
09:18:01.0147 2972 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
09:18:01.0164 2972 gpsvc - ok
09:18:01.0244 2972 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:18:01.0246 2972 gupdate - ok
09:18:01.0259 2972 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:18:01.0260 2972 gupdatem - ok
09:18:01.0269 2972 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:18:01.0270 2972 hcw85cir - ok
09:18:01.0297 2972 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:18:01.0299 2972 HDAudBus - ok
09:18:01.0308 2972 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:18:01.0309 2972 HidBatt - ok
09:18:01.0322 2972 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:18:01.0323 2972 HidBth - ok
09:18:01.0343 2972 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:18:01.0345 2972 HidIr - ok
09:18:01.0358 2972 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
09:18:01.0360 2972 hidserv - ok
09:18:01.0401 2972 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:18:01.0402 2972 HidUsb - ok
09:18:01.0428 2972 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:18:01.0430 2972 hkmsvc - ok
09:18:01.0462 2972 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:18:01.0465 2972 HomeGroupListener - ok
09:18:01.0505 2972 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:18:01.0515 2972 HomeGroupProvider - ok
09:18:01.0553 2972 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:18:01.0559 2972 HpSAMD - ok
09:18:01.0610 2972 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:18:01.0626 2972 HTTP - ok
09:18:01.0664 2972 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:18:01.0670 2972 hwpolicy - ok
09:18:01.0705 2972 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:18:01.0711 2972 i8042prt - ok
09:18:01.0773 2972 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:18:01.0789 2972 iaStorV - ok
09:18:01.0852 2972 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:18:01.0868 2972 idsvc - ok
09:18:01.0910 2972 [ CC8DBB39941DFED9DC34C463F0ED7660 ] IERA C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe
09:18:01.0913 2972 IERA - ok
09:18:02.0105 2972 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
09:18:02.0264 2972 igfx - ok
09:18:02.0303 2972 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:18:02.0304 2972 iirsp - ok
09:18:02.0352 2972 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
09:18:02.0370 2972 IKEEXT - ok
09:18:02.0441 2972 [ 94B1FF5D243D34B31380A2F79FC48959 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:18:02.0502 2972 IntcAzAudAddService - ok
09:18:02.0513 2972 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
09:18:02.0527 2972 intelide - ok
09:18:02.0557 2972 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:18:02.0558 2972 intelppm - ok
09:18:02.0576 2972 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:18:02.0579 2972 IPBusEnum - ok
09:18:02.0588 2972 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:18:02.0614 2972 IpFilterDriver - ok
09:18:02.0654 2972 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:18:02.0660 2972 iphlpsvc - ok
09:18:02.0689 2972 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:18:02.0691 2972 IPMIDRV - ok
09:18:02.0704 2972 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:18:02.0730 2972 IPNAT - ok
09:18:02.0787 2972 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:18:02.0803 2972 iPod Service - ok
09:18:02.0871 2972 [ D8107EAE1BAE51F2BE30B7FE95FB2F7F ] IQ.Core.UpdateFoundation.WindowsService C:\Program Files\iQmetrix\IQ.Core.UpdateFoundation.WindowsService.exe
09:18:02.0872 2972 IQ.Core.UpdateFoundation.WindowsService - ok
09:18:02.0898 2972 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:18:02.0911 2972 IRENUM - ok
09:18:02.0947 2972 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:18:02.0948 2972 isapnp - ok
09:18:02.0982 2972 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:18:02.0985 2972 iScsiPrt - ok
09:18:03.0008 2972 [ 7EA81534E80570BDF6EE4A4248BBA4D6 ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
09:18:03.0042 2972 k57nd60x - ok
09:18:03.0068 2972 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:18:03.0069 2972 kbdclass - ok
09:18:03.0080 2972 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:18:03.0081 2972 kbdhid - ok
09:18:03.0088 2972 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
09:18:03.0089 2972 KeyIso - ok
09:18:03.0115 2972 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:18:03.0118 2972 KSecDD - ok
09:18:03.0149 2972 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:18:03.0175 2972 KSecPkg - ok
09:18:03.0207 2972 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
09:18:03.0212 2972 KtmRm - ok
09:18:03.0238 2972 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
09:18:03.0242 2972 LanmanServer - ok
09:18:03.0264 2972 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:18:03.0267 2972 LanmanWorkstation - ok
09:18:03.0304 2972 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:18:03.0318 2972 lltdio - ok
09:18:03.0348 2972 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:18:03.0352 2972 lltdsvc - ok
09:18:03.0362 2972 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
09:18:03.0364 2972 lmhosts - ok
09:18:03.0452 2972 [ C6A4FA0BEED6E4198DDD8B8EE136CF80 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
09:18:03.0456 2972 LMIGuardianSvc - ok
09:18:03.0475 2972 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
09:18:03.0476 2972 LMIInfo - ok
09:18:03.0507 2972 [ 6295A19E8A6486FF8A13A1B2F4E461E0 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
09:18:03.0509 2972 LMIMaint - ok
09:18:03.0513 2972 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
09:18:03.0526 2972 lmimirr - ok
09:18:03.0558 2972 LMIRfsClientNP - ok
09:18:03.0573 2972 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
09:18:03.0575 2972 LMIRfsDriver - ok
09:18:03.0588 2972 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
09:18:03.0593 2972 LogMeIn - ok
09:18:03.0642 2972 [ 9A84F41E421287A712C90E5384400E4F ] LPDSVC C:\Windows\system32\lpdsvc.dll
09:18:03.0644 2972 LPDSVC - ok
09:18:03.0679 2972 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:18:03.0680 2972 LSI_FC - ok
09:18:03.0691 2972 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:18:03.0693 2972 LSI_SAS - ok
09:18:03.0701 2972 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:18:03.0702 2972 LSI_SAS2 - ok
09:18:03.0712 2972 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:18:03.0713 2972 LSI_SCSI - ok
09:18:03.0741 2972 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
09:18:03.0743 2972 luafv - ok
09:18:03.0792 2972 [ B6E1CCD6572984ADCAE68439AFD07011 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
09:18:04.0092 2972 LVRS - ok
09:18:04.0196 2972 [ 6C42815DD57E397F0CD988304B5EB4B3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
09:18:04.0290 2972 LVUVC - ok
09:18:04.0336 2972 [ 3C7B3072C3C5CC23F5FD46F8DFDA7480 ] massfilter_hs C:\Windows\system32\drivers\massfilter_hs.sys
09:18:04.0337 2972 massfilter_hs - ok
09:18:04.0370 2972 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:18:04.0372 2972 MBAMProtector - ok
09:18:04.0424 2972 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:18:04.0428 2972 MBAMScheduler - ok
09:18:04.0444 2972 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:18:04.0459 2972 MBAMService - ok
09:18:04.0487 2972 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:18:04.0490 2972 Mcx2Svc - ok
09:18:04.0506 2972 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:18:04.0507 2972 megasas - ok
09:18:04.0526 2972 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:18:04.0529 2972 MegaSR - ok
09:18:04.0567 2972 Microsoft SharePoint Workspace Audit Service - ok
09:18:04.0589 2972 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
09:18:04.0591 2972 MMCSS - ok
09:18:04.0601 2972 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:18:04.0615 2972 Modem - ok
09:18:04.0643 2972 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:18:04.0644 2972 monitor - ok
09:18:04.0688 2972 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:18:04.0703 2972 mouclass - ok
09:18:04.0733 2972 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:18:04.0747 2972 mouhid - ok
09:18:04.0778 2972 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:18:04.0780 2972 mountmgr - ok
09:18:04.0820 2972 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:18:04.0822 2972 MozillaMaintenance - ok
09:18:04.0856 2972 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
09:18:04.0858 2972 mpio - ok
09:18:04.0869 2972 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:18:04.0884 2972 mpsdrv - ok
09:18:04.0923 2972 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:18:04.0940 2972 MpsSvc - ok
09:18:04.0986 2972 [ A5888C609EFCC07B060DD823FA3D474A ] MQAC C:\Windows\system32\drivers\mqac.sys
09:18:04.0990 2972 MQAC - ok
09:18:05.0022 2972 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:18:05.0024 2972 MRxDAV - ok
09:18:05.0090 2972 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:18:05.0105 2972 mrxsmb - ok
09:18:05.0158 2972 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:18:05.0217 2972 mrxsmb10 - ok
09:18:05.0234 2972 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:18:05.0265 2972 mrxsmb20 - ok
09:18:05.0376 2972 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
09:18:05.0407 2972 msahci - ok
09:18:05.0422 2972 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:18:05.0423 2972 msdsm - ok
09:18:05.0437 2972 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
09:18:05.0440 2972 MSDTC - ok
09:18:05.0468 2972 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:18:05.0470 2972 Msfs - ok
09:18:05.0475 2972 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:18:05.0477 2972 mshidkmdf - ok
09:18:05.0485 2972 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:18:05.0499 2972 msisadrv - ok
09:18:05.0527 2972 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:18:05.0530 2972 MSiSCSI - ok
09:18:05.0533 2972 msiserver - ok
09:18:05.0552 2972 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:18:05.0554 2972 MSKSSRV - ok
09:18:05.0575 2972 [ E582B9E88EF4980C3B76276620FE667B ] MSMQ C:\Windows\system32\mqsvc.exe
09:18:05.0577 2972 MSMQ - ok
09:18:05.0584 2972 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:18:05.0598 2972 MSPCLOCK - ok
09:18:05.0618 2972 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:18:05.0620 2972 MSPQM - ok
09:18:05.0646 2972 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:18:05.0649 2972 MsRPC - ok
09:18:05.0680 2972 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:18:05.0681 2972 mssmbios - ok
09:18:05.0693 2972 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:18:05.0705 2972 MSTEE - ok
09:18:05.0725 2972 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:18:05.0726 2972 MTConfig - ok
09:18:05.0732 2972 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:18:05.0735 2972 Mup - ok
09:18:05.0768 2972 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
09:18:05.0771 2972 napagent - ok
09:18:05.0790 2972 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:18:05.0832 2972 NativeWifiP - ok
09:18:05.0879 2972 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:18:05.0896 2972 NDIS - ok
09:18:05.0905 2972 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:18:05.0918 2972 NdisCap - ok
09:18:05.0939 2972 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:18:05.0941 2972 NdisTapi - ok
09:18:05.0970 2972 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:18:05.0984 2972 Ndisuio - ok
09:18:06.0015 2972 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:18:06.0030 2972 NdisWan - ok
09:18:06.0059 2972 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:18:06.0061 2972 NDProxy - ok
09:18:06.0081 2972 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:18:06.0103 2972 NetBIOS - ok
09:18:06.0135 2972 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:18:06.0137 2972 NetBT - ok
09:18:06.0146 2972 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
09:18:06.0147 2972 Netlogon - ok
09:18:06.0173 2972 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
09:18:06.0178 2972 Netman - ok
09:18:06.0209 2972 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:18:06.0211 2972 NetMsmqActivator - ok
09:18:06.0214 2972 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:18:06.0216 2972 NetPipeActivator - ok
09:18:06.0235 2972 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
09:18:06.0241 2972 netprofm - ok
09:18:06.0256 2972 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:18:06.0257 2972 NetTcpActivator - ok
09:18:06.0261 2972 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:18:06.0262 2972 NetTcpPortSharing - ok
09:18:06.0289 2972 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:18:06.0291 2972 nfrd960 - ok
09:18:06.0330 2972 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:18:06.0334 2972 NlaSvc - ok
09:18:06.0345 2972 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:18:06.0346 2972 Npfs - ok
09:18:06.0359 2972 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
09:18:06.0361 2972 nsi - ok
09:18:06.0366 2972 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:18:06.0367 2972 nsiproxy - ok
09:18:06.0415 2972 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:18:06.0441 2972 Ntfs - ok
09:18:06.0455 2972 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
09:18:06.0456 2972 Null - ok
09:18:06.0488 2972 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:18:06.0490 2972 nvraid - ok
09:18:06.0516 2972 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:18:06.0519 2972 nvstor - ok
09:18:06.0554 2972 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:18:06.0556 2972 nv_agp - ok
09:18:06.0585 2972 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:18:06.0587 2972 ohci1394 - ok
09:18:06.0667 2972 [ 8B40A0A5AF67F55DDD761940FD9CC01C ] OrbisClient.Services C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe
09:18:06.0668 2972 OrbisClient.Services - ok
09:18:06.0713 2972 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:18:06.0715 2972 ose - ok
09:18:06.0834 2972 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:18:06.0910 2972 osppsvc - ok
09:18:06.0932 2972 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:18:06.0937 2972 p2pimsvc - ok
09:18:06.0962 2972 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:18:06.0967 2972 p2psvc - ok
09:18:06.0986 2972 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:18:06.0988 2972 Parport - ok
09:18:07.0014 2972 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:18:07.0040 2972 partmgr - ok
09:18:07.0046 2972 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:18:07.0048 2972 Parvdm - ok
09:18:07.0058 2972 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:18:07.0061 2972 PcaSvc - ok
09:18:07.0093 2972 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
09:18:07.0110 2972 pci - ok
09:18:07.0123 2972 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
09:18:07.0137 2972 pciide - ok
09:18:07.0149 2972 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:18:07.0152 2972 pcmcia - ok
09:18:07.0163 2972 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
09:18:07.0177 2972 pcw - ok
09:18:07.0209 2972 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:18:07.0225 2972 PEAUTH - ok
09:18:07.0266 2972 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:18:07.0291 2972 PeerDistSvc - ok
09:18:07.0349 2972 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
09:18:07.0384 2972 pla - ok
09:18:07.0407 2972 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:18:07.0412 2972 PlugPlay - ok
09:18:07.0430 2972 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:18:07.0432 2972 PNRPAutoReg - ok
09:18:07.0449 2972 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:18:07.0452 2972 PNRPsvc - ok
09:18:07.0468 2972 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:18:07.0473 2972 PolicyAgent - ok
09:18:07.0501 2972 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
09:18:07.0504 2972 Power - ok
09:18:07.0529 2972 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:18:07.0544 2972 PptpMiniport - ok
09:18:07.0581 2972 [ 57E95881E5F014816A8A53AD94EE0C48 ] PRISM_A02 C:\Windows\system32\DRIVERS\WUSB20XP.sys
09:18:07.0607 2972 PRISM_A02 - ok
09:18:07.0620 2972 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:18:07.0622 2972 Processor - ok
09:18:07.0664 2972 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
09:18:07.0668 2972 ProfSvc - ok
09:18:07.0679 2972 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:18:07.0681 2972 ProtectedStorage - ok
09:18:07.0702 2972 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:18:07.0704 2972 Psched - ok
09:18:07.0734 2972 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:18:07.0760 2972 ql2300 - ok
09:18:07.0774 2972 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:18:07.0776 2972 ql40xx - ok
09:18:07.0811 2972 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
09:18:07.0815 2972 QWAVE - ok
09:18:07.0825 2972 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:18:07.0827 2972 QWAVEdrv - ok
09:18:07.0833 2972 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:18:07.0847 2972 RasAcd - ok
09:18:07.0885 2972 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:18:07.0899 2972 RasAgileVpn - ok
09:18:07.0914 2972 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
09:18:07.0917 2972 RasAuto - ok
09:18:07.0931 2972 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:18:07.0947 2972 Rasl2tp - ok
09:18:08.0000 2972 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
09:18:08.0004 2972 RasMan - ok
09:18:08.0015 2972 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:18:08.0030 2972 RasPppoe - ok
09:18:08.0043 2972 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:18:08.0060 2972 RasSstp - ok
09:18:08.0088 2972 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:18:08.0130 2972 rdbss - ok
09:18:08.0138 2972 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:18:08.0152 2972 rdpbus - ok
09:18:08.0177 2972 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:18:08.0178 2972 RDPCDD - ok
09:18:08.0215 2972 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:18:08.0219 2972 RDPDR - ok
09:18:08.0242 2972 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:18:08.0243 2972 RDPENCDD - ok
09:18:08.0253 2972 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:18:08.0255 2972 RDPREFMP - ok
09:18:08.0287 2972 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:18:08.0290 2972 RDPWD - ok
09:18:08.0322 2972 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:18:08.0347 2972 rdyboost - ok
09:18:08.0369 2972 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
09:18:08.0372 2972 RemoteAccess - ok
09:18:08.0389 2972 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:18:08.0393 2972 RemoteRegistry - ok
09:18:08.0431 2972 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
09:18:08.0447 2972 RFCOMM - ok
09:18:08.0486 2972 [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
09:18:08.0500 2972 RimUsb - ok
09:18:08.0520 2972 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:18:08.0522 2972 RpcEptMapper - ok
09:18:08.0538 2972 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
09:18:08.0540 2972 RpcLocator - ok
09:18:08.0567 2972 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
09:18:08.0571 2972 RpcSs - ok
09:18:08.0597 2972 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:18:08.0623 2972 rspndr - ok
09:18:08.0654 2972 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:18:08.0655 2972 s3cap - ok
09:18:08.0662 2972 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
09:18:08.0664 2972 SamSs - ok
09:18:08.0684 2972 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:18:08.0686 2972 sbp2port - ok
09:18:08.0698 2972 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:18:08.0702 2972 SCardSvr - ok
09:18:08.0727 2972 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:18:08.0729 2972 scfilter - ok
09:18:08.0769 2972 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
09:18:08.0786 2972 Schedule - ok
09:18:08.0822 2972 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:18:08.0823 2972 SCPolicySvc - ok
09:18:08.0852 2972 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:18:08.0856 2972 SDRSVC - ok
09:18:08.0876 2972 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:18:08.0878 2972 secdrv - ok
09:18:08.0900 2972 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
09:18:08.0902 2972 seclogon - ok
09:18:08.0919 2972 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
09:18:08.0922 2972 SENS - ok
09:18:08.0941 2972 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:18:08.0944 2972 SensrSvc - ok
09:18:08.0949 2972 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:18:08.0963 2972 Serenum - ok
09:18:08.0976 2972 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:18:08.0991 2972 Serial - ok
09:18:09.0016 2972 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:18:09.0018 2972 sermouse - ok
09:18:09.0060 2972 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
09:18:09.0063 2972 SessionEnv - ok
09:18:09.0094 2972 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:18:09.0095 2972 sffdisk - ok
09:18:09.0102 2972 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:18:09.0103 2972 sffp_mmc - ok
09:18:09.0115 2972 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:18:09.0116 2972 sffp_sd - ok
09:18:09.0128 2972 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:18:09.0129 2972 sfloppy - ok
09:18:09.0164 2972 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:18:09.0168 2972 SharedAccess - ok
09:18:09.0204 2972 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:18:09.0209 2972 ShellHWDetection - ok
09:18:09.0219 2972 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:18:09.0221 2972 sisagp - ok
09:18:09.0237 2972 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:18:09.0238 2972 SiSRaid2 - ok
09:18:09.0253 2972 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:18:09.0255 2972 SiSRaid4 - ok
09:18:09.0279 2972 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:18:09.0294 2972 Smb - ok
09:18:09.0316 2972 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:18:09.0318 2972 SNMPTRAP - ok
09:18:09.0329 2972 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:18:09.0330 2972 spldr - ok
09:18:09.0371 2972 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
09:18:09.0376 2972 Spooler - ok
09:18:09.0440 2972 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
09:18:09.0491 2972 sppsvc - ok
09:18:09.0519 2972 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:18:09.0522 2972 sppuinotify - ok
09:18:09.0554 2972 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:18:09.0596 2972 srv - ok
09:18:09.0615 2972 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:18:09.0649 2972 srv2 - ok
09:18:09.0655 2972 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:18:09.0682 2972 srvnet - ok
09:18:09.0730 2972 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
09:18:09.0746 2972 ssadbus - ok
09:18:09.0812 2972 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
09:18:09.0825 2972 ssadmdfl - ok
09:18:09.0877 2972 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
09:18:09.0904 2972 ssadmdm - ok
09:18:09.0934 2972 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:18:09.0937 2972 SSDPSRV - ok
09:18:09.0945 2972 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:18:09.0948 2972 SstpSvc - ok
09:18:09.0992 2972 [ 07318149E102FD9197AB444C27774372 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
09:18:10.0017 2972 ssudmdm - ok
09:18:10.0034 2972 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:18:10.0035 2972 stexstor - ok
09:18:10.0077 2972 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
09:18:10.0091 2972 StiSvc - ok
09:18:10.0099 2972 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:18:10.0113 2972 storflt - ok
09:18:10.0132 2972 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
09:18:10.0135 2972 StorSvc - ok
09:18:10.0179 2972 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:18:10.0181 2972 storvsc - ok
09:18:10.0213 2972 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
09:18:10.0214 2972 swenum - ok
09:18:10.0252 2972 [ FDBD13CE3B3FC298E7FBB98B026F1ECB ] swg3kser00 C:\Windows\system32\DRIVERS\swg3kser00.sys
09:18:10.0259 2972 swg3kser00 - ok
09:18:10.0287 2972 [ C61566BE5B8DA87F1B2BD3D9EC08592D ] swiwdmbx C:\Windows\system32\DRIVERS\swiwdmbx.sys
09:18:10.0293 2972 swiwdmbx - ok
09:18:10.0339 2972 [ 15B1F86BE65894F24A2364E063F4F9D4 ] SWNC8UA3 C:\Windows\system32\DRIVERS\swnc8ua3.sys
09:18:10.0365 2972 SWNC8UA3 - ok
09:18:10.0391 2972 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
09:18:10.0396 2972 swprv - ok
09:18:10.0477 2972 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
09:18:10.0504 2972 SysMain - ok
09:18:10.0531 2972 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:18:10.0535 2972 TabletInputService - ok
09:18:10.0564 2972 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
09:18:10.0568 2972 TapiSrv - ok
09:18:10.0575 2972 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
09:18:10.0578 2972 TBS - ok
09:18:10.0629 2972 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:18:10.0678 2972 Tcpip - ok
09:18:10.0698 2972 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:18:10.0704 2972 TCPIP6 - ok
09:18:10.0737 2972 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:18:10.0762 2972 tcpipreg - ok
09:18:10.0786 2972 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:18:10.0800 2972 TDPIPE - ok
09:18:10.0830 2972 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:18:10.0844 2972 TDTCP - ok
09:18:10.0877 2972 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:18:10.0903 2972 tdx - ok
09:18:11.0025 2972 [ 1C46C27E9F1938B9589859C70450D275 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
09:18:11.0068 2972 TeamViewer6 - ok
09:18:11.0105 2972 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:18:11.0107 2972 TermDD - ok
09:18:11.0139 2972 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
09:18:11.0155 2972 TermService - ok
09:18:11.0173 2972 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
09:18:11.0175 2972 Themes - ok
09:18:11.0180 2972 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
09:18:11.0182 2972 THREADORDER - ok
09:18:11.0204 2972 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
09:18:11.0207 2972 TrkWks - ok
09:18:11.0259 2972 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:18:11.0262 2972 TrustedInstaller - ok
09:18:11.0292 2972 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:18:11.0334 2972 tssecsrv - ok
09:18:11.0369 2972 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:18:11.0384 2972 TsUsbFlt - ok
09:18:11.0431 2972 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:18:11.0446 2972 tunnel - ok
09:18:11.0468 2972 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:18:11.0470 2972 uagp35 - ok
09:18:11.0505 2972 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:18:11.0547 2972 udfs - ok
09:18:11.0568 2972 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:18:11.0572 2972 UI0Detect - ok
09:18:11.0603 2972 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:18:11.0605 2972 uliagpkx - ok
09:18:11.0642 2972 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
09:18:11.0644 2972 umbus - ok
09:18:11.0658 2972 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:18:11.0660 2972 UmPass - ok
09:18:11.0692 2972 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
09:18:11.0697 2972 UmRdpService - ok
09:18:11.0741 2972 [ 8B802B483CBDE06F62DBC04DC7AFAF8E ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
09:18:11.0746 2972 UMVPFSrv - ok
09:18:11.0760 2972 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
09:18:11.0764 2972 upnphost - ok
09:18:11.0798 2972 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
09:18:11.0799 2972 USBAAPL - ok
09:18:11.0829 2972 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:18:11.0832 2972 usbaudio - ok
09:18:11.0864 2972 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:18:11.0866 2972 usbccgp - ok
09:18:11.0903 2972 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:18:11.0905 2972 usbcir - ok
09:18:11.0931 2972 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:18:11.0933 2972 usbehci - ok
09:18:11.0955 2972 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:18:11.0982 2972 usbhub - ok
09:18:12.0017 2972 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:18:12.0018 2972 usbohci - ok
09:18:12.0038 2972 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:18:12.0040 2972 usbprint - ok
09:18:12.0050 2972 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:18:12.0065 2972 USBSTOR - ok
09:18:12.0091 2972 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:18:12.0092 2972 usbuhci - ok
09:18:12.0111 2972 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
09:18:12.0114 2972 UxSms - ok
09:18:12.0121 2972 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
09:18:12.0123 2972 VaultSvc - ok
09:18:12.0141 2972 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:18:12.0155 2972 vdrvroot - ok
09:18:12.0199 2972 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
09:18:12.0216 2972 vds - ok
09:18:12.0236 2972 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:18:12.0251 2972 vga - ok
09:18:12.0259 2972 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:18:12.0261 2972 VgaSave - ok
09:18:12.0290 2972 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:18:12.0293 2972 vhdmp - ok
09:18:12.0315 2972 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:18:12.0317 2972 viaagp - ok
09:18:12.0326 2972 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:18:12.0328 2972 ViaC7 - ok
09:18:12.0354 2972 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
09:18:12.0356 2972 viaide - ok
09:18:12.0386 2972 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:18:12.0390 2972 vmbus - ok
09:18:12.0417 2972 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:18:12.0418 2972 VMBusHID - ok
09:18:12.0432 2972 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:18:12.0457 2972 volmgr - ok
09:18:12.0471 2972 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:18:12.0475 2972 volmgrx - ok
09:18:12.0484 2972 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:18:12.0518 2972 volsnap - ok
09:18:12.0544 2972 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:18:12.0546 2972 vsmraid - ok
09:18:12.0587 2972 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
09:18:12.0613 2972 VSS - ok
09:18:12.0625 2972 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:18:12.0639 2972 vwifibus - ok
09:18:12.0660 2972 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:18:12.0686 2972 vwififlt - ok
09:18:12.0698 2972 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:18:12.0712 2972 vwifimp - ok
09:18:12.0737 2972 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
09:18:12.0743 2972 W32Time - ok
09:18:12.0762 2972 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:18:12.0763 2972 WacomPen - ok
09:18:12.0791 2972 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:18:12.0805 2972 WANARP - ok
09:18:12.0808 2972 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:18:12.0809 2972 Wanarpv6 - ok
09:18:12.0849 2972 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:18:12.0875 2972 WatAdminSvc - ok
09:18:12.0904 2972 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
09:18:12.0930 2972 wbengine - ok
09:18:12.0948 2972 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:18:12.0952 2972 WbioSrvc - ok
09:18:12.0989 2972 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:18:12.0994 2972 wcncsvc - ok
09:18:13.0004 2972 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:18:13.0007 2972 WcsPlugInService - ok
09:18:13.0032 2972 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:18:13.0034 2972 Wd - ok
09:18:13.0048 2972 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:18:13.0090 2972 Wdf01000 - ok
09:18:13.0098 2972 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:18:13.0102 2972 WdiServiceHost - ok
09:18:13.0105 2972 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:18:13.0108 2972 WdiSystemHost - ok
09:18:13.0139 2972 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
09:18:13.0144 2972 WebClient - ok
09:18:13.0152 2972 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:18:13.0157 2972 Wecsvc - ok
09:18:13.0164 2972 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:18:13.0167 2972 wercplsupport - ok
09:18:13.0182 2972 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:18:13.0186 2972 WerSvc - ok
09:18:13.0203 2972 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:18:13.0217 2972 WfpLwf - ok
09:18:13.0227 2972 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:18:13.0241 2972 WIMMount - ok
09:18:13.0289 2972 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:18:13.0305 2972 WinDefend - ok
09:18:13.0319 2972 WinHttpAutoProxySvc - ok
09:18:13.0366 2972 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:18:13.0368 2972 Winmgmt - ok
09:18:13.0416 2972 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
09:18:13.0442 2972 WinRM - ok
09:18:13.0495 2972 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:18:13.0496 2972 WinUsb - ok
09:18:13.0532 2972 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:18:13.0558 2972 Wlansvc - ok
09:18:13.0596 2972 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:18:13.0597 2972 WmiAcpi - ok
09:18:13.0612 2972 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:18:13.0615 2972 wmiApSrv - ok
09:18:13.0695 2972 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:18:13.0720 2972 WMPNetworkSvc - ok
09:18:13.0733 2972 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:18:13.0736 2972 WPCSvc - ok
09:18:13.0764 2972 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:18:13.0768 2972 WPDBusEnum - ok
09:18:13.0785 2972 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:18:13.0787 2972 ws2ifsl - ok
09:18:13.0801 2972 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
09:18:13.0804 2972 wscsvc - ok
09:18:13.0807 2972 WSearch - ok
09:18:13.0868 2972 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:18:13.0902 2972 wuauserv - ok
09:18:13.0906 2972 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:18:13.0922 2972 WudfPf - ok
09:18:13.0969 2972 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:18:13.0973 2972 WUDFRd - ok
09:18:14.0001 2972 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:18:14.0005 2972 wudfsvc - ok
09:18:14.0030 2972 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:18:14.0035 2972 WwanSvc - ok
09:18:14.0082 2972 [ 9D175477F8934E6A43E75BA4FBBC8D49 ] zghsmdm C:\Windows\system32\DRIVERS\zghsmdm.sys
09:18:14.0088 2972 zghsmdm - ok
09:18:14.0122 2972 ================ Scan global ===============================
09:18:14.0159 2972 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:18:14.0190 2972 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
09:18:14.0206 2972 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
09:18:14.0227 2972 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:18:14.0250 2972 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:18:14.0255 2972 [Global] - ok
09:18:14.0255 2972 ================ Scan MBR ==================================
09:18:14.0268 2972 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
09:18:14.0462 2972 \Device\Harddisk0\DR0 - ok
09:18:14.0462 2972 ================ Scan VBR ==================================
09:18:14.0464 2972 [ E25464955932E877D07A75E661932C19 ] \Device\Harddisk0\DR0\Partition1
09:18:14.0465 2972 \Device\Harddisk0\DR0\Partition1 - ok
09:18:14.0482 2972 [ 7FAD51CC6361DCF56EC73FA4C30221FA ] \Device\Harddisk0\DR0\Partition2
09:18:14.0483 2972 \Device\Harddisk0\DR0\Partition2 - ok
09:18:14.0484 2972 ============================================================
09:18:14.0484 2972 Scan finished
09:18:14.0484 2972 ============================================================
09:18:14.0492 0956 Detected object count: 0
09:18:14.0492 0956 Actual detected object count: 0



ASWMBR REPORT
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-25 09:19:04
-----------------------------
09:19:04.314 OS Version: Windows 6.1.7601 Service Pack 1
09:19:04.314 Number of processors: 2 586 0x170A
09:19:04.315 ComputerName: INDIAN-MID UserName:
09:19:05.159 Initialize success
09:22:21.634 AVAST engine defs: 12102501
09:22:31.275 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:22:31.276 Disk 0 Vendor: WDC_WD2500AAJS-75M0A0 02.03E02 Size: 238418MB BusType: 3
09:22:31.290 Disk 0 MBR read successfully
09:22:31.292 Disk 0 MBR scan
09:22:31.313 Disk 0 Windows VISTA default MBR code
09:22:31.315 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
09:22:31.332 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9618 MB offset 81920
09:22:31.345 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 228758 MB offset 19779584
09:22:31.351 Disk 0 scanning sectors +488275968
09:22:31.419 Disk 0 scanning C:\Windows\system32\drivers
09:22:48.789 Service scanning
09:23:12.874 Modules scanning
09:23:17.846 Disk 0 trace - called modules:
09:23:18.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
09:23:18.192 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e22360]
09:23:18.196 3 CLASSPNP.SYS[8900459e] -> nt!IofCallDriver -> [0x8594f918]
09:23:18.200 5 ACPI.sys[88c883d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x859db030]
09:23:19.172 AVAST engine scan C:\Windows
09:23:23.814 AVAST engine scan C:\Windows\system32
09:27:31.971 AVAST engine scan C:\Windows\system32\drivers
09:27:48.157 AVAST engine scan C:\Users\IndianTrailMiddle
09:30:13.147 Disk 0 MBR has been saved successfully to "C:\Users\IndianTrailMiddle\Desktop\MBR.dat"
09:30:13.154 The log file has been saved successfully to "C:\Users\IndianTrailMiddle\Desktop\aswMBR.txt"


No problems, removed all but Eset and still no redirects in IE

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:32 AM

Posted 25 October 2012 - 01:37 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Lexxiaa

Lexxiaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 25 October 2012 - 04:43 PM

ComboFix 12-10-23.01 - IndianTrailMiddle 10/25/2012 17:24:51.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2013.775 [GMT -4:00]
Running from: c:\users\IndianTrailMiddle\Downloads\ComboFix.exe
Command switches used :: c:\users\IndianTrailMiddle\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\INDIAN~1\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\users\IndianTrailMiddle\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
.
.
2012-10-25 21:31 . 2012-10-25 21:31 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-10-25 21:31 . 2012-10-25 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-25 14:01 . 2012-10-25 14:01 -------- d-----w- c:\users\IndianTrailMiddle\AppData\Roaming\AVG2012
2012-10-19 23:23 . 2012-10-19 23:25 -------- d-----w- c:\windows\system32\Adobe
2012-10-18 23:25 . 2012-10-18 23:25 -------- d-----w- c:\users\IndianTrailMiddle\AppData\Local\ESET
2012-10-18 23:15 . 2012-10-18 23:15 -------- d-----w- c:\program files\ESET
2012-10-18 22:56 . 2012-10-18 22:56 -------- d--h--w- c:\windows\msdownld.tmp
2012-10-18 22:00 . 2012-10-18 22:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-10-18 21:22 . 2012-10-18 21:22 -------- d-----w- c:\program files\uTorrent
2012-10-18 21:22 . 2012-10-18 22:27 -------- d-----w- c:\users\IndianTrailMiddle\AppData\Roaming\uTorrent
2012-10-16 14:15 . 2012-10-16 14:15 -------- d-----r- c:\users\IndianTrailMiddle\Podcasts
2012-10-16 14:13 . 2012-10-16 14:13 -------- d-----w- c:\windows\system32\ms-MY
2012-09-26 13:04 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-25 21:32 . 2011-05-06 18:43 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-29 23:54 . 2011-12-06 18:28 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 06:59 . 2012-09-23 00:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-23 00:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-23 00:00 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 00:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 00:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-23 00:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 13:00 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 13:00 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 13:00 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 13:00 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 17:01 . 2012-09-19 22:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-06-11 13:34 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-02 16:57 . 2012-09-12 13:00 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-10-11 01:06 . 2012-10-18 22:00 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-03 21432]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-07-03 975288]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-07-03 3524536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
.
c:\users\IndianTrailMiddle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-29 23:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
R1 ezyikktz;ezyikktz;c:\windows\system32\drivers\ezyikktz.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 IERA;IERA;c:\program files\Sierra Wireless Inc\IERA\IERA.exe [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\swg3kser00.sys [x]
R3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\DRIVERS\swiwdmbx.sys [x]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 IQ.Core.UpdateFoundation.WindowsService;iQmetrix Installation Manager Service;c:\program files\iQmetrix\IQ.Core.UpdateFoundation.WindowsService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 OrbisClient.Services;LabSim Configuration and Security;c:\program files\TestOut\Orbis\OrbisClient.Services.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\iPhone Demo Content]
2012-05-22 16:59 1224454005 ----a-w- c:\ios\ATT_User_Content_v711.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-23 15:29]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-23 15:29]
.
.
------- Supplementary Scan -------
.
uStart Page = https://tlgposdotcom.cingular.com/v2/Login.html
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{351073DC-E03C-4810-968B-5AA3262401F4}: NameServer = 172.26.38.1 172.26.38.2
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - hxxps://mydlink.com/8D/activeX//aplugLiteDL.cab
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://173.188.132.188:81/WebClient.cab
FF - ProfilePath - c:\users\IndianTrailMiddle\AppData\Roaming\Mozilla\Firefox\Profiles\xdii0pc3.default\
FF - ExtSQL: 2012-09-11 09:29; {1E73965B-8B48-48be-9C8D-68B920ABC1C4}; c:\program files\AVG\AVG2012\Firefox4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\mqsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-10-25 17:37:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-25 21:37
ComboFix2.txt 2012-10-23 23:31
.
Pre-Run: 187,479,752,704 bytes free
Post-Run: 187,336,724,480 bytes free
.
- - End Of File - - 2C5AD480DD885167384E0D35279BDA72



Only problem I seem to have is I have uninstalled AVG twice but it still appears on my list of programs

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:32 AM

Posted 25 October 2012 - 04:53 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Ask Toolbar
Java™ 6 Update 30
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Edited by gringo_pr, 25 October 2012 - 04:53 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users